Re: advice sought on key/data histogram analysis of rijndael/128 and serpent

pseudo-code, okay, here we go.

note that there is _no_ PRNG input - i abandoned the
attempts to use a PRNG because i was concerned
that a (bad) PRNG would either introduce patterns
or repeat values, so instead i decided to use "counter"
mode as the initial input.

for k = 1 to 256000
{
   zero(input)
   (*(int*)input) = k; /* sort-of "CTR" mode. */
   for i = 0 to 127
   {
      zero(keybit)
      set_bit(keybit, i)

       for j = 0 to 127
       {
         zero(databit)
         set_bit(databit, j)
         num_fails = analyse_data(5times, input, keybit, databit)
         bitbucket[i][j] += num_fails
       }
   }
}

analyse_data(num_times, input, keybit, databit)
{
    key = copy(keybit)
    data = copy(input)

    for (i = 1 to num_times)
    {
        output = aes_encrypt(key, data)
        key = copy(output)
        data = xor(data, xor(output, databit))
        deviation = deviation_from_average_num_bits(output)
        if p_value(deviation) < 0.01
          num_fails++
    }
    return num_fails;
}

note that i am NOT doing a test which counts the "average number of
bits" and does a histogram, like STS does.

i am taking a note of the NUMBER OF FAILURES. in other words,
i am taking a note of the number of times that the encrypt contains
far more ones or zeros than there normally would be.

i am _not_ analysing the data directly.

i am statistically analysing the p-values (lots and lots of
them. 20 billion p-values, in the case of the
128x128x5x256000 test i ran for 5 hours last night).

very different.

hence my concern.

incidentally, if i perform 20 billion p-value tests, that's
20 billion Rijndael-128 calculations, so that's 2560
billion bits being analysed: there's _probably_ enough
there to get getting on with :)
Received on Mon Oct 17 20:48:36 2005