Path: illuminati.io.com!uunet!news.mathworks.com!hookup!uwm.edu!cs.utexas.edu! + swrinde!pipex!sunsite.doc.ic.ac.uk!lyra.csx.cam.ac.uk!news From: Andrew HaleyNewsgroups: sci.crypt.research Subject: SAFER K-64 Date: 30 Nov 1994 14:35:29 GMT Organization: None Lines: 17 Approved: crypt@cs.aukuni.ac.nz Message-ID: <3bi2jh$drk@lyra.csx.cam.ac.uk> NNTP-Posting-Host: enigma.cl.cam.ac.uk In _Fast Software Encryption_, James Massey proposes a block cipher which uses FFT-like permutations combined with 8 -> 8-bit S-boxes derived from the function n -> (45^n mod 257). The idea of using the FFT-like permutations for rapid diffusion is rather nice, but the choice of the S-box is a bit of an enigma. Granted, this function is highly nonlinear with respect to 8 bit XOR, but wouldn't a "near-bent" function without the unfortunate properties of this S-box be a better choice? For example, S(i+j) = S(i)*S(j). Is there any really strong reason for the chice of this function? Andrew. Ref: SAFER K-64, A Byte-Oriented Block Ciphering Algorithm, pp 1-17 in Fast Software Encryption, ed. Ross Anderson, Springer-Verlag 1994.