[rc5] keyspace flaw

Benedikt Eric Heinen beh at icemark.ch
Thu May 29 12:30:37 EDT 1997


> >Now, can anybody round here prove, that we're the fastest of the
> >competing groups? I mean, is there even a way to know which groups are
> >competing (I do not refer to the email groups within our effort, but
> >groups independent of bovine)?
> No one else that we know of are actively working on RC5-56 other than us.
> Note that the DES contests are different from this effort..

OK, let me add to the case:

  a) we *assume* there is no other effort running - which isn't sure
     though. So, there *could* be others - Even though, I have to admit,
     that if there is another effort, which we haven't heard about, than
     this effort is most likely slower - since those people couldn't have
     'recruited' CPU cycles without spreading the word of their effort...

  b) I'd assume, that at least, the *WILL* be other competing efforts 
     sooner or later, and if we still supply keys sequentially, it'll be
     easy for others to see, which keys they can skip, by just marking 
     the lowest 1.5% of the possible keys as checked (without spending
     any CPU cycles on verifying that -- and bovine has already spent
     quite a few cycles).
     Even worse, a new effort could just add a little up to what we
     have at the moment at a very low chance that they skipped the
     real key and stay before us, so we'd only start checking keys 
     the other efforts did, i.e. if another effort would be starting
     now at a computing speed similar to the bovine effort, it would
     be a good move for them, not to check the lowest 1.5% of all keys
     (we already did that for them), and even worse, start of by leaving 
     the lowest 4% of the possible keys out - which would leave us a
     chance of finding the key in the currently 2.5% in between, but
     would later leave us back at a 'safe' distance between our efforts
     (by the time we have examined the low 4% of the keys, they'd be at
     the 6.5% mark - and we'd just be following...

    
If we start using random block distribution now, that'd mean any possible
competing party cannot gain from what we do (unless they have access to
the log on bovine).


so much for my $0.02...


  Benedikt

signoff

          Hiroshima '45           Chernobyl '86           Windows '95

----
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.



More information about the rc5 mailing list