In order to create a good (block) cipher, one needs a (sort of) good (stream) cipher for the key expansion step. This seems a chicken-and-egg problem.
I wonder if we'll see cryptanalysis someday saying the strength of the cipher as a whole is only as good as the key expansion step. Probably not, or we would have seen a lot more broken ciphers already.
If I use AES as my key expansion function, I'm guessing I can use an extremely weak round function.
No comments :
Post a Comment