![]() | This article has not yet been rated on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||
|
![]() | VEST received a peer review by Wikipedia editors, which is now archived. It may contain ideas you can use to improve this article. |
Intgr asked below "Do either of you [ed. Benjamin, Sean (also known as Ruptor)] have any evidence to support your claims?". It came to my attention recently that people were still accessing this old Wikipedia VEST Discussion page. To remove all doubt about whether the bijective cores of the VEST ciphers are patentable or not, and ownership of the VEST Intellectual Property, please see Granted European Patent EP 1820295(B1) owned by Synaptic Laboratories Limited.
Benjamin Gittins ( talk) 16:52, 15 November 2009 (UTC)
To Synaptic Laboratories Limited and to Benjamin Gittins: Wikipedia is an encyclopedia, for everyone to edit and to create objective neutral articles. If you want to express your own opinion, to advertise your company or to attack me personally, please do it in your own blog or on your company web site. Ruptor 01:23, 25 April 2007 (UTC)
To: whoever removed my note about the attack and to everyone else reading this, the attack paper does in fact incorrectly claim that it can recover the key faster than the parallel brute-force or general TM trade-off. I have never disputed the attack's validity, although it also incorrectly claims to be breaking MAC while the MAC is in fact calculated in the AE mode and is not using the hashing mode affected by this attack since the second phase of the competition. The attackers should have called it an attack breaking ProVEST MAC or VEST hashing mode. Recovery of 53 bits of the state is a valid attack of academic interest, but the authors claim to be able to recover the key faster than the brute-force which is not true. See the abstract: "The 53 bits retrieved reduce the complexity of the exhaustive key search by 53 bits" and compare it with the section 5.3 Complexity - "This attack recovers the key used by the cipher in 2max(F/2+4,F-53) time and 2F/2-4 memory", where F is the key length in bits). The paper does need to be corrected, so there was no need to accuse me of bad sportsmanship for pointing out those obvious mistakes. Even a collision on the IVs alone is bad enough for a cipher. I must also add that I do not agree with or approve anything stated by Synaptic Laboratories Ltd. BVI, which I am not a part of, even if they are using my name. So if anyone has any problems with VEST, take it up with me. I don't want to hear about Synaptic or their claims.
In a private conversation with the attack author during SASC 2007, he admitted that the correct cipher is not affected by his attack at all, that the attack merely exploits non-bijective operation of the counter diffusor that shouldn't have been there in the first place. I have personally told Antoine Joux on the 18th of January about the typo and I have e-mailed both authors on the 19th of January but they did not bother mentioning it or what difference it makes to their attack although they confirmed receiving my e-mail and seeing the phorum post. It took them a year and a half to find that collision? Come on! It takes 5 minutes to check the counter diffusor for bijective processing of the IV bis, after which I'd expect any decent scientist to contact the authors privately or publicly asking why they claim that every single component in the cipher is bijective. Not doing it is what bad sportsmanship is. I am also surprised that no one else had noticed it for such a long time! Kudos to the eSTREAM competition! It shows once again the importance of public cryptanalysis. A one-digit typo can cause so much trouble...
I want to see more attack papers proposing solutions so we could make better ciphers. How many rounds of the MD4 are actually secure? MD5? SHA-0/1/2? Which round functions are stronger? What could fix ABC? Py? Grain? Trivium? Hermes8?
Ruptor 17:10, 7 February 2007 (UTC)
Synaptic Laboratories Limited have made a significant revision to the VEST Wikipedia page in response to false and/or misleading statements that have entered the page since our last editing. We have strived to maintain a NPoV in our revision and have made use of extensive verifiable references. (The page was updated in multiple sections due to technical problems submitting the page as a complete article.) We comment below on the primary modifications to the page:
Synaptic Laboratories Limited regrets any inconvenience caused to readers by the necessity of using its correct corporate name in full. i.e. "Synaptic Laboratories Limited" or "Synaptic Laboratories Ltd".
Benjamin Gittins 12:56, 20 April 2007 (UTC)
![]() | This article has not yet been rated on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||
|
![]() | VEST received a peer review by Wikipedia editors, which is now archived. It may contain ideas you can use to improve this article. |
Intgr asked below "Do either of you [ed. Benjamin, Sean (also known as Ruptor)] have any evidence to support your claims?". It came to my attention recently that people were still accessing this old Wikipedia VEST Discussion page. To remove all doubt about whether the bijective cores of the VEST ciphers are patentable or not, and ownership of the VEST Intellectual Property, please see Granted European Patent EP 1820295(B1) owned by Synaptic Laboratories Limited.
Benjamin Gittins ( talk) 16:52, 15 November 2009 (UTC)
To Synaptic Laboratories Limited and to Benjamin Gittins: Wikipedia is an encyclopedia, for everyone to edit and to create objective neutral articles. If you want to express your own opinion, to advertise your company or to attack me personally, please do it in your own blog or on your company web site. Ruptor 01:23, 25 April 2007 (UTC)
To: whoever removed my note about the attack and to everyone else reading this, the attack paper does in fact incorrectly claim that it can recover the key faster than the parallel brute-force or general TM trade-off. I have never disputed the attack's validity, although it also incorrectly claims to be breaking MAC while the MAC is in fact calculated in the AE mode and is not using the hashing mode affected by this attack since the second phase of the competition. The attackers should have called it an attack breaking ProVEST MAC or VEST hashing mode. Recovery of 53 bits of the state is a valid attack of academic interest, but the authors claim to be able to recover the key faster than the brute-force which is not true. See the abstract: "The 53 bits retrieved reduce the complexity of the exhaustive key search by 53 bits" and compare it with the section 5.3 Complexity - "This attack recovers the key used by the cipher in 2max(F/2+4,F-53) time and 2F/2-4 memory", where F is the key length in bits). The paper does need to be corrected, so there was no need to accuse me of bad sportsmanship for pointing out those obvious mistakes. Even a collision on the IVs alone is bad enough for a cipher. I must also add that I do not agree with or approve anything stated by Synaptic Laboratories Ltd. BVI, which I am not a part of, even if they are using my name. So if anyone has any problems with VEST, take it up with me. I don't want to hear about Synaptic or their claims.
In a private conversation with the attack author during SASC 2007, he admitted that the correct cipher is not affected by his attack at all, that the attack merely exploits non-bijective operation of the counter diffusor that shouldn't have been there in the first place. I have personally told Antoine Joux on the 18th of January about the typo and I have e-mailed both authors on the 19th of January but they did not bother mentioning it or what difference it makes to their attack although they confirmed receiving my e-mail and seeing the phorum post. It took them a year and a half to find that collision? Come on! It takes 5 minutes to check the counter diffusor for bijective processing of the IV bis, after which I'd expect any decent scientist to contact the authors privately or publicly asking why they claim that every single component in the cipher is bijective. Not doing it is what bad sportsmanship is. I am also surprised that no one else had noticed it for such a long time! Kudos to the eSTREAM competition! It shows once again the importance of public cryptanalysis. A one-digit typo can cause so much trouble...
I want to see more attack papers proposing solutions so we could make better ciphers. How many rounds of the MD4 are actually secure? MD5? SHA-0/1/2? Which round functions are stronger? What could fix ABC? Py? Grain? Trivium? Hermes8?
Ruptor 17:10, 7 February 2007 (UTC)
Synaptic Laboratories Limited have made a significant revision to the VEST Wikipedia page in response to false and/or misleading statements that have entered the page since our last editing. We have strived to maintain a NPoV in our revision and have made use of extensive verifiable references. (The page was updated in multiple sections due to technical problems submitting the page as a complete article.) We comment below on the primary modifications to the page:
Synaptic Laboratories Limited regrets any inconvenience caused to readers by the necessity of using its correct corporate name in full. i.e. "Synaptic Laboratories Limited" or "Synaptic Laboratories Ltd".
Benjamin Gittins 12:56, 20 April 2007 (UTC)