Trusted SF Member
Joined: 17 Apr 2003
Location: Asheville, NC, US / Uberlāndia, MG, Brazil
|Posted: Wed Jul 28, 2004 10:59 pm Post subject: Guidelines for Proposing Challenges and New Designs.
As of Thursday, July 29th, 2004, a system of guidelines will be issued for those who wish to post challenges related to trivial, classical ciphers, and those who wish to propose new, practical designs for modern ciphers. To ensure that these are "security-oriented" posts, we kindly ask that you follow the appropriate system of rules. We've devised these rules for the sole purpose of supporting the exercise of cryptanalytical methodology, from a cryptographer's point of view.
Challenges for trivial, classical ciphers:
- Mathematical outline of the cipher - that's right; no posts with a request to crack disorganized chunks of ciphertext. It is vital that you provide descriptive routines for how the encryption and decryption functions operate, including a sufficient amount of ciphertext to analyze, in conjunction with analysis of the cipher itself.
- Proper description - be concise, yet integral; to support the mathematical outline, it is necessary that you properly describe the technique utilized, so that the ciphertext can be analyzed from the most appropriate angle.
Proposals for practical, modern ciphers:
- White paper(s) outlining the algorithm - be extremely precise; every minor and major detail of the cryptographic primitive should be properly described within the confinement of this document. This document should house the mathematical structure, acceptable parameters, and design rationale behind the proposed algorithm. You can't be slack, when it comes to a white paper. This requires the most effort. Theoretical, practical, methodological, and philosophical securities should be discussed here. The criteria for proposing a modern cipher are incredibly demanding.
- Concise overview and design rationale - this should be the simple part; provide a brief overview of the proposed cipher, along with the design rationale, which includes your motivation for constructing such a design and the security and implementation aspects it intends to address.
When available and where applicable:
- Source code and testing vectors - when available; in other words, if you have successfully implemented your algorithm, it's in good taste to include legible source course, along with sufficient testing vectors for the verification of proper functionality. This is optional, but highly recommended.
This system of rules is quite generous, and a minimum prerequisite in the eyes of a cryptographer or cryptanalyst. This allows the promotion of cryptanalysis to exist, the way it should exist, without the forum becoming stagnant with vague requests and poorly-prepared challenges. After all, we wish to promote pro-active security philosophies - not become a repository for pointless contests. It's about consuming knowledge - not time.
Once again, we value your cooperation in maintaining the organization and unique nature of Security Forums Dot Com.