Decimal encryption
Jonathan Katz
jkatz at cs.umd.edu
Wed Aug 27 16:10:51 EDT 2008
On Wed, 27 Aug 2008, Eric Rescorla wrote:
> At Wed, 27 Aug 2008 17:05:44 +0200,
> Philipp Gühring wrote:
>>
>> Hi,
>>
>> I am searching for symmetric encryption algorithms for decimal strings.
>>
>> Let's say we have various 40-digit decimal numbers:
>> 2349823966232362361233845734628834823823
>> 3250920019325023523623692235235728239462
>> 0198230198519248209721383748374928601923
>>
>> As far as I calculated, a decimal has the equivalent of about 3,3219
>> bits, so with 40 digits, we have about 132,877 bits.
>>
>> Now I would like to encrypt those numbers in a way that the result is a
>> decimal number again (that's one of the basic rules of symmetric
>> encryption algorithms as far as I remember).
>>
>> Since the 132,877 bits is similar to 128 bit encryption (like eg. AES),
>> I would like to use an algorithm with a somewhat comparable strength to AES.
>> But the problem is that I have 132,877 bits, not 128 bits. And I can't
>> cut it off or enhance it, since the result has to be a 40 digit decimal
>> number again.
>>
>> Does anyone know a an algorithm that has reasonable strength and is able
>> to operate on non-binary data? Preferrably on any chosen number-base?
>
> There are a set of techniques that allow you to encrypt elements of
> arbitrary sets back onto that set.
>
> The original paper on this is:
> John Black and Phillip Rogaway. Ciphers with arbitrary ?nite domains. In
> CT-RSA, pages 114?130, 2002.
But he probably wants an encryption scheme, not a cipher.
Also, correct me if I am wrong, but Black and Rogaway's approach is not
efficient for large domains. But if you use their approach for small
domains then you open yourself up to dictionary attacks.
> For a modern proposal to make this a NIST mode, see:
> http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ffsem/ffsem-spec.pdf
>
> -Ekr
>
> Full Disclosure: Terence Spies, the author of the FFSEM proposal,
> works for Voltage, Voltage has a product based on this technology.
> and I'm on Voltage's TAB and have done some work for them.
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
>
More information about the cryptography
mailing list