AES-128 keys unique for fixed plaintext/ciphertext pair?

Ed Gerck egerck at
Wed Feb 19 17:18:13 EST 2003

Anton Stiglic wrote:

> > The statement was for a plaintext/ciphertext pair, not for a random-bit/
> > random-bit pair. Thus, if we model it terms of a bijection on random-bit
> > pairs, we confuse the different statistics for plaintext, ciphertext, keys
> and
> > we include non-AES bijections.
> While your reformulation of the problem is interesting, the initial question
> was regarding plaintext/ciphertext pairs, which usually just refers to the
> pair
> of elements from {0,1}^n, {0,1}^n, where n is the block cipher length.

The previous considerations hinted at but did not consider that a
plaintext/ciphertext pair is not only a random bit pair.

Also, if you consider plaintext to be random bits you're considering a very
special -- and least used -- subset of what plaintext can be. And, it's a
much easier problem to securely encrypt random bits.

The most interesting solution space for the problem, I submit, is in the
encryption of human-readable text such as English, for which the previous
considerations I read in this list do not apply, and provide a false sense of
strength. For this case, the proposition applies -- when qualified for  the

Ed Gerck

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list