AES-128 keys unique for fixed plaintext/ciphertext pair?
Ed Gerck
egerck at nma.com
Wed Feb 19 17:18:13 EST 2003
Anton Stiglic wrote:
> > The statement was for a plaintext/ciphertext pair, not for a random-bit/
> > random-bit pair. Thus, if we model it terms of a bijection on random-bit
> > pairs, we confuse the different statistics for plaintext, ciphertext, keys
> and
> > we include non-AES bijections.
>
> While your reformulation of the problem is interesting, the initial question
> was regarding plaintext/ciphertext pairs, which usually just refers to the
> pair
> of elements from {0,1}^n, {0,1}^n, where n is the block cipher length.
The previous considerations hinted at but did not consider that a
plaintext/ciphertext pair is not only a random bit pair.
Also, if you consider plaintext to be random bits you're considering a very
special -- and least used -- subset of what plaintext can be. And, it's a
much easier problem to securely encrypt random bits.
The most interesting solution space for the problem, I submit, is in the
encryption of human-readable text such as English, for which the previous
considerations I read in this list do not apply, and provide a false sense of
strength. For this case, the proposition applies -- when qualified for the
unicity.
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list