another feature RNGs could provide
Matt Crawford
crawdad at fnal.gov
Wed Dec 21 14:48:11 EST 2005
On Dec 21, 2005, at 0:10, Ben Laurie wrote:
> Good ciphers aren't permutations, though, are they? Because if they
> were, they'd be groups, and that would be bad.
A given cipher, with a given key, is a permutation of blocks.
(Assuming output blocks and input blocks are the same size.) It may
be (and often is) the case that the set of all keys does not span the
set of all possible permutations, in which case the permutations
{ E_k() | k in set of all keys }
may or may not turn out to be a group.
For blocks of n bits and keys of m bits, there are n! permutations
but 2^m of them are representable by some key. If m = n, this is a
fraction roughly equal to
(2e/n)^n
About 10^-70 for n=64. I don't know the probability of a randomly
selected subset of a permutation group being a group, but at these
scales, I bet it's small.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list