another feature RNGs could provide
Ben Laurie
ben at algroup.co.uk
Mon Dec 26 07:51:37 EST 2005
Travis H. wrote:
> On 12/21/05, Perry E. Metzger <perry at piermont.com> wrote:
>>> Good ciphers aren't permutations, though, are they? Because if they
>>> were, they'd be groups, and that would be bad.
>> Actually, by definition, a cipher should be a permutation from the set
>> of plaintexts to the set of ciphertexts. It has to be 1 to 1 bijective
>> or it isn't an encryption algorithm.
>
> Isn't the question people normally care about whether encryption over
> all keys is closed or not, and only relevant if you're trying to
> increase the keyspace through multiple encryption?
>
> The other day I was thinking of using a very large key to select a
> permutation at random from the symmetric group S_(2^x). That would be
> a group, but I don't see how you knowing that I'm using a random
> permutation would help you at all.
Having shot myself in the foot once already, I've hesitated over
responding to this, but...
Surely if you do this, then there's a meet-in-the middle attack: for a
plaintext/ciphertext pair, P, C, I choose random keys to encrypt P and
decrypt C. If E_A(P)=D_B(C), then your key was A.B, which reduces the
strength of your cipher from 2^x to 2^(x/2)?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
** ApacheCon - Dec 10-14th - San Diego - http://apachecon.com/ **
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list