Decimal encryption

Jonathan Katz jkatz at
Wed Aug 27 16:10:51 EDT 2008

On Wed, 27 Aug 2008, Eric Rescorla wrote:

> At Wed, 27 Aug 2008 17:05:44 +0200,
> Philipp Gühring wrote:
>> Hi,
>> I am searching for symmetric encryption algorithms for decimal strings.
>> Let's say we have various 40-digit decimal numbers:
>> 2349823966232362361233845734628834823823
>> 3250920019325023523623692235235728239462
>> 0198230198519248209721383748374928601923
>> As far as I calculated, a decimal has the equivalent of about 3,3219
>> bits, so with 40 digits, we have about 132,877 bits.
>> Now I would like to encrypt those numbers in a way that the result is a
>> decimal number again (that's one of the basic rules of symmetric
>> encryption algorithms as far as I remember).
>> Since the 132,877 bits is similar to 128 bit encryption (like eg. AES),
>> I would like to use an algorithm with a somewhat comparable strength to AES.
>> But the problem is that I have 132,877 bits, not 128 bits. And I can't
>> cut it off or enhance it, since the result has to be a 40 digit decimal
>> number again.
>> Does anyone know a an algorithm that has reasonable strength and is able
>> to operate on non-binary data? Preferrably on any chosen number-base?
> There are a set of techniques that allow you to encrypt elements of
> arbitrary sets back onto that set.
> The original paper on this is:
> John Black and Phillip Rogaway. Ciphers with arbitrary ?nite domains. In
> CT-RSA, pages 114?130, 2002.

But he probably wants an encryption scheme, not a cipher.

Also, correct me if I am wrong, but Black and Rogaway's approach is not 
efficient for large domains. But if you use their approach for small 
domains then you open yourself up to dictionary attacks.

> For a modern proposal to make this a NIST mode, see:
> -Ekr
> Full Disclosure: Terence Spies, the author of the FFSEM proposal,
> works for Voltage, Voltage has a product based on this technology.
> and I'm on Voltage's TAB and have done some work for them.
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list