[Cryptography] Random permutation model for encryption as a teaching tool?
Stephan Neuhaus
stephan.neuhaus at zhaw.ch
Mon Oct 15 10:38:40 EDT 2018
Dear list,
I'm teaching a class on IT security generally, and crypto plays not a
small part in it. The original lecture had a lot of historical context
and explained monalphabetic ciphers, simple polyalphabetic ciphers and
transposition ciphers in great detail, and then went rather abruptly to
AES, which could not be explained on that level any more.
Since the students only need to understand the *properties* of modern
ciphers but not the details of their *construction*, and also since the
detailed treatment of historical ciphers and their cryptanalysis had
some students derive wrong ideas (e.g., being able to break AES by
frequency analysis), I was looking for another way to explain modern
ciphers to students in a way that would give them a useful mental model.
I came upon the random permutation model of ciphers. In this model,
given a set P of possible plaintexts, and a set C of possible
ciphertexts, a key selects a random permutation from P to C (and
therefore |P| = |C|). This model is of course not an invention of mine;
it's present in the Wikipedia page on block ciphers for example.
However, the set of possible n-bit keys contains only 2^n elements,
whereas there are (2^b)! possible permutations of b-bit blocks, which is
obviously vastly more if b is of the same order as n. Furthermore, not
all permutations are good for block ciphers; e.g. those that have many
fixed points (and most random permutations will have at least one) are
evidently not well suited.
So the question is, is this a good model *for teaching*? It doesn't have
to lead to theorems, and it may even be slightly inaccurate, as long as
it prevents students from getting entirely wrong ideas à la breaking AES
with frequency analysis. I personally find it useful, but I have no idea
what the students will think. Do you use other models?
Fun,
Stephan
More information about the cryptography
mailing list