[Cryptography] Random permutation model for encryption as a teaching tool?

james hughes hughejp at me.com
Mon Oct 15 14:37:49 EDT 2018

> On Oct 15, 2018, at 7:38 AM, Stephan Neuhaus <stephan.neuhaus at zhaw.ch> wrote:
> I'm teaching a class on IT security
> I came upon the random permutation model of ciphers. 
> However, the set of possible n-bit keys contains only 2^n elements, whereas there are (2^b)! possible permutations of b-bit blocks, which is obviously vastly more if b is of the same order as n. Furthermore, not all permutations are good for block ciphers; e.g. those that have many fixed points (and most random permutations will have at least one) are evidently not well suited.

Block ciphers are indeed random permutations. Yes, for a given key k there is usually one element where e_k(x)=x. 

> So the question is, is this a good model *for teaching*? It doesn't have to lead to theorems, and it may even be slightly inaccurate, as long as it prevents students from getting entirely wrong ideas à la breaking AES with frequency analysis. I personally find it useful, but I have no idea what the students will think. Do you use other models?

AES is not a very approachable block cipher to teach. DES is better (being it is Feistel) but my favorite block cipher teaching algorithm is Simon since it is (in my opinion) a real cipher whose parameters go from trivial to the size of AES.

The 32bit block version of Simon is trivial to explore the cycles.

Another teaching point could be to replace Simon's single & in the round function with xor to create an algorithm (I call SimpleSimon) that is not secure. Retains all the diffusion but none of the confusion.

This might be too much for a IT security class.


More information about the cryptography mailing list