[Cryptography] Random permutation model for encryption as a teaching tool?

Sandy Harris sandyinchina at gmail.com
Fri Oct 26 23:04:29 EDT 2018

John Denker via cryptography <cryptography at metzdowd.com> wrote:

> > I'm teaching a class on IT security generally,

Best book I know:

> > and crypto plays not a small part in it.
>> The original lecture had a lot of historical context ...

I'd be inclined to treat transposition & substitution briefly & go from
them to confusion & diffusion, then modern ciphers. I think both
the key-chooses-a-permutation model & the SP network design
go back to Shannon. Cover those briefly, then Feistel & DES,
(round function is an SPN), finally a bit about AES.

An encyclopedia article that is largely my writing is far from
complete, but I think a reasonable example of a logical

> Any crypto *system* worthy of the name doesn't just substitute
> blocks according to a fixed permutation, but uses a different
> permutation for each block in the message.  This is where IVs
> and chaining modes come in. ...
> I've often said you really want a new key for each block.
> ChaCha can be very cheaply rekeyed from scratch, which is a
> virtue.  Typical chaining modes are a quick-and-dirty way
> of getting approximately what you want, without the cost of
> fully rekeying the underlying block cipher component, but
> I've never been completely happy with this.

Nor I. My Enchilada submission to the CAESAR authenticated cipher
competition has a possible solution. Run a block cipher (AES) in a
variant of counter mode to get a stream cipher. Embed the block cipher
in an XOR-permutation-XOR structure (proven secure by Even & Mansour)
with another stream cipher (ChaCha) generating a new XOR key per block
cipher block.


Enchilada did not make it out of the first round of the competition.

More information about the cryptography mailing list