[131789] in cryptography@c2.net mail archive
Re: Decimal encryption
daemon@ATHENA.MIT.EDU (Jonathan Katz)
Wed Aug 27 16:15:39 2008
Date: Wed, 27 Aug 2008 16:10:51 -0400 (EDT)
From: Jonathan Katz <jkatz@cs.umd.edu>
To: cryptography@metzdowd.com
In-Reply-To: <20080827151936.E038155B6F5@kilo.rtfm.com>
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
---559023410-1804928587-1219867851=:1798
Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: QUOTED-PRINTABLE
On Wed, 27 Aug 2008, Eric Rescorla wrote:
> At Wed, 27 Aug 2008 17:05:44 +0200,
> Philipp G=FChring wrote:
>>
>> Hi,
>>
>> I am searching for symmetric encryption algorithms for decimal strings.
>>
>> Let's say we have various 40-digit decimal numbers:
>> 2349823966232362361233845734628834823823
>> 3250920019325023523623692235235728239462
>> 0198230198519248209721383748374928601923
>>
>> As far as I calculated, a decimal has the equivalent of about 3,3219
>> bits, so with 40 digits, we have about 132,877 bits.
>>
>> Now I would like to encrypt those numbers in a way that the result is a
>> decimal number again (that's one of the basic rules of symmetric
>> encryption algorithms as far as I remember).
>>
>> Since the 132,877 bits is similar to 128 bit encryption (like eg. AES),
>> I would like to use an algorithm with a somewhat comparable strength to =
AES.
>> But the problem is that I have 132,877 bits, not 128 bits. And I can't
>> cut it off or enhance it, since the result has to be a 40 digit decimal
>> number again.
>>
>> Does anyone know a an algorithm that has reasonable strength and is able
>> to operate on non-binary data? Preferrably on any chosen number-base?
>
> There are a set of techniques that allow you to encrypt elements of
> arbitrary sets back onto that set.
>
> The original paper on this is:
> John Black and Phillip Rogaway. Ciphers with arbitrary ?nite domains. In
> CT-RSA, pages 114?130, 2002.
But he probably wants an encryption scheme, not a cipher.
Also, correct me if I am wrong, but Black and Rogaway's approach is not=20
efficient for large domains. But if you use their approach for small=20
domains then you open yourself up to dictionary attacks.
> For a modern proposal to make this a NIST mode, see:
> http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ffsem/=
ffsem-spec.pdf
>
> -Ekr
>
> Full Disclosure: Terence Spies, the author of the FFSEM proposal,
> works for Voltage, Voltage has a product based on this technology.
> and I'm on Voltage's TAB and have done some work for them.
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.c=
om
>
---559023410-1804928587-1219867851=:1798--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
