[131876] in cryptography@c2.net mail archive
Re: Decimal encryption
daemon@ATHENA.MIT.EDU (Jonathan Katz)
Thu Aug 28 12:27:37 2008
Date: Thu, 28 Aug 2008 11:26:26 -0400 (EDT)
From: Jonathan Katz <jkatz@cs.umd.edu>
To: Hovav Shacham <hovav@cs.stanford.edu>
cc: cryptography@metzdowd.com
In-Reply-To: <325E3418-DFE4-473D-9FBB-F0EB17E2A937@cs.stanford.edu>
X-CSD-MailScanner-From: jkatz@cs.umd.edu
On Wed, 27 Aug 2008, Hovav Shacham wrote:
> ----- "Jonathan Katz" <jkatz@cs.umd.edu> wrote:
>
>> But he probably wants an encryption scheme, not a cipher.
>
> Jon, I'm not sure I understand what you mean.
>
> If I am reading his message correctly, the original poster seems
> to be asking for a format-preserving encryption over a domain
> with 10^40 elements. Format-preserving, it seems to me, implies
> [a family of keyed] functions that are one-to-one and
> deterministic. In other words, the best security we can hope for
> is a PRP on that domain, and this is what B-R gives, starting
> from a PRP over a "somewhat larger" domain.
>
> In this setting, what is the difference between an encryption
> scheme and a cipher?
Yes, I can see this might cause confusion.
Just to clarify: I had emailed the original poster off-line and he
told me that he was willing to use other information already being
sent in the clear as a non-repeating IV. Given this, secure (and, in
particular, non-deterministic) encryption is possible.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
