[19344] in cryptography@c2.net mail archive
Re: another feature RNGs could provide
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Wed Dec 21 13:48:21 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: Ben Laurie <ben@algroup.co.uk>
Cc: cryptography@metzdowd.com
From: "Perry E. Metzger" <perry@piermont.com>
Date: Wed, 21 Dec 2005 13:46:23 -0500
In-Reply-To: <43A8F1E1.80903@algroup.co.uk> (Ben Laurie's message of "Wed,
21 Dec 2005 06:10:41 +0000")
Ben Laurie <ben@algroup.co.uk> writes:
> Jack Lloyd wrote:
>> On Mon, Dec 12, 2005 at 12:20:26AM -0600, Travis H. wrote:
>>> 2) While CTR mode with a random key is sufficient for creating a
>>> permutation of N-bit blocks for a fixed N, is there a general-purpose
>>> way to create a N-bit permutation, where N is a variable? How about
>>> picking a cryptographically strong permutation on N elements, where N
>>> is not necessarily a power of 2?
>>
>> Use can use the Bear or Lion constructions to form 2^{arbitrary} bit block
>> ciphers quite easily.
>
> Good ciphers aren't permutations, though, are they? Because if they
> were, they'd be groups, and that would be bad.
Actually, by definition, a cipher should be a permutation from the set
of plaintexts to the set of ciphertexts. It has to be 1 to 1 bijective
or it isn't an encryption algorithm.
Therefore, if you want an ergodic sequence of size 2^N, a counter
encrypted under an N bit block cipher will do it.
Perry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
