[19357] in cryptography@c2.net mail archive
Re: another feature RNGs could provide
daemon@ATHENA.MIT.EDU (Matt Crawford)
Thu Dec 22 11:28:03 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 21 Dec 2005 13:48:11 -0600
From: Matt Crawford <crawdad@fnal.gov>
In-reply-to: <43A8F1E1.80903@algroup.co.uk>
To: Ben Laurie <ben@algroup.co.uk>
Cc: cryptography@metzdowd.com
On Dec 21, 2005, at 0:10, Ben Laurie wrote:
> Good ciphers aren't permutations, though, are they? Because if they
> were, they'd be groups, and that would be bad.
A given cipher, with a given key, is a permutation of blocks.
(Assuming output blocks and input blocks are the same size.) It may
be (and often is) the case that the set of all keys does not span the
set of all possible permutations, in which case the permutations
{ E_k() | k in set of all keys }
may or may not turn out to be a group.
For blocks of n bits and keys of m bits, there are n! permutations
but 2^m of them are representable by some key. If m = n, this is a
fraction roughly equal to
(2e/n)^n
About 10^-70 for n=64. I don't know the probability of a randomly
selected subset of a permutation group being a group, but at these
scales, I bet it's small.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
