[19359] in cryptography@c2.net mail archive
RE: another feature RNGs could provide
daemon@ATHENA.MIT.EDU (Anton Stiglic)
Thu Dec 22 11:28:43 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Anton Stiglic" <astiglic@okiok.com>
To: "'Perry E. Metzger'" <perry@piermont.com>,
"'Ben Laurie'" <ben@algroup.co.uk>
Cc: <cryptography@metzdowd.com>
Date: Wed, 21 Dec 2005 19:56:14 -0500
In-Reply-To: <87u0d2cmps.fsf@snark.piermont.com>
>Actually, by definition, a cipher should be a permutation from the set
>of plaintexts to the set of ciphertexts. It has to be 1 to 1 bijective
>or it isn't an encryption algorithm.
>
>Therefore, if you want an ergodic sequence of size 2^N, a counter
>encrypted under an N bit block cipher will do it.
>
>Perry
Yes, and the set of keys define a subset of all of the possible permutations
(working on the same size input as the block cipher). The set of all
permutations is a group, but a subset of that is not necessarily a subgroup.
Most security proofs of modes of operations, and others, model a block
cipher as a random permutation.
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
