[19434] in cryptography@c2.net mail archive
Re: another feature RNGs could provide
daemon@ATHENA.MIT.EDU (Ben Laurie)
Tue Dec 27 17:00:38 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 26 Dec 2005 12:51:37 +0000
From: Ben Laurie <ben@algroup.co.uk>
To: "Travis H." <solinym@gmail.com>
Cc: "Perry E. Metzger" <perry@piermont.com>,
cryptography@metzdowd.com
In-Reply-To: <d4f1333a0512220156t5a8a99bdj3af02940c198872a@mail.gmail.com>
Travis H. wrote:
> On 12/21/05, Perry E. Metzger <perry@piermont.com> wrote:
>>> Good ciphers aren't permutations, though, are they? Because if they
>>> were, they'd be groups, and that would be bad.
>> Actually, by definition, a cipher should be a permutation from the set
>> of plaintexts to the set of ciphertexts. It has to be 1 to 1 bijective
>> or it isn't an encryption algorithm.
>
> Isn't the question people normally care about whether encryption over
> all keys is closed or not, and only relevant if you're trying to
> increase the keyspace through multiple encryption?
>
> The other day I was thinking of using a very large key to select a
> permutation at random from the symmetric group S_(2^x). That would be
> a group, but I don't see how you knowing that I'm using a random
> permutation would help you at all.
Having shot myself in the foot once already, I've hesitated over
responding to this, but...
Surely if you do this, then there's a meet-in-the middle attack: for a
plaintext/ciphertext pair, P, C, I choose random keys to encrypt P and
decrypt C. If E_A(P)=D_B(C), then your key was A.B, which reduces the
strength of your cipher from 2^x to 2^(x/2)?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
** ApacheCon - Dec 10-14th - San Diego - http://apachecon.com/ **
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
