[19439] in cryptography@c2.net mail archive
Re: another feature RNGs could provide
daemon@ATHENA.MIT.EDU (Travis H.)
Tue Dec 27 17:16:58 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 27 Dec 2005 03:26:59 -0600
From: "Travis H." <solinym@gmail.com>
To: Ben Laurie <ben@algroup.co.uk>
Cc: "Perry E. Metzger" <perry@piermont.com>,
cryptography@metzdowd.com
In-Reply-To: <43AFE759.9000409@algroup.co.uk>
On 12/26/05, Ben Laurie <ben@algroup.co.uk> wrote:
> Surely if you do this, then there's a meet-in-the middle attack: for a
> plaintext/ciphertext pair, P, C, I choose random keys to encrypt P and
> decrypt C. If E_A(P)=3DD_B(C), then your key was A.B, which reduces the
> strength of your cipher from 2^x to 2^(x/2)?
Almost true. The cardinality of the symmetric group S_(2^x) is
(2^x)!, so it reduces it from (2^x)! to roughly sqrt((2^x)!). That's
still a lot.
I suspect this is some information-theoretic limit for x-bit block ciphers.
--
http://www.lightconsulting.com/~travis/
"Vast emptiness, nothing sacred." -- Bodhidharma -><-
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
