Ben Laurie <[EMAIL PROTECTED]> writes: > Jack Lloyd wrote: >> On Mon, Dec 12, 2005 at 12:20:26AM -0600, Travis H. wrote: >>> 2) While CTR mode with a random key is sufficient for creating a >>> permutation of N-bit blocks for a fixed N, is there a general-purpose >>> way to create a N-bit permutation, where N is a variable? How about >>> picking a cryptographically strong permutation on N elements, where N >>> is not necessarily a power of 2? >> >> Use can use the Bear or Lion constructions to form 2^{arbitrary} bit block >> ciphers quite easily. > > Good ciphers aren't permutations, though, are they? Because if they > were, they'd be groups, and that would be bad.

Actually, by definition, a cipher should be a permutation from the set of plaintexts to the set of ciphertexts. It has to be 1 to 1 bijective or it isn't an encryption algorithm. Therefore, if you want an ergodic sequence of size 2^N, a counter encrypted under an N bit block cipher will do it. Perry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]