On Dec 21, 2005, at 0:10, Ben Laurie wrote:
Good ciphers aren't permutations, though, are they? Because if they
were, they'd be groups, and that would be bad.
A given cipher, with a given key, is a permutation of blocks.
(Assuming output blocks and input blocks are the same size.) It may
be (and often is) the case that the set of all keys does not span the
set of all possible permutations, in which case the permutations
{ E_k() | k in set of all keys }
may or may not turn out to be a group.
For blocks of n bits and keys of m bits, there are n! permutations
but 2^m of them are representable by some key. If m = n, this is a
fraction roughly equal to
(2e/n)^n
About 10^-70 for n=64. I don't know the probability of a randomly
selected subset of a permutation group being a group, but at these
scales, I bet it's small.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
