Matt Crawford wrote:
> On Dec 21, 2005, at 0:10, Ben Laurie wrote:
>> Good ciphers aren't permutations, though, are they? Because if they
>> were, they'd be groups, and that would be bad.
> A given cipher, with a given key, is a permutation of blocks.  (Assuming
> output blocks and input blocks are the same size.)  It may be (and often
> is) the case that the set of all keys does not span the set of all
> possible permutations, in which case the permutations
>   { E_k() | k in set of all keys }
> may or may not turn out to be a group.
> For blocks of n bits and keys of m bits, there are n! permutations but
> 2^m of them are representable by some key.  If m = n, this is a fraction
> roughly equal to
>   (2e/n)^n
> About 10^-70 for n=64.  I don't know the probability of a randomly
> selected subset of a permutation group being a group, but at these
> scales, I bet it's small.

Must try not to post to crypto when I'm jetlagged! I had my wires
crossed here, what's bad is when the keys form a group, of course (as
others have also pointed out).

**  ApacheCon - Dec 10-14th - San Diego - **
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to