Travis H. wrote:
> On 12/21/05, Perry E. Metzger <[EMAIL PROTECTED]> wrote:
>>> Good ciphers aren't permutations, though, are they? Because if they
>>> were, they'd be groups, and that would be bad.
>> Actually, by definition, a cipher should be a permutation from the set
>> of plaintexts to the set of ciphertexts. It has to be 1 to 1 bijective
>> or it isn't an encryption algorithm.
> Isn't the question people normally care about whether encryption over
> all keys is closed or not, and only relevant if you're trying to
> increase the keyspace through multiple encryption?
> The other day I was thinking of using a very large key to select a
> permutation at random from the symmetric group S_(2^x).  That would be
> a group, but I don't see how you knowing that I'm using a random
> permutation would help you at all.

Having shot myself in the foot once already, I've hesitated over
responding to this, but...

Surely if you do this, then there's a meet-in-the middle attack: for a
plaintext/ciphertext pair, P, C, I choose random keys to encrypt P and
decrypt C. If E_A(P)=D_B(C), then your key was A.B, which reduces the
strength of your cipher from 2^x to 2^(x/2)?



**  ApacheCon - Dec 10-14th - San Diego - **
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to