On 12/26/05, Ben Laurie <[EMAIL PROTECTED]> wrote:
> Surely if you do this, then there's a meet-in-the middle attack: for a
> plaintext/ciphertext pair, P, C, I choose random keys to encrypt P and
> decrypt C. If E_A(P)=D_B(C), then your key was A.B, which reduces the
> strength of your cipher from 2^x to 2^(x/2)?

Almost true.  The cardinality of the symmetric group S_(2^x) is
(2^x)!, so it reduces it from (2^x)! to roughly sqrt((2^x)!).  That's
still a lot.

I suspect this is some information-theoretic limit for x-bit block ciphers.
"Vast emptiness, nothing sacred." -- Bodhidharma -><-
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to