Re: Decimal encryption

```On Wed, 27 Aug 2008, Eric Rescorla wrote:

```
```At Wed, 27 Aug 2008 17:05:44 +0200,
Philipp Gühring wrote:
```
```
Hi,

I am searching for symmetric encryption algorithms for decimal strings.

Let's say we have various 40-digit decimal numbers:
2349823966232362361233845734628834823823
3250920019325023523623692235235728239462
0198230198519248209721383748374928601923

As far as I calculated, a decimal has the equivalent of about 3,3219
bits, so with 40 digits, we have about 132,877 bits.

Now I would like to encrypt those numbers in a way that the result is a
decimal number again (that's one of the basic rules of symmetric
encryption algorithms as far as I remember).

Since the 132,877 bits is similar to 128 bit encryption (like eg. AES),
I would like to use an algorithm with a somewhat comparable strength to AES.
But the problem is that I have 132,877 bits, not 128 bits. And I can't
cut it off or enhance it, since the result has to be a 40 digit decimal
number again.

Does anyone know a an algorithm that has reasonable strength and is able
to operate on non-binary data? Preferrably on any chosen number-base?
```
```
There are a set of techniques that allow you to encrypt elements of
arbitrary sets back onto that set.

The original paper on this is:
John Black and Phillip Rogaway. Ciphers with arbitrary ?nite domains. In
CT-RSA, pages 114?130, 2002.
```
```
But he probably wants an encryption scheme, not a cipher.

```
Also, correct me if I am wrong, but Black and Rogaway's approach is not efficient for large domains. But if you use their approach for small domains then you open yourself up to dictionary attacks.
```
```
```For a modern proposal to make this a NIST mode, see:
http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ffsem/ffsem-spec.pdf

-Ekr

Full Disclosure: Terence Spies, the author of the FFSEM proposal,
works for Voltage, Voltage has a product based on this technology.
and I'm on Voltage's TAB and have done some work for them.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
```