Consider a cipher in which the key size and block size are equal, such
as AES-128. The key specifies a pseudo-random permutation of the
plaintexts, producing a ciphertext. We know it's a permutation, because
ciphertexts and plaintexts are one-to-one, given a key. It's not
necessarily true, however, that a plaintext specifies a permutation of
the keys: it is conceivable that a plaintext could encrypt to the same
ciphertext under two different keys.
What are the pros/cons of having only one key take a given plaintext to
a given ciphertext?
--
Mike Stay
Cryptographer / Programmer
AccessData Corp.
mailto:[EMAIL PROTECTED]
