Travis H. wrote: > On 12/21/05, Perry E. Metzger <[EMAIL PROTECTED]> wrote: >>> Good ciphers aren't permutations, though, are they? Because if they >>> were, they'd be groups, and that would be bad. >> Actually, by definition, a cipher should be a permutation from the set >> of plaintexts to the set of ciphertexts. It has to be 1 to 1 bijective >> or it isn't an encryption algorithm. > > Isn't the question people normally care about whether encryption over > all keys is closed or not, and only relevant if you're trying to > increase the keyspace through multiple encryption? > > The other day I was thinking of using a very large key to select a > permutation at random from the symmetric group S_(2^x). That would be > a group, but I don't see how you knowing that I'm using a random > permutation would help you at all.
Having shot myself in the foot once already, I've hesitated over responding to this, but... Surely if you do this, then there's a meet-in-the middle attack: for a plaintext/ciphertext pair, P, C, I choose random keys to encrypt P and decrypt C. If E_A(P)=D_B(C), then your key was A.B, which reduces the strength of your cipher from 2^x to 2^(x/2)? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ ** ApacheCon - Dec 10-14th - San Diego - http://apachecon.com/ ** "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]