At 02:06 PM 2/17/2003 +0100, Ralf-Philipp Weinmann wrote:
"For each AES-128 plaintext/ciphertext (c,p) pair there
exists exactly one key k such that c=AES-128-Encrypt(p, k)."
I'd be very surprised if this were true, and if it was, it might have bad
implications for related key attacks and the
At 1:09 PM +1100 2/18/03, Greg Rose wrote:
At 02:06 PM 2/17/2003 +0100, Ralf-Philipp Weinmann wrote:
"For each AES-128 plaintext/ciphertext (c,p) pair there
exists exactly one key k such that c=AES-128-Encrypt(p, k)."
I'd be very surprised if this were true, and if it was, it might
have bad i
> ... We can ask what is the
> probability of a collision between f and g, i.e. that there exists
> some value, x, in S such that f(x) = g(x)?
But then you didn't answer your own question. You gave the expected
number of collisions, but not the probability that at least one
exists.
That probab
At 5:45 PM -0600 2/18/03, Matt Crawford wrote:
> ... We can ask what is the
probability of a collision between f and g, i.e. that there exists
some value, x, in S such that f(x) = g(x)?
But then you didn't answer your own question. You gave the expected
number of collisions, but not the pro
Matt Crawford wrote:
>But here's the more interesting question. If S = Z/2^128 and F is the
>set of all bijections S->S, what is the probability that a set G of
>2^128 randomly chosen members of F contains no two functions f1, f2
>such that there exists x in S such that f1(x) = f2(x)?
Vanishingly
The statement was for a plaintext/ciphertext pair, not for a random-bit/
random-bit pair. Thus, if we model it terms of a bijection on random-bit
pairs, we confuse the different statistics for plaintext, ciphertext, keys and
we include non-AES bijections. Hence, I believe that what we got so far i
Ed Gerck <[EMAIL PROTECTED]> wrote:
> For each AES-128 plaintext/ciphertext (c,p) pair with length
> equal to or larger than the unicity distance, there exists exactly
> one key k such that c=AES-128-Encrypt(p, k).
Excuse my naivete in the math for this, but is it relevant that the unicity
distan
The relevant aspect is that the plaintext and key statistics are the
determining factors as to whether the assertion is correct or not.
In your case, for example, with random keys and ASCII text in English,
one expects that a 128-bit ciphertext segment would NOT satisfy the
requirement for a uniq
> The statement was for a plaintext/ciphertext pair, not for a random-bit/
> random-bit pair. Thus, if we model it terms of a bijection on random-bit
> pairs, we confuse the different statistics for plaintext, ciphertext, keys
and
> we include non-AES bijections.
While your reformulation of the p
Anton Stiglic wrote:
> > The statement was for a plaintext/ciphertext pair, not for a random-bit/
> > random-bit pair. Thus, if we model it terms of a bijection on random-bit
> > pairs, we confuse the different statistics for plaintext, ciphertext, keys
> and
> > we include non-AES bijections.
>
At 2:18 PM -0800 2/19/03, Ed Gerck wrote:
Anton Stiglic wrote:
> The statement was for a plaintext/ciphertext pair, not for a random-bit/
> random-bit pair. Thus, if we model it terms of a bijection on random-bit
> pairs, we confuse the different statistics for plaintext, ciphertext, keys
an
"Arnold G. Reinhold" wrote:
> At 2:18 PM -0800 2/19/03, Ed Gerck wrote:
> >The previous considerations hinted at but did not consider that a
> >plaintext/ciphertext pair is not only a random bit pair.
> >
> >Also, if you consider plaintext to be random bits you're considering a very
> >special -
On Fri, Feb 21, 2003 at 06:31:20AM -0800, Ed Gerck wrote:
> Shannon proved that if
> "n" (bits, bytes, letters, etc.) is the unicity distance of a ciphersystem,
> then ANY message that is larger than "n" bits CAN be uniquely deciphered
> from an analysis of its ciphertext
[...]
> Conversely, Shann
Hmm. another simpler theory to remove Shannon from the discussion.
assume that the original assertion is correct - that for each plaintext p
and each cyphertext c there exists only one key k that is valid to map
encrypt(p,k)=c. In this case, for each possible cyphertext c, *every*
possible plainte
Ed Gerck wrote:
> This may sound intuitive but is not correct. Shannon proved that if
> "n" (bits, bytes, letters, etc.) is the unicity distance of a
> ciphersystem, then ANY message that is larger than "n" bits CAN be
> uniquely deciphered from an analysis of its ciphertext -- even though
> that
15 matches
Mail list logo
