[12537] in cryptography@c2.net mail archive
Re: AES-128 keys unique for fixed plaintext/ciphertext pair?
daemon@ATHENA.MIT.EDU (Greg Rose)
Tue Feb 18 01:24:11 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
Date: Tue, 18 Feb 2003 13:09:55 +1100
To: Ralf-Philipp Weinmann <ralf@fimaluka.org>
From: Greg Rose <ggr@qualcomm.com>
Cc: cryptography@wasabisystems.com
In-Reply-To: <20030217140651.6181bef7.ralf@fimaluka.org>
At 02:06 PM 2/17/2003 +0100, Ralf-Philipp Weinmann wrote:
>"For each AES-128 plaintext/ciphertext (c,p) pair there
> exists exactly one key k such that c=AES-128-Encrypt(p, k)."
I'd be very surprised if this were true, and if it was, it might have bad
implications for related key attacks and the use of AES for hashing/MACing.
Basically, block encryption with a given key should form a pseudo-random
permutation of its inputs, but encryption of a constant input with a
varying key is usually expected to behave like a pseudo-random *function*
instead.
Greg.
Greg Rose INTERNET: ggr@qualcomm.com
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/
Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
