[12540] in cryptography@c2.net mail archive
Re: AES-128 keys unique for fixed plaintext/ciphertext pair?
daemon@ATHENA.MIT.EDU (Matt Crawford)
Tue Feb 18 19:01:19 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
Date: Tue, 18 Feb 2003 17:45:15 -0600
From: Matt Crawford <crawdad@fnal.gov>
In-reply-to: "18 Feb 2003 16:19:23 EST." <a05200f01ba784cb8e01f@[192.168.0.2]>
To: "Arnold G. Reinhold" <reinhold@world.std.com>
Cc: Greg Rose <ggr@qualcomm.com>,
Ralf-Philipp Weinmann <ralf@fimaluka.org>,
cryptography@wasabisystems.com
> ... We can ask what is the
> probability of a collision between f and g, i.e. that there exists
> some value, x, in S such that f(x) = g(x)?
But then you didn't answer your own question. You gave the expected
number of collisions, but not the probability that at least one
exists.
That probability the sum over k from 1 to 2^128 of (-1)^(k+1)/k!,
or about as close to 1-1/e as makes no difference.
But here's the more interesting question. If S = Z/2^128 and F is the
set of all bijections S->S, what is the probability that a set G of
2^128 randomly chosen members of F contains no two functions f1, f2
such that there exists x in S such that f1(x) = f2(x)?
G is a relatively miniscule subset of F but I'm thinking that the
fact that |G| = |S| makes the probability very, very small.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
