[12549] in cryptography@c2.net mail archive
Re: AES-128 keys unique for fixed plaintext/ciphertext pair?
daemon@ATHENA.MIT.EDU (Ed Gerck)
Thu Feb 20 18:43:58 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
Date: Wed, 19 Feb 2003 14:18:13 -0800
From: Ed Gerck <egerck@nma.com>
To: Anton Stiglic <astiglic@okiok.com>
Cc: cryptography@wasabisystems.com
Anton Stiglic wrote:
> > The statement was for a plaintext/ciphertext pair, not for a random-bit/
> > random-bit pair. Thus, if we model it terms of a bijection on random-bit
> > pairs, we confuse the different statistics for plaintext, ciphertext, keys
> and
> > we include non-AES bijections.
>
> While your reformulation of the problem is interesting, the initial question
> was regarding plaintext/ciphertext pairs, which usually just refers to the
> pair
> of elements from {0,1}^n, {0,1}^n, where n is the block cipher length.
The previous considerations hinted at but did not consider that a
plaintext/ciphertext pair is not only a random bit pair.
Also, if you consider plaintext to be random bits you're considering a very
special -- and least used -- subset of what plaintext can be. And, it's a
much easier problem to securely encrypt random bits.
The most interesting solution space for the problem, I submit, is in the
encryption of human-readable text such as English, for which the previous
considerations I read in this list do not apply, and provide a false sense of
strength. For this case, the proposition applies -- when qualified for the
unicity.
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
