1. Categories >> Software >> Cryptography >> Ciphers
  2. Suggest New Category

What are some group-theoretic properties of product ciphers?

Question Posted / boss

Answer Posted / boss

Let E be a product cipher that maps N-bit blocks to N-bit blocks.
Let E_K(X) be the encryption of X under key K. Then, for any fixed K,
the map sending X to E_K(X) is a permutation of the set of N-bit
blocks. Denote this permutation by P_K. The set of all N-bit
permutations is called the symmetric group and is written S_{2^N}.
The collection of all these permutations P_K, where K ranges over all
possible keys, is denoted E(S_{2^N}). If E were a random mapping from
plaintexts to ciphertexts then we would expect E(S_{2^N}) to generate
a large subset of S_{2^N}.

Coppersmith and Grossman [COP74] have shown that a very simple
product cipher can generate the alternating group A_{2^N} given a
sufficient number of rounds. (The alternating group is half of the
symmetric group: it consists of all ``even'' permutations, i.e., all
permutations which can be written as an even number of swaps.)
Even and Goldreich [EVE83] were able to extend these results to show
that Feistel ciphers can generate A_{2^N}, given a sufficient number
of rounds.

The security of multiple encipherment also depends on the
group-theoretic properties of a cipher. Multiple encipherment is an
extension over single encipherment if for keys K1, K2 there does
not exist a third key K3 such that

E_K2(E_K1(X)) == E_(K3)(X) (**)

which indicates that encrypting twice with two independent keys
K1, K2 is equal to a single encryption under the third key K3. If
for every K1, K2 there exists a K3 such that eq. (**) is true then
we say that E is a group.

This question of whether DES is a group under this definition was
extensively studied by Sherman, Kaliski, and Rivest [SHE88]. In their
paper they give strong evidence for the hypothesis that DES is not a
group. In fact DES is not a group [CAM93].

Is This Answer Correct ?    0 Yes 0 No



Post New Answer       View All Answers


Please Help Members By Posting Answers For Below Questions

What exactly is DES?

1449

What are IP Tunnels?

1656

How was NSA involved in the design of DES?

1340

What is a product cipher?

1980

hi,pls help me for the preparation of interview for iob's it manager post?

1875




Is ECB cipher mode faster than CBC ?

1775

Does IAIK support RC4 ? Is the code written the same way as for RC2 ?

1419

Name different symmetric ciphers?

1931

Can symmetric block ciphers be used for message authentication?

1413

what is ECB?

1765

What can be proven about the security of a product cipher?

1453

what is CBC?

1828

Can DES be used to protect classified information?

1381

shall we use a journalling filesystem on top of /dev/loop?

1648

Is DES available in software?

1320