Re: Collision resistant encryption scheme
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


sci.crypt archive

Re: Collision resistant encryption scheme

From: Paul Rubin <//phr.cx@NOSPAM.invalid>
Date: Tue Feb 07 2006 - 00:20:13 CET



Mike Amling <nospam@foobaz.com> writes:


> > Actually all shift cyphers (Caesar cyphers) have this feature. Ie,


> > C(R,M)=M+R mod(2^blocklength) have the property that for every R


> > (the key) C(R,M)!= C(R',M)


> 


>    Same for XOR, C(R,M)=M^R, a standard implementation of a One-Time Pad.



Neither of these schemes is IND-CPA secure.  There are trivial known


plaintext attacks against both.



Real-world ciphers tend not to be designed against related key


attacks.  They also sometimes have properties like the DES key


complementation property.  Can the application be broken only be a


real, full collision, or is it bad enough if some relationship between


keys can be pushed through to a relationship between ciphertexts?



Anyway, the usual remedy is to use hash function outputs as keys.


Received on Tue Feb  7 21:00:10 2006