Depending on your PPL (personal paranoia level), this may sound as an boring conspiracy theory or be the reason to stop using things with transistors in them :-) (1) Take a block cipher with block size b and key size k. Any block cipher. (2) Assume that k > b. (3) Now, if you take a particular input block B (plaintext), and encrypt it with all possible keys (2**k), a decent cipher should produce output that covers full 2**b output space, right ? (4) The question is: is there such B that, in process (3) generates output from which (part of) each key can be trivially inferred ? For instance, the output is a ROT-13 of the lower b bits of the key, or blowfish encrypted upper b bits of the key (with the blowfish key being "suckers suckers "). You get the drift. (5) is it possible to prove that the answer to (4) is "yes" or "no" ? What could be learned by doing the brute force test on 56-bit DES for two keys and trying to find correlation in the resulting 2**57 space ? (6) If it is impossible to prove that the answer to (4) is "no", what can be done to prevent the chosen plaintext attack ? [as for conspiracy, if the answer is "yes", then only two block ciphers need to have this feature: DES and AES. Easily done and not too expensive either.] __________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/
participants (1)
-
Morlock Elloi