Open sesame
Morlock Elloi
morlockelloi at yahoo.com
Thu Mar 22 13:45:25 PST 2001
Depending on your PPL (personal paranoia level), this may sound as an
boring conspiracy theory or be the reason to stop using things with
transistors in them :-)
(1) Take a block cipher with block size b and key size k. Any block cipher.
(2) Assume that k > b.
(3) Now, if you take a particular input block B (plaintext), and encrypt it
with all possible keys (2**k), a decent cipher should produce output that
covers full 2**b output space, right ?
(4) The question is: is there such B that, in process (3) generates output
from which (part of) each key can be trivially inferred ? For instance,
the output is a ROT-13 of the lower b bits of the key, or blowfish encrypted
upper b bits of the key (with the blowfish key being "suckers suckers ").
You get the drift.
(5) is it possible to prove that the answer to (4) is "yes" or "no" ? What
could be learned by doing the brute force test on 56-bit DES for two keys
and trying to find correlation in the resulting 2**57 space ?
(6) If it is impossible to prove that the answer to (4) is "no", what can be
done to prevent the chosen plaintext attack ?
[as for conspiracy, if the answer is "yes", then only two block ciphers need
to have this feature: DES and AES. Easily done and not too expensive either.]
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
More information about the cypherpunks-legacy
mailing list