Re: Q: Group property
From: Mark Wooding (mdw_at_nsict.org)
Date: 07/29/03
- Next message: Stonelock: "Re: Surviving Einstein."
- Previous message: Alex Truman: "student wanting to learn about cryptography..."
- In reply to: Jed Davis: "Re: Q: Group property"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 29 Jul 2003 17:27:27 GMT
Jed Davis <jdev@panix.com> wrote:
> The problem with DES's potential groupness was the use of triple-DES.
Actually, that's wasn't the main concern, as I understand it. The
problem is that, if a block cipher generates a group of order g, then
there are g pairs of group elements which, when composed under the group
operation, are equivalent to the action of a given (unknown) key K. A
correct pair can be discovered using a known-plaintext meet-in-the-
middle attack requiring g units of memory and 2 g block cipher
applications (generalized to full group elements, in the case that the
group is larger than the standard keyspace).
> Whereas for any of the AES candidates, [...]
I don't think the question was addressed as such. I don't have any
particular concerns on this score, however.
-- [mdw]
- Next message: Stonelock: "Re: Surviving Einstein."
- Previous message: Alex Truman: "student wanting to learn about cryptography..."
- In reply to: Jed Davis: "Re: Q: Group property"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
