Re: commuting?/non-group cipher?

From: Brian McKeever (brian.mckeever_at_gmail.com)
Date: 10/28/04

• Next message: Mok-Kong Shen: "Re: trying to predict next rand value"
• Previous message: Skybuck Flying: "Re: Hunt for rand and srand implementations ;)"
• In reply to: Peter Fairbrother: "commuting?/non-group cipher?"
• Next in thread: Peter Fairbrother: "Re: commuting?/non-group cipher?"
• Reply: Peter Fairbrother: "Re: commuting?/non-group cipher?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 28 Oct 2004 14:56:02 -0700

Peter Fairbrother <zenadsl6186@zen.co.uk> wrote in message news:<BDA64883.6FF4A%zenadsl6186@zen.co.uk>...
> Some ciphers have the property that a double encryption can always be
> replaced by a single encryption, ie E(k3)[P] = E(k1)[E(k2)[P]]
>
> Does anyone know the correct name for this property? If there isn't one,
> does anyone know a reason why "commuting (adj.)" cipher would not be okay?

Because commuting is already taken. It implies that order doesn't
matter (ab=ba). I would call it closure - that the set of encryption
operations is closed under composition.

> Can anyone think of an example of a cipher with this property that is not a
> group?

As Kristian Gjøsteen showed, for the cases you are probably interested
in, closure implies that it's a group. I say it that way because he
assumed the input is finite (like in a block cipher). But for
illustritive purposes (not as a proposed cipher) consider E(K)[P] = K
concat P, for arbitrary length strings K and P. Then these operations
are closed, but lack inverses.

Brian, pedantically

---

• Next message: Mok-Kong Shen: "Re: trying to predict next rand value"
• Previous message: Skybuck Flying: "Re: Hunt for rand and srand implementations ;)"
• In reply to: Peter Fairbrother: "commuting?/non-group cipher?"
• Next in thread: Peter Fairbrother: "Re: commuting?/non-group cipher?"
• Reply: Peter Fairbrother: "Re: commuting?/non-group cipher?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Should Initialization Vectors be public ? ... CBC XORes every previous cipher block with next plain text block before ... encryption key on the same plain text, ... add them at the beginning of your plaintext data ... (microsoft.public.dotnet.security) Re: Should Initialization Vectors be public ? ... > CBC XORes every previous cipher block with next plain text block before ... Chaining and feedback modes does provide extra strength to ... > encryption key on the same plain text, ... >>>> then to decrypt. ... (microsoft.public.dotnet.security) Re: cryptoloop CBC mode ... >> identical it could be the case that two would get same encryption. ... For such blocks you will know exactly which bits differ ... and the two IVs are different. ... > the key will still be the same (ok, different cipher output, but the ... (comp.os.linux.security) Chaffing and deniability in pencil-and-paper ciphers ... Although pencil and paper ciphers are entirely impractical these days, ... _encryption_ step. ... The real message is encrypted using your best algorithm, ... The fake message can be encrypted in a weaker cipher, ... (sci.crypt) Re: Break This ... I'd guess that you're trying to ascertain if your cipher is ... > against your attackers? ... > engineer your encryption algorithm, they'll try and stick a trojan on ... This is I think the only secure way. ... (sci.crypt)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)