Re: Collision resistant encryption scheme



Mike Amling <nospam@xxxxxxxxxx> writes:
Actually all shift cyphers (Caesar cyphers) have this feature. Ie,
C(R,M)=M+R mod(2^blocklength) have the property that for every R
(the key) C(R,M)!= C(R',M)

Same for XOR, C(R,M)=M^R, a standard implementation of a One-Time Pad.

Neither of these schemes is IND-CPA secure. There are trivial known
plaintext attacks against both.

Real-world ciphers tend not to be designed against related key
attacks. They also sometimes have properties like the DES key
complementation property. Can the application be broken only be a
real, full collision, or is it bad enough if some relationship between
keys can be pushed through to a relationship between ciphertexts?

Anyway, the usual remedy is to use hash function outputs as keys.
.