• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Ciphertext collisions

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security

View previous topic :: View next topic  
Author Message
B-Con
Just Arrived
Just Arrived


Joined: 29 Jul 2004
Posts: 8
Location: int main()

Offline

PostPosted: Wed Jun 06, 2007 9:22 pm    Post subject: Ciphertext collisions Reply with quote

I have a question regarding plaintext collisions that I think has an obvious answer, but I just want to double-check it. This isn't specific for any algorithm.

Assume the algorithm has a 128 bit key and a 128 bit block size. There should -- for a good algorithm -- be a one-to-one ratio between a 128 bit input plaintext and the 128 bit output ciphertext such that no two keys generate the same ciphertext, correct? Ie, in AES there are no two keys for a plaintext which yields the same ciphertext (in which the block size and plaintext are the same length).

However, say you have the same algorithm and a 256 bit key with a 128 bit block size. If you were to encrypt just one block of plaintext, there would be multiple keys that would correctly decrypt the ciphertext, right? Since there are more key size inputs than there are ciphertexts, eventually keys are going to have to start sharing the same ciphertext.

But that will only apply to plaintexts shorter than the key, right? Once the plaintext (as measured in block sizes, so in this case always rounding up to the next 128 bit marker) is the same length as the key the key to ciphertext mapping will return to one-to-one. (Ignoring any type of block chaining methods.)

So, basically, the only time there can be two keys that encrypt the same plaintext to identical ciphertexts (and thus both decrypt the same ciphertext to the same plaintext) is when the plaintext is shorter than the ciphertext, correct?

That seems obviously true to me, but I just want to double check before I assume that to be gold.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register