----

I have a question regarding plaintext collisions that I think has an obvious answer, but I just want to double-check it. This isn't specific for any algorithm.

Assume the algorithm has a 128 bit key and a 128 bit block size. There should -- for a good algorithm -- be a one-to-one ratio between a 128 bit input plaintext and the 128 bit output ciphertext such that no two keys generate the same ciphertext, correct? Ie, in AES there are no two keys for a plaintext which yields the same ciphertext (in which the block size and plaintext are the same length).

However, say you have the same algorithm and a 256 bit key with a 128 bit block size. If you were to encrypt just one block of plaintext, there would be multiple keys that would correctly decrypt the ciphertext, right? Since there are more key size inputs than there are ciphertexts, eventually keys are going to have to start sharing the same ciphertext.

But that will only apply to plaintexts shorter than the key, right? Once the plaintext (as measured in block sizes, so in this case always rounding up to the next 128 bit marker) is the same length as the key the key to ciphertext mapping will return to one-to-one. (Ignoring any type of block chaining methods.)

So, basically, the only time there can be two keys that encrypt the same plaintext to identical ciphertexts (and thus both decrypt the same ciphertext to the same plaintext) is when the plaintext is shorter than the ciphertext, correct?

That seems obviously true to me, but I just want to double check before I assume that to be gold.

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Powered by phpBB 2.0.x © 2001 phpBB Group