Score:1

Block cipher design criteria when specifying key size

bv flag

For a given block size of N bits, the total number of possible permutations is (2^N)! In order to select from any one of the possible permutations, the key would have to be of length log2((2^N)!) which is typically much larger than N. Given that AES has a 128 bit block and can have a key length of 256 bits, the AES block cipher is only using a small sub-set of all possible block permutations.

My question is : How does a designer determine which subset of the permutation space is to be used?

Is there any design criteria to be applied as to how the permutation are "spaced apart"?

Some immediate, and seamingly obvious, criteria come to mind :

  1. Eliminate the permutation that does not change anything (ie: 1 to 1 , 2 to 2 , ... , n-1 to n-1). as this would not obfuscate the plaintext.

  2. Eliminate permutations that don't change "enough" entries (ie: 1 to 5 , 5 to 1 , and all others are n to n).

How does a designer determine the "best" sub-set of permutations to map to the key space?

kelalaka avatar
in flag
Read The AES or TwoFish Books or start from here [What are recommended, general strategies to start block-cipher design and/or analysis?](https://crypto.stackexchange.com/q/39791/18298) And note that even AES is not proven to be a PRP.
user2357 avatar
us flag
@kelalaka what is the manes of these books?
kelalaka avatar
in flag
https://www.amazon.com/Design-RijndaeL-Encryption-Information-Cryptography/dp/3540425802 and https://www.amazon.com/Twofish-Encryption-Algorithm-128-Bit-Cipher/dp/0471353817/ and https://www.schneier.com/academic/twofish/
user2357 avatar
us flag
@kelalaka thank you.
Score:2
in flag

A block cipher as a permutation (family) is not "selected" explicitly: because any such permutation is huge and can not be fully generated and analyzed. Instead, a designer creates a computational circuit / algorithm of a block cipher. We can not directly check for the permutation properties you think of, e.g. number of fixed points, small loops, etc. because a good block cipher creates so complicated permutations, that analyzing them from this viewpoint is nearly impossible. Instead, cryptographers analyze properties that can be checked to some extent: high probability differential trails, linear correlation trails, symmetries, etc.

Also, it is often possible to analyze the group generated by the round function (with any key), and usually it is either the full symmetric group or at least the alternating group (which is always the case of XOR-based Feistel Network). The key difference here from the real cipher is that in this setting the number of rounds is not bounded. But it is nonetheless useful information: we can conclude that there is no property that holds for all keys and for any number of rounds.

Score:1
sy flag

In order to argue the security of a block cipher, designers try to use design rationals that provide decent security against known cryptanalysis techniques. Famous cryptanalysis techniques are statistical cryptanalyses like differential and linear cryptanalysis and structural attacks like algebraic cryptanalysis. For the first technique, designers try to use permutations that have good Confusion and Diffusion properties. That is how basically they choose the permutations. To see how it really works, I suggest you read The Block Cipher Companion book. Hopefully reading the Wikipedia page I gave earlier will give you a general idea that how permutations are selected.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.