# A construction of a cipher from a single pseudorandom permutation

## Abstract

Shannon defined a random cipher as a collection of randomly chosen permutations, one for each value of the key.

We suggest a scheme for a block cipher which uses only one randomly chosen permutation, *F*. The key, consisting of two blocks, *K*_{1} and *K*_{2} is used in the following way: The message block is XORed with *K*_{1} before applying *F*, and the outcome is XORed with *K*_{2}, to produce the cryptogram block. This removes the need to store, or generate a multitude of permutations.

Although the resulting cipher is not random, we claim that it is secure. First, it is shown that if *F* is chosen randomly then, with high probability the scheme is secure against any polynomial-time algorithmic attack. Next, it is shown that if *F* is chosen pseudorandomly, the system remains secure against oracle-type attacks.

The scheme may lead to a system more efficient than systems such as the DES and its siblings, since the designer has to worry about one thing only: How to implement one pseudorandomly chosen permutation. This may be easier than getting one for each key.

## Preview

Unable to display preview. Download preview PDF.

## References

- [1]C.E. Shannon, “Communication Theory of Secrecy Systems”,
*Bell System Tech. J.*, Vol. 28, 1949, pp. 656–715.Google Scholar - [2]National Bureau of Standards, “Data Encryption Standard”,
*Federal Information Processing Standard*, U.S. Department of CommerceFIPS PUB 46, Washington, DC, 1977.Google Scholar - [3]M. Luby and C. Rackoff, “How to Construct Pseudorandom Permutations from Pseudorandom Functions”,
*SIAM J. on Computing*, Vol. 17, No. 2, 1988, pp. 373–386.CrossRefGoogle Scholar