A construction of a cipher from a single pseudorandom permutation
Shannon defined a random cipher as a collection of randomly chosen permutations, one for each value of the key.
We suggest a scheme for a block cipher which uses only one randomly chosen permutation, F. The key, consisting of two blocks, K1 and K2 is used in the following way: The message block is XORed with K1 before applying F, and the outcome is XORed with K2, to produce the cryptogram block. This removes the need to store, or generate a multitude of permutations.
Although the resulting cipher is not random, we claim that it is secure. First, it is shown that if F is chosen randomly then, with high probability the scheme is secure against any polynomial-time algorithmic attack. Next, it is shown that if F is chosen pseudorandomly, the system remains secure against oracle-type attacks.
The scheme may lead to a system more efficient than systems such as the DES and its siblings, since the designer has to worry about one thing only: How to implement one pseudorandomly chosen permutation. This may be easier than getting one for each key.
Unable to display preview. Download preview PDF.
- C.E. Shannon, “Communication Theory of Secrecy Systems”, Bell System Tech. J., Vol. 28, 1949, pp. 656–715.Google Scholar
- National Bureau of Standards, “Data Encryption Standard”, Federal Information Processing Standard, U.S. Department of CommerceFIPS PUB 46, Washington, DC, 1977.Google Scholar