Consider a block encryption algorithm that encrypts blocks of length (n), and let (N=2^{n}). Say we have

Question:

Consider a block encryption algorithm that encrypts blocks of length \(n\), and let \(N=2^{n}\). Say we have \(t\) plaintext-ciphertext pairs \(P_{i}, C_{i}=\mathrm{E}\left(K, P_{i}ight)\), where we assume that the key \(K\) selects one of the \(N\) ! possible mappings. Imagine that we wish to find \(K\) by exhaustive search. We could generate key \(K^{\prime}\) and test whether \(C_{i}=\mathrm{E}\left(K^{\prime}, P_{i}ight)\) for \(1 \leq i \leq t\). If \(K^{\prime}\) encrypts each \(P_{i}\) to its proper \(C_{i}\), then we have evidence that \(K=K^{\prime}\). However, it may be the case that the mappings \(\mathrm{E}(K, \cdot)\) and \(\mathrm{E}\left(K^{\prime}, \cdotight)\) exactly agree on the \(t\) plaintextcipher text pairs \(P_{i}, C_{i}\) and agree on no other pairs.

a. What is the probability that \(\mathrm{E}(K, \cdot)\) and \(\mathrm{E}\left(K^{\prime}, \cdotight)\) are in fact distinct mappings?

b. What is the probability that \(\mathrm{E}(K, \cdot)\) and \(\mathrm{E}\left(K^{\prime}, \cdotight)\) agree on another \(t^{\prime}\) plaintextciphertext pairs where \(0 \leq t^{\prime} \leq N-t\) ?

Fantastic news! We've Found the answer you've been seeking!

Step by Step Answer:

Related Book For  book-img-for-question
Question Posted: