When a block cipher key length is greater than the block length, is it the case that for some keys $k_0, k_1$ (with $k_0 \not= k_1$) and plaintext message $m$ that $E_{k_0}(m) = E_{k_1}(m)$?
Asked
Active
Viewed 2,954 times
1 Answers
4
A block cipher processes a single block of input and produces a single block of output, where the input and output blocks are the same size. By the pigeonhole principle, if the key size is larger than the block size then there must be some keys that will encrypt the same input block to the same output block.
More formally, a block cipher is defined as the family of encryption functions $E: K \times X \to X$ (and their inverse decryption functions), where:
- $K$ is the set of possible keys with cardinality $|K|$.
- $X$ is the set of possible block values with cardinality $|X|$.
The cardinality (number of elements) of these sets is $2^b$ where $b$ is the length of an element in bits. For example for a 256 bit key, $|K|$ is $2^{256}$ and for a 128 bit block, $|X|$ is $2^{128}$.
If you think of setting the key for the block cipher as fixing the value $k \in K$ to produce a function $e(X) \to X = E(k,X)$, then it's obvious that there are $|K|$ such functions.
It's then easy to see that if $|K| > |X|$, there are more possible encryption functions than there are possible output values, and so for any $x \in X$ there must exist (at least) two keys $k_0 \in K$ and $k_1 \in K$ where $E(k_0,x) = E(k_1,x)$. For a good block cipher, the number of such keys will be very low.
CodesInChaos
- 25,121
- 2
- 90
- 129
archie
- 1,998
- 17
- 28