Construction of a cipher single pseudorandom permutation

Abstract

Shannon defined a random cipher as a collection of randomly chosen permutations, one for each value of the key. We suggest a scheme for a block cipher which uses only one randomly chosen permutation, F. The key, consisting of two blocks, K1 and K2 is used in the following way: The message block is XOtted with K1 before applying F, and the outcome is XORed with K2, to produce the cryptogram block. This removes the need to store, or generate a multitude of permutations. Although the resulting cipher is not random, we claim that it is secure. First, it is shown that if F is chosen randomly then, with high probability the scheme is secure against any polynomial-time algorithmic attack. Next, it is shown that if F is chosen pseudorandomly, the system remains secure against oracle-type attacks. The scheme may lead to a system more efficient than systems such as the DES and its siblings, since the designer has to worry about one thing only: How to implement one pseudorandomly chosen permutation. This may be easier than getting one for each key.