0

Given an encryption scheme that takes as input a key $k$ and converts it to an encryption operation $E$ via the function $M(k) = E$, is it possible that more than one $k$ can give the same $E$?

For example, let $k$ and $k'$ be two distinct keys. Is it possible that $M(k) = M(k') = E$. In this sense, the mapping from the 'key space' to the 'encryption operation space' is surjective.

It doesn't seem like it would be a vulnerability or flaw me given the number of different possible encryption operators given by the scheme is large enough, and that each distinct encryption operator is mapped onto by roughly the same number of keys. For instance, let's say the key space for a given key of length $n$ is $2^n$, but the corresponding encryption operation space is of size $2^{\frac{n}{2}}$. For large values of $n$, although a given key would have many 'collisions' (other keys that give the same encryption operator), the protocol could still be secure.

Quantum Guy 123
  • 101
  • 2

1 Answers1

2

Are there any encryption schemes where more than one key give the same encryption and decryption operations?

Technically, DES does (as does any system built on DES, such as 3DES).

DES takes 64 bit keys [1]; of those key bytes, the lsbit of each byte is ignored. That is, $DES_k$ and $DES_{k'}$ are the same operation if $k$ and $k'$ differ only in the lsbits.

Now, DES isn't considered secure, but not because of that reason; rather it's because the key space is far too small, and the block size is too small.

[1]: You will often read that DES takes 56 bit keys, but that's not how DES is defined. It can be defined more pedantically as taking a 64 bit key, of which 56 bits are used.

poncho
  • 147,019
  • 11
  • 229
  • 360