3

Popular block ciphers like AES or Twofish are keyed pseudo random permutations on the domain $\{0,1,\dots,2^{k}-1\}$ with $k\in\{128,192,256\}$ or similar.

I'm interested in pseudo random permutations on domains whose size is not a power of two: Are there any fast (in the ballpark of AES) keyed pseudo random permutations that operate on $\{0,1,\dots,n\}$ with $n\in\mathbb{N}$ being an adjustable parameter?

Perseids
  • 562
  • 3
  • 13
  • 4
    What you search is [tag:format-preserving] encryption. It is generally slower than AES, though. – Paŭlo Ebermann Feb 11 '14 at 22:25
  • @PaŭloEbermann using FPE with AES-NI is comparable speeds with AES-NI. Feistel networks with 10 or so rounds with AES-NI hardly slows it down . – sashank Feb 12 '14 at 06:38

1 Answers1

5

Ciphers with Arbitrary Finite Domains by Black and Rogaway have some options like Prefix Ciphers, Generalized Feistel networks , Cycle walking etc.

Also Format preserving encryption has traits that you are looking for , but NIST standardized ones are patented by Voltage Inc.

In general Feistel networks + Cycle walking would give a good option for any arbitrary length (even or odd) domains .

This question has much better answer Is there a length-preserving encryption scheme?

Community
  • 1
sashank
  • 6,174
  • 4
  • 32
  • 67