On Dec 21, 2005, at 0:10, Ben Laurie wrote:

Good ciphers aren't permutations, though, are they? Because if they were, they'd be groups, and that would be bad.

`A given cipher, with a given key, is a permutation of blocks.`

`(Assuming output blocks and input blocks are the same size.) It may`

`be (and often is) the case that the set of all keys does not span the`

`set of all possible permutations, in which case the permutations`

{ E_k() | k in set of all keys } may or may not turn out to be a group.

`For blocks of n bits and keys of m bits, there are n! permutations`

`but 2^m of them are representable by some key. If m = n, this is a`

`fraction roughly equal to`

(2e/n)^n

`About 10^-70 for n=64. I don't know the probability of a randomly`

`selected subset of a permutation group being a group, but at these`

`scales, I bet it's small.`

