Key clustering

This article is an orphan, as no other articles link to it. Please introduce links to this page from related articles; try the Find link tool for suggestions. (February 2009)

This article needs attention from an expert in Cryptography. Please add a reason or a talk parameter to this template to explain the issue with the article. WikiProject Cryptography may be able to help recruit an expert. (February 2009)

In cryptography, key clustering is said to occur when two different keys generate the same ciphertext from the same plaintext, using the same cipher algorithm. A good cipher algorithm, using different keys on the same plaintext, should generate a different ciphertext, irrespective of the key length.

Assume that there is a plaintext P, two different keys, K1 and K2, and an algorithm A. Ciphertexts C1 and C2 with the two keys are generated as follows:

P → A(K1) → C1

P → A(K2) → C2

C1 should not equal C2, if they do then key clustering has occurred.

If an 'attacker' tries to break a cipher by brute-force (trying all possible keys until it finds the correct key) then key clustering will result in an easier attack on a particular cipher text. If there are N possible keys without any key clustering then the attacker will on average need to try N/2 keys to decrypt it and a worst case of trying all N keys. If there are two keys that are clustered then the average number of keys to try is reduced to N/4 (worst case is N-1 keys). If three keys cluster than average attempt is only N/6 attempts.

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

• v
• t
• e