Determining whether a given cryptographic function is a permutation of another given cryptographic function -- a problem in intellectual property (Q2333818)

If a block cipher \(E(k,p)\) (key \(k \in {\{ 0,1\} ^{{l_k}}}\), plaintext \(p \in {\{ 0,1\} ^{{l_p}}}\), e.g. in AES \({l_p} = 128\), \({l_k} \in \{ 128,192,256\} \)) is transformed using permutations \({M_1}\), \({M_2}\), \({M_3}\) (of suitable size), then the transformed fraudulent function \(\hat E(k,p) = {M_3}E({M_1}k,{M_2}p)\) remains a block cipher and its security properties would be preserved. The encryption function can be expressed using polynomials over \(\{ 0,1\} \) and systems of polynomials for the original and transformed function will be equivalent. This allows to reduce the fraud detection problem to logical satisfiability problem which can be solved using standard off-the-shelf software packages.