Trei, Peter wrote:
It really depends on the cipher. If the cipher is a group, then case 1 is bad - since
blowfish(blowfish(plaintext,key1),key2) = blowfish(plaintext, key3)
Some ciphers, such as DES, are not groups. This is why double and triple DES are stronger than single DES.
The property of encryption in a particular cipher not being a group operation is insufficient in itself to make multiple encryptions in that cipher stronger than single encryptions in it. It may be the case that multiple encryption is less secure than single encryption. Not likely, but it is possible. And Jamie Lawrence wrote:
On Wed, 30 Apr 2003, Sunder wrote:
blowfish(blowfish(plaintext,key1),key2) is bad,
I believe it doesn't gain you anything, but it isn't "bad" in the sense of weakening anything.
If the encryption is a group operation then at best multiple encryptions using that cipher are as strong as single encryptions - but if the keys are related then it is possible that multiple encryptions may be weaker, and it's a difficult (maybe even hard) problem to decide whether the keys are related. Then there's the meet-in-the-middle attack, qua google. Using multiple encryption in different ciphers is a fraught subject, full of potential pitfalls. It hasn't been well researched, probably partly because it's so complex. It is possible that it can be less secure than single encryption in a single cipher. Personally, for the two ciphers case, I'd choose Blowfish and AES, ensuring the keys are randomly and seperately generated, because Blowfish is a Feistel cipher and AES isn't (and because both are well-peer-reviewed, and available), but that's just a feeling which I can't really justify mathematically. (All this is a bit nit-picking-ish, except the [multiple encryption with a ciher that is a group operation can't be stronger than a single encryption with that cipher] bit, and anything else is not _likely_ to be relevant, but it still should be considered when designing multiple encryption systems) -- Peter Fairbrother