Re: Anonglish (was: Re: Authenticating Meat)
On Wed, 30 Apr 2003, Sunder wrote:
According to Schneier doing this is a bad idea - (or so I recall from the A.P. book which I've not reread in quite a while - I may be wrong) if you use the same (or similar) cypher. i.e.:
blowfish(blowfish(plaintext,key1),key2) is bad,
I believe it doesn't gain you anything, but it isn't "bad" in the sense of weakening anything. If it were, analysts would start off by encrypting the message again. It has been a while since I've read on this, too, so please correct me if I'm wrong, but what is important for multiple encryption is whether or not the cypher in question is a group (as in closed under composition). DES, for example, is not, so multiple DES cycles is not equivalent to single DES. Again, I probably shouldn't be talking about this, as I haven't refreshed my memory on it in a while. -j -- Jamie Lawrence jal@jal.org "The current pursuit of American supremacy reminds me of the the boom-bust process, or a stock market bubble. Whatever the outcome in Iraq, I dare to predict that the Bush policies are bound to fail." - George Soros
What is not known (and impossible to prove impossible) is that there may be another non-DES "block cypher" with some shorter key equivalent to 2 DES blocks in series. Or we'll find out much later that feistel nets have been collapsed in, say ... late 90-ties ?
if I'm wrong, but what is important for multiple encryption is whether or not the cypher in question is a group (as in closed under composition).
DES, for example, is not, so multiple DES cycles is not equivalent to single DES.
===== end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com
Trei, Peter wrote:
It really depends on the cipher. If the cipher is a group, then case 1 is bad - since
blowfish(blowfish(plaintext,key1),key2) = blowfish(plaintext, key3)
Some ciphers, such as DES, are not groups. This is why double and triple DES are stronger than single DES.
The property of encryption in a particular cipher not being a group operation is insufficient in itself to make multiple encryptions in that cipher stronger than single encryptions in it. It may be the case that multiple encryption is less secure than single encryption. Not likely, but it is possible. And Jamie Lawrence wrote:
On Wed, 30 Apr 2003, Sunder wrote:
blowfish(blowfish(plaintext,key1),key2) is bad,
I believe it doesn't gain you anything, but it isn't "bad" in the sense of weakening anything.
If the encryption is a group operation then at best multiple encryptions using that cipher are as strong as single encryptions - but if the keys are related then it is possible that multiple encryptions may be weaker, and it's a difficult (maybe even hard) problem to decide whether the keys are related. Then there's the meet-in-the-middle attack, qua google. Using multiple encryption in different ciphers is a fraught subject, full of potential pitfalls. It hasn't been well researched, probably partly because it's so complex. It is possible that it can be less secure than single encryption in a single cipher. Personally, for the two ciphers case, I'd choose Blowfish and AES, ensuring the keys are randomly and seperately generated, because Blowfish is a Feistel cipher and AES isn't (and because both are well-peer-reviewed, and available), but that's just a feeling which I can't really justify mathematically. (All this is a bit nit-picking-ish, except the [multiple encryption with a ciher that is a group operation can't be stronger than a single encryption with that cipher] bit, and anything else is not _likely_ to be relevant, but it still should be considered when designing multiple encryption systems) -- Peter Fairbrother
participants (3)
-
Jamie Lawrence -
Morlock Elloi -
Peter Fairbrother