Why triple encryption instead of split+encrypt?
solman at MIT.EDU
solman at MIT.EDU
Thu Jul 14 05:22:20 PDT 1994
Why do people do tripple DES and *shudder* tripple IDEA
instead of doing some form of non-redundant secret splitting
and then encrypting with multiple keys.
For example, instead of triple DES, why not
A) divide the compressed plaintext into blocks of n*64 (where n=2 in the
simple example, higher in the overkill examples)
B) Split each block into n parts such that:
i) The splitting can be reversed.
ii) During the inverse of the splitting each bit in the plaintext is
dependent on several bits from each of the parts of the splittext.
iii) The total number of bits in the splittext is the same as in the
plaintext.
The last point will make this form of secret spliting relatively
insecure, but that's OK for this application (I think, this is
really what I'm asking you.)
C) Now, for each n*64 bit block you have n blocks of 64 bits. Hook these
together in n chains and encrypt with DES with different keys in CBC,
CFB or OFB mode.
D) Unencrypt on the other end.
You can make the key size arbitrarily large and it takes much less time
than triple DES and its immune to meet in the middle attacks. So why do
we use triple DES?
If I am wrong about the security of point B-iii, am I correct that by
switching to a secure secret splitting algorithm and setting n=2, we
still get faster performance for the same cryptanalytical hardness as
triple DES?
Cheers,
JWS
More information about the cypherpunks-legacy
mailing list