Encrypting same data with many keys...

Ray Arachelian sunder at brainlink.com
Wed Aug 13 12:18:05 PDT 1997



On Wed, 13 Aug 1997 nospam-seesignature at ceddec.com wrote:

> PGP uses and E of 17 by default, but it would be a problem except that
> there is a specification for random padding, so it *NEVER* encrypts
> identical plaintext.  It always uses a number just a few bits shorter than 
> N, starting with 0x02, then nonzero random bytes, then a zero byte, and
> finally the message bytes you want to encrypt.
> 
> There was a man-in-the-middle or replay attack with SSL that they changed
> the spec of the padding slightly (8 bytes before the zero byte must be
> 0x03), I think this is because you might be able to quickly find a random
> cyphertext that decrypts to having a zero byte followed by something
> useful as key material, but haven't read the details. 

In terms of padding does it matter WHERE I put the padding info?  Is it
better to put random stuff in the front or at the end?  The reason I ask,
say that you're going to encrypt an N byte block where N is bigger than
your block cypher's key size?

If my intution is correct, and you have the same data encrypted with many
keys (even RSA) but have the padding at the end, the 1st block would still
be breakable.  I suppose putting the data at the end would also result in
the same kind of problem, though it might be a bit harder to attack than
putting the data 1st...

Would it not make sense to scatter the random padding throughout the
block?   How is this normally done?  Front?  Back?  Middle?  Scattered?


These are some of the same thought threads that I went through when I
designed WhiteNoiseStorm - (Do a net search for WNS210.ZIP for more info
on it.)  Basically, this cypher uses random block sizes called windows-
(it's more of a stream cypher at the input, but a block cypher at the
output) and mixes random noise with the data.  The bits it hides in the
ramdom noise source are scattered throughout the window AND encrypted.  It
turns out this is useful for stego use and that's what it turned into.
But this may be another use for it...

Since an attacker doesn't know the window size and since the window size
varries randomly from window to window, it's very hard for the attacker to
use known or chosen plaintext attacks.  If you encrypt the same data N
times, you get N different cyphertexts.

It's never been cryptanalized (far as I know - could be the spooks have
done so already) so its strength is unknown...  But I suppose using
something like WNS would be ideal for encrypting the same data with
different keys...

The big disadvantages though: you need a really good source for random
numbers and the size of the cyphertext is much much bigger than the
plaintext... anywhere between 1.5 to 10X depending on the security level
you chose. :)  (And it's a symmetric key cypher, CBC only...  If I can
figure out a way to turn it into a PK system, it would really be
usefull...) 

=====================================Kaos=Keraunos=Kybernetos==============
.+.^.+.|  Ray Arachelian    |Prying open my 3rd eye.  So good to see |./|\.
..\|/..|sunder at sundernet.com|you once again. I thought you were      |/\|/\
<--*-->| ------------------ |hiding, and you thought that I had run  |\/|\/
../|\..| "A toast to Odin,  |away chasing the tail of dogma. I opened|.\|/.
.+.v.+.|God of screwdrivers"|my eye and there we were....            |.....
======================= http://www.sundernet.com ==========================







More information about the cypherpunks-legacy mailing list