Re: Triple AES (3AES)

From: Mok-Kong Shen (mok-kong.shen_at_t-online.de)
Date: 05/29/03 

Date: Thu, 29 May 2003 20:41:38 +0200

AE wrote:
>
> jsavard@ecn.ab.ca wrote:

> > : If I'm using double encryption with one encryption being AES and the
> > : other being simple XOR with my key the result will be as strong as AES.
> >
> > : So even worst case won't uncover the key.
> >
> > Encryption with AES and then simple XOR with the key is not the worst
> > case.
> >
> > Encryption with AES using your key and decryption with AES using your key
> > would be the worst case.
> >
> > Only if the two keys are independent do we cover the possibility that one
> > cipher has been *maliciously* designed to undo the effects of the other.
>
> Looks like I'm as wrong as you were: It is true a combination of AES and
> Serpent is not necessarily as strong as the stronger of the two, but
> it's as well true that this combination - even when using the same key -
> is not as weak as the weaker of the two - maybe better, maybe worse, but
> all we know is it's different.
>
> Quite obviously we would have to see the combination as a new cipher
> with yet unknown properties.
>
> Using two different keys makes things little bit easier, but only when
> using the ciphers in OFB or CTR mode or in CFB using the output of the
> combination of both encryptions for feedback we know about the minimum
> strength of the combination.

Dumb question: What is the (inherent) reason that
distinguishes these three modes from the other modes,
in particular ECB, in the present context? Thanks.

M. K. Shen

Relevant Pages

  • Re: New Encryption Idea
    ... performing the 5 reads necessary in the example algorithm results in a delay ... Panama at 400MB/sec, or RC4 at about 90MB/sec, or AES in CTR mode at ... and the speed failings of your design become very clear. ... > Manansala Encryption and Authentication System ...
    (sci.crypt)
  • Re: Quadruple Algorithms
    ... occurring" (a fatal flaw being found in AES, ... If you really want secure crypto use various layers of encryption ... with the output of one cipher feeding ...
    (sci.crypt)
  • Re: encription to memory
    ... It's difficult to give you exact formula because its different depending on ... -block cipher works on whole blocks and with AES it's 128 bits ... Rijndael is not exactly AES, but an AES candidate that was chosen to ... > this way you don't need to know the encryption block size. ...
    (microsoft.public.dotnet.security)
  • Blacking Whitening Transform for Security in double encryption.
    ... Many people fear one layer of AES used during encryption may not ... enough after applying the transform many long strings of common ...
    (sci.crypt)
  • Re: DMSII Encryption - does it exist?
    ... encryption and is easy to implement. ... I was unaware of TEA, so thanks for pointing it out. ... Isn't there an implementation of DES that is used for the encryption ... There are several public domain implementations of AES (the DES ...
    (comp.sys.unisys)