Re: Universal re-encryption
From: Simon Johnson (Ckwop_at_hotmail.com)
Date: 10/21/03
- Next message: Mxsmanic: "Re: New software featuring GEM 1024 bit encryption engine."
- Previous message: Skybuck Flying: "Re: just an idea for packet protocol using ECB"
- In reply to: Peter Fairbrother: "Universal re-encryption"
- Next in thread: Anton Stiglic: "Re: Universal re-encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 21 Oct 2003 08:29:30 +0000 (UTC)
Peter Fairbrother wrote:
> Suppose a message, already CBC encrypted with random IV to prevent known
> plaintext attacks, of b blocks. We then exponentiate each block of the
> encrypted message to a secret exponent, modulo a Sophie-Germain large prime
> slightly less than our block size.
>
> If we wish we can then reencrypt by exponentiating again with another secret
> exponent, and change the ciphertext to be unrecognisable as a modified
> version of the same (encrypted) plaintext (ignoring for the moment that the
> number of blocks is constant). We don't have to know the original exponent
> used to do the re-encryption.
I understand the construction but i have: "What's the purpose of the
exponentiation?" Is it just to strengthen the a cipher? If so, there are
other ways to strengthen the cipher that aren't as slow as
exponentiation, like adding more rounds to the underlying block cipher?.
We design cryptographic primitives, such as ciphers, with either of both
of these purposes in mind:
1. To demonstrate a new concept (further the field)
2. To use it in the field as part of a wider cryptosystem.
The question I ask (and it's not meant to be an insult - everyone who
ever makes a toy cipher is guilty of this - me included) is which of the
two purposes does yours fulfill.
If you choose '1' then it's not a new design and has already been
studied. If you choose '2' then there are more efficient encryption
solutions available.
If you're worried that AES is weak then you're looking at your threat
model the wrong way. Let's say there's an attack on AES requiring 6
known plain-texts and 2^68 work. It's highly unlikely that the
encryption is the weakest link and that means an attacker probably wont
attack the encryption - they'll install a key logger or install a covert
camera. If you're thinking in a business setting then your attacker
might even bribe your employees.. indeed, in some cases the cost of
attacking the encryption might be greater than the purchase price of the
company.
My point is that encryption is only a very small part of a much wider
system and if the rest of your system is weak.. then you're buggered.
Simon.
-- To bypass the mail filter type Jafi98 someone in the subject line.
- Next message: Mxsmanic: "Re: New software featuring GEM 1024 bit encryption engine."
- Previous message: Skybuck Flying: "Re: just an idea for packet protocol using ECB"
- In reply to: Peter Fairbrother: "Universal re-encryption"
- Next in thread: Anton Stiglic: "Re: Universal re-encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
