Re: 3DES and super-encryption

From: Mok-Kong Shen (mok-kong.shen_at_t-online.de)
Date: 02/29/04 

Date: Sun, 29 Feb 2004 11:59:22 +0100

Terry Ritter wrote:

> Mok-Kong Shen <mok-kong.shen@t-online.de> wrote:

>>Terry Ritter also strongly argues for multiple encryption. See
>>
>> http://www.ciphersbyritter.com/GLOSSARY.HTM
>
>
> I have extensive discussions on this, under topics:
>
> "Multiple Encryption"
> "Cascade Ciphering"
> "Algebra of Secrecy Systems"
>
> plus previous sci.crypt discussions (see the links in
> each topic), and of course
>
> "Proof".
>
> Naturally there is no "proof" that using multiple
> ciphers improves things (over using a single cipher)!!!
> Why should there be, when there is also no "proof" that
> using a *single* cipher improves things over using no
> cipher at all? In fact, using a broken cipher is far
> *worse* than no cipher, because then users will be
> mislead into not taking even ordinary precautions.
> And in real cryptography, users will not know when
> their cipher has been broken.
>
> Multiple encryption is part of the solution. Other
> parts include the practice of using many ciphers and
> changing those ciphers frequently. The purpose is not
> to gain keyspace but to prevent and terminate any break
> of the existing cipher. A broken cipher will not fix
> itself.

If one has n ciphers and uses m in a cascade, then there
could be quite a number of resulting variants (as the
ciphers are unlikely to commute) available. Particularly
the block ciphers could be designed to vary depending on
certain parameters (or even 'driven' by PRNG). I think
that frequently changing keys in order to protect against
certain analytical attacks that need substantial amounts
of materials is a very essential/effective measure, which,
because it is logically so trivial/evident, seems not to
have been stressed strongly enough to the users.
(Frequently changing keys shouldn't be a big problem in
general, I believe.)

M. K. Shen

Relevant Pages