Re: Should be in crypto for John E. Hadstate Re: just stupid?

From: Joe Peschel (jpeschel_at_no.spam.org)
Date: 07/19/05 

Date: Tue, 19 Jul 2005 07:15:29 -0000

Crypto@S.M.S wrote in news:11dp7ser0blmce7@news.supernews.com:

> Joe Peschel wrote:
>
>> Crypto@S.M.S wrote in news:11doov7s93ffqd8@news.supernews.com:
>>
>>
>>>Joe Peschel wrote:
>>>
>>>
>>>>You certainly but a lot of faith in Ritter. Even he describes
>>>>himself an engineer, not a cryptologist.
>>>>
>>>
>>>
>>>Exactly. An engineer. And any engineer will tell you that
>>>a single point of failure is a bad idea. Hence, multiple ciphers.
>>>You simply can not escape the fact that it's a bad idea to place
>>>all your eggs in one basket.
>>
>>
>> Any engineer? Hadstate doesn't seem to agree with you.
>>
>> It's better to heed the cryptanalytic advice of real cryptologists
>> like Schneier or Ashwood, not well meaning fellows who call
>> themselves cryptographic engineers. Did you notice that most of
>> Ritter's "papers" are self-published and not found in peer reviewed
>> journals? Do you wonder why?
>>
>
> Ritter is not the only one to publish on the added security of
> multiple encryption. Here are a few more examples:
>
> http://eprint.iacr.org/2003/181.pdf

"Abstract. In a practical system, a message is often encrypted more than
once by different encryptions, here called multiple encryption, to enhance
its security.Additionally, new features may be achieved by multiple
encrypting a message for a scheme, such as the key-insulated cryptosystems
\cite{DKXY02} and anonymous channels \cite{Cha81}. Intuitively, a multiple
encryption should remain ``secure'', whenever there is one component cipher
unbreakable in it. In NESSIE's latest Portfolio of recommended
cryptographic primitives (Feb. 2003), it is suggested to use multiple
encryption with component ciphers based on different assumptions to acquire
long term security. However, in this paper we show this needs careful
discussion. Especially, this may \emph{not} be true according
to (adaptive) chosen ciphertext attack ({\sf CCA}), even with all component
ciphers {\sf CCA} secure."

> http://theory.lcs.mit.edu/~yevgen/ps/2enc.ps

Abstract. Encryption of data using multiple, independent encryption
schemes (``multiple encryption'') has been suggested in a variety of con­
texts, and can be used, for example, to protect against partial key ex­
posure or cryptanalysis, or to enforce threshold access to data. Most
prior work on this subject has focused on the security of multiple en­
cryption against chosen­plaintext attacks, and has shown constructions
secure in this sense based on the chosen­plaintext security of the com­
ponent schemes. Subsequent work has sometimes assumed that these
solutions are also secure against chosen­ciphertext attacks when compo­
nent schemes with stronger security properties are used. Unfortunately,
this intuition is false for all existing multiple encryption schemes.

> http://portal.acm.org/citation.cfm?id=358699.358718
> http://www.scs.cs.nyu.edu/crypto/fazio_abstract_11_05_04.html

>
> Care to throw stones at all these people too?

Throw stones? What are you talking about? Some think that multiple
encryption provides more security. Others do not. And, as I've said
before, no one thinks that cascading weak ciphers or hashes is useful.

> Even the US government's "Draft Software Key Escrow Encryption Export
> Criteria" had restrictions against multiple encryption. See part 8:
>
> http://www.epic.org/crypto/key_escrow/criteria.html

Strange that NIST didn't consider cascading the 5 final AES finalists...

>
> Why would the US government try to control something that only
> weakens already strong algorithms?

I've never said that cascading algorithms only weakens the cipher. I have
said that such a layering could weaken the cipher. And the resultant
cipher ought to be studied.

>
>>
>>>>>>>Which begins with a quote from Shannon
>>>>>>>
>>>>>>> I have long proposed using a multiciphering "stack" of ciphers,
>>>>>>> instead of just one which could be weak beyond our knowledge. I
>>>>>>> have long proposed using multiple ciphers instead of just one,
>>>>>>> to end any "break" which might exist.
>>>>>>>
>>>>>>
>>>>>>
>>>>>>That's not a quote from Shannon. It's quote from Ritter.
>>>>>>
>>>>>
>>>>>Are you sure? Have you looked closely at pages 656-715 of the 1949
>>>>>Bell System Technical Journal?
>>>>>
>>>>
>>>>Yes, I'm sure. I've looked at the paper. You obviously have not.
>>>>
>>>>J
>>>>
>>>
>>>Yes I have. It's you who obviously has not.
>>>
>>
>>
>> Okay, fella. You're bluffing, as usual. I have the paper. Tell me
>> what page this is on:
>>
>> I have long proposed using a multiciphering "stack" of
>> ciphers,
>> instead of just one which could be weak beyond our knowledge.
>> I
>> have long proposed using multiple ciphers instead of just
>> one,
>> to end any "break" which might exist.
>>
>
> Calling your bluff, more like.
>
> Everybody has the paper. It's not just you who's seen it:
>
> http://www.prism.net/user/dcowley/docs.html
>
> With the section on "The Algebra of Secrecy Systems" here:
>
> http://www.prism.net/user/dcowley/shannon/shannon08.jpg
>

Try the .pdf file; it's easier to read and search.

And, as everyone can see, Shannon never says:

            I have long proposed using a multiciphering "stack" of
            ciphers, instead of just one which could be weak beyond our
        knowledge.I have long proposed using multiple ciphers
            instead of just one, to end any "break" which might exist.

That's Ritter.

J 

-- 
__________________________________________
http://www.impeach-bush-now.org
Joe Peschel 
D.O.E. SysWorks                                 
http://members.aol.com/jpeschel/index.htm
__________________________________________

Relevant Pages

  • Re: Should be in crypto for John E. Hadstate Re: just stupid?
    ... > once by different encryptions, here called multiple encryption, to enhance ... > encryption should remain ``secure'', whenever there is one component cipher ... > long term security. ... > I've never said that cascading algorithms only weakens the cipher. ...
    (sci.crypt)
  • Re: My Ciphers Completed Entirely Here in Sci Crypt - Collected Results.
    ... Examples from Singh and the 'code book' start from the very first page with the cipher from Mary Queen of Scots. ... And he had messages being generated to report being shelled, nothing to report, if a unit was gassed and on. ... Notice that from WW1 onwards the enemy had *COMPLETE* knowledge of the encryption method detailed enough that they could make there own compatible systems - read about the WW2 British Typex machine which had the ability to load an electrically equivalent rotors of the enimga and it was actually used to decrypt German messages. ... Since about half the ASCII letters are non-printing a message longer than 30 letters is very unlikely to have a valid decryption with a wrong key. ...
    (sci.crypt)
  • Re: An Honest and Simple Question.
    ... encryption is for the printable subset of ASCII only. ...  Somehow the user, or email client program, has to figure out ... obsessively single-minded about) and even more so the RSA cipher. ... It matters not that the mathematics is asymmetric or symmetric - its ...
    (sci.crypt)
  • Re: An Honest and Simple Question.
    ... of a theoretically unbreakable mathematical algorithm, ... encryption is for the printable subset of ASCII only. ...  Somehow the user, or email client program, has to figure out ... obsessively single-minded about) and even more so the RSA cipher. ...
    (sci.crypt)
  • Re: An Honest and Simple Question.
    ... of a theoretically unbreakable mathematical algorithm, ... encryption is for the printable subset of ASCII only. ... Somehow the user, or email client program, has to figure out ... obsessively single-minded about) and even more so the RSA cipher. ...
    (sci.crypt)