Re: Multiple Encryption (was a lot of things)

Crypto_at_S.M.S
Date: 07/29/05 

Date: Fri, 29 Jul 2005 13:01:13 +1000

Terry Ritter wrote:
> John E. Hadstate wrote:
>
>>"Terry Ritter" <ritter@ciphersbyritter.com> wrote in message
>>news:1122586838.721535.247060@z14g2000cwz.googlegroups.com...
>>
>>>In Science, the issue is the Argument, not the
>>>Person; implying otherwise would seem to be a
>>>sad, serious and fundamental error in reasoning.
>>
>>We forget the big picture too often. Facts, reason, and
>>truth beat credentials every time. And credentials on
>>USENET can be worse than useless.
>>
>>
>>>In practice, the multiple encryption tradeoff
>>>seems fairly straightforward: the cost is just
>>>added effort; one of many advantages is to
>>>address the "single point of failure" inherent
>>>in using just one cipher. If we could guarantee
>>>the strength of our chosen cipher, we would just
>>>use it, but in practice no cipher has any such
>>>guarantee.
>>
>>It seems to me that multiple encryption only produces a
>>stronger cipher if it is done according to a set of rules.
>
>
> Stop right there!
>
> "Stronger cipher?" Where does that come from?
>
> Is that the "strength" beyond that of a
> broken cipher? Well, if we can assume that
> a cipher is broken, if we use only one cipher
> we have real problems. That would seem so
> obvious as to be non-controversial.
>
> The rest of the issue, also obvious, is that
> if one cipher in a stack is broken, does that
> mean the others are strong? No. There is
> no proof of strength. But if we have other
> ciphers in action, we have a possibility of
> success, where the alternative is complete
> failure.
>
> This is pretty much the way of things in
> redundancy: Sometimes the redundancy is
> broken too.
>

The two "Joes" seem to think that redundancy is
not worth the extra difficulty.

>
>
>>I'm not prepared to say what those rules are, but I can
>>demonstrate at least one example of multiple encryption that
>>is no stronger than single encryption by one of it's
>>components.
>
>
> Beyond trivialities like the identity
> transformation, it is possible to coordinate
> ciphers and expose plaintext. Any cipher
> does that: we call it "deciphering."
>
> In practice, the key word is: "coordinate."
>
> When ciphers are chosen by keying, or when keys
> differ, coordination is broken.
>

That's why CryptoSMS uses unrelated keys for each
of the three encryption passes.

>
>
>>The "don't do that" family of rules is not very
>>helpful when formulating guiding principles.
>
>
> I have had many years of detailed, hard
> discussion on this topic, as documented on
> my pages. Consequently, some things that seem
> obvious to me may not in fact be quite so
> obvious. But saying '"don't do that" is not
> helpful' is not helpful either.
>
>
>
>>>The main advantage of multiple encryption is
>>>*not* to "guarantee" strength. The advantage is
>>>to add the strength redundancy of other ciphers
>>>in the case that our "main" cipher is broken.
>>
>>This is common sense. Unfortunately, in areas like
>>mathematics and cryptography, I have seen common sense
>>trumped by facts of which I was not aware, and would not
>>have guessed, often enough that I am suspicious of common
>>sense that is unsupported by something that at least looks
>>like a proof.
>
>
> I was going to discuss this, but actually
> it *is* common sense. To the extent that it
> is possible, you yourself can make the
> "proof" you want. At some point you have
> to decide whether or not you have considered
> the relevant facts, and come to your own
> conclusion. I disclaim Authority, so there
> is no point in me giving anything for your
> simple belief. You have to come to it
> yourself.
>

It is indeed common sense. Everyone knows not
to trust all their eggs to a single basket.

>
>
>>>Since we will not know if that happens, the
>>>miserable alternative is for our information
>>>to continue to be exposed, essentially forever.
>>
>>There are other alternatives. The cipher algorithm could be
>>chosen or steered by some key dependency, for example.
>
>
> The issue is weakness in the algorithm, no
> matter what that may be. If you claim that
> a cipher which has "key dependency" (as all
> my ciphers do) cannot be weak, I suggest you
> re-think.
>

I suggest that the two "Joes" need to rethink lots of things.

>
>
>>>And while that may be fine for academics, it
>>>is not so great for real cipher users. It is
>>>also not great for an entire industry to not
>>>take suitable precautions against something
>>>it cannot prevent.
>>
>>That is simply the gratuitous casting of aspersions on
>>academia. It does not advance your argument. To quote one
>>well-regarded authority, "in Science, the issue is the
>>Argument, not the Person..."
>
>
> Some "academic oriented" posters seem to have
> banded together to support a false logic and
> false conclusions with respect to Multiple
> Encryption, despite extensive discussion and
> work in the literature. If others disagree they
> do not protest. That is not "aspersions," that
> is an interesting intellegence observation.
>
>

The two "Joes" have banded together, if indeed they
were ever distinct, to foist a supposed weakness in
CryptoSMS. And to that end they have continued to
post insults and forgeries.

>
>>>I have just updated the "multiple encryption"
>>>entry of my 1.3MB Crypto Glossary, for anyone
>>>who wants more of the argument, perhaps to
>>>compare against Peschel's "expertise":
>>
>>That is simply the gratuitous casting of aspersions on
>>Peschel.
>
>
> Clearly not: I really *have* updated my Glossary.
>
> But it was Peschel who claimed that I have no
> expertise here. Oh, really, how would he know?
> Does it not take expertise to know? Obviously
> he considers himself to be the authority he
> claims I am not. But since, in Science,
> Authority has no power, "the emperor has no
> clothes."
>
>

The two "Joes" like to claim everybody lacks
expertise except for themselves.

>
>>It does not advance your argument.
>
>
> Nonsense. Criticism unanswered is criticism
> agreed. I do not.
>

Precisely. And challenges unanswered are challenges failed,
fancy thought experiments notwithstanding.

>
>
>>To quote one
>>well-regarded authority, "in Science, the issue is the
>>Argument, not the Person..."
>
>
> My arguments rest on facts and reasoning,
> not the Authority recommended by Peschel.
> I have given the arguments in detail, but
> they will never enough to convince someone
> who does not want to be wrong.
>

Both "Joes" have stated very clearly that they feel
they have "won" this discussion, failing to realise
there is nothing to win and everything to learn.

>
>>>http://www.ciphersbyritter.com/GLOSSARY.HTM#MultipleEncryption
>>>