REPOST: Re: Cascading/Layering Group Ciphers

From: David Wagner (daw_at_taverner.cs.berkeley.edu)
Date: 11/02/05 

Date: Wed, 2 Nov 2005 04:17:28 +0000 (UTC)

EricPuryear wrote:
>I understand that (if) AES is a group cipher and I encrypt a message
>with AES using one key and then encrypt that ciphertext again with AES
>using another key, then I may not have increased security. I understand
>this is because there can exist another key an attacker can use that is
>equivolent to both of my keys combined, and there is even an extremely
>small chance that the second key I used may have actually decrypted my
>data!

Your understanding is wrong. This isn't an issue. AES isn't a group
cipher, as far as is known. I wouldn't bother worrying about the "group
cipher" thing.

As for how cascading affects security, this depends intimately on the
details. You'd have to specify what you mean by "encrypt a message
with AES". Do you mean take a 128-bit value and feed it through the
raw AES block cipher? Do you mean to take some long message and encrypt
it with AES-CBC, possibly with some sort of padding and some method of
selecting the IV? Something else? The answers will vary tremendously.
We'd need a precise unambiguous bit-level specification of what mode
of operation you had in mind before we could form any definite judgement.

Look up Maurer's "The importance of being first" for more on cascade
ciphers. This question has been discussed several times on this group;
Google for it.

========= WAS CANCELLED BY =======:
Subject: Re: Cascading/Layering Group Ciphers
From: daw@taverner.cs.berkeley.edu (David Wagner)
Date: Thu, 2 Nov 2005 21:37:23 GMT
Message-ID: <bu5bul%0510$4@agate.berkeley.edu>
Bytes: 542
Lines: 13
Path: ...news-out.cwix.com!newsfeed.cwix.com!news-out.superfeed.net!spool6-east.superfeed.net!spool6-east.superfeed.net!not-for-mail
Newsgroups: sci.crypt
Control: cancel <dk9eko$1069$1@agate.berkeley.edu>
X-Report: Please report illegal or inappropriate use to <abuse@newsfeeds.com>. Forward a copy of ALL headers INCLUDING the body. (DO NOT SEND ATTACHMENTS)
X-Comments2: IMPORTANT: Newsfeeds.com does not condone,support,nor tolerate spam or any illegal or copyrighted postings.
X-Comments: This message was posted through Newsfeeds.com

Relevant Pages

  • Re: Encrypting a voice stream when its silent ?
    ... Supposing AES in CTR mode, you will use let's say a 80-bit nonce and a 48-bit counter, concatenated. ... {This looks a bit like a block cipher, but the AES output bits could be xored as a stream, and bit one of the plaintext does not influence any bits of the ciphertext other than bit 1 of it, so it's called a stream cipher.} ... You need to include the counter value used for the first block in that packet in order to a) order the UDP packets and b) decrypt. ... To decrypt you take the value, encrypt it with AES with the secret key, and xor the result with the ciphertext. ...
    (sci.crypt)
  • REPOST: Re: Cascading/Layering Group Ciphers
    ... >with AES using one key and then encrypt that ciphertext again with AES ... cipher, ... Subject: Cascading/Layering Group Ciphers ...
    (sci.crypt)
  • Re: Only people who originally frequent sci.crypt reply to this
    ... The mode of a cipher is one of the many, ... you need to get right in order to turn a secure algorithm into a secure ... there are no known attacks against AES. ... attack of any kind against a cipher, ...
    (sci.crypt)
  • Re: Is a cryptographic monoculture hurting us all?
    ... AES may well remain secure for a while but it could be broken in the ... Or worse you get protocol attacks like the GSM. ... centeralisation means that the cipher has gotta be damn tough to break. ... safe that are roughly equal in strength. ...
    (sci.crypt)
  • Quadruple Algorithms
    ... occurring" (a fatal flaw being found in AES, ... the most likely attack on your entire system, ... Threat one: Your implementation of AES has an undiscovered ... with the output of one cipher feeding ...
    (sci.crypt)