REPOST: Re: Cascading/Layering Group Ciphers
From: David Wagner (daw_at_taverner.cs.berkeley.edu)
Date: Wed, 2 Nov 2005 04:17:28 +0000 (UTC)
>I understand that (if) AES is a group cipher and I encrypt a message
>with AES using one key and then encrypt that ciphertext again with AES
>using another key, then I may not have increased security. I understand
>this is because there can exist another key an attacker can use that is
>equivolent to both of my keys combined, and there is even an extremely
>small chance that the second key I used may have actually decrypted my
Your understanding is wrong. This isn't an issue. AES isn't a group
cipher, as far as is known. I wouldn't bother worrying about the "group
As for how cascading affects security, this depends intimately on the
details. You'd have to specify what you mean by "encrypt a message
with AES". Do you mean take a 128-bit value and feed it through the
raw AES block cipher? Do you mean to take some long message and encrypt
it with AES-CBC, possibly with some sort of padding and some method of
selecting the IV? Something else? The answers will vary tremendously.
We'd need a precise unambiguous bit-level specification of what mode
of operation you had in mind before we could form any definite judgement.
Look up Maurer's "The importance of being first" for more on cascade
ciphers. This question has been discussed several times on this group;
Google for it.
========= WAS CANCELLED BY =======:
Subject: Re: Cascading/Layering Group Ciphers
From: firstname.lastname@example.org (David Wagner)
Date: Thu, 2 Nov 2005 21:37:23 GMT
Control: cancel <email@example.com>
X-Report: Please report illegal or inappropriate use to <firstname.lastname@example.org>. Forward a copy of ALL headers INCLUDING the body. (DO NOT SEND ATTACHMENTS)
X-Comments2: IMPORTANT: Newsfeeds.com does not condone,support,nor tolerate spam or any illegal or copyrighted postings.
X-Comments: This message was posted through Newsfeeds.com