Re: cipher combinations
- From: Peter Fairbrother <zenadsl6186@xxxxxxxxx>
- Date: Sun, 24 Feb 2008 23:25:00 +0000
Paul Rubin wrote:
invalid@xxxxxxxxxxx writes:It has been proven that naively cascading ciphers does not necessarily yield a secure combination.
If the above were true, I could attack any strong sipher by adding/cascading my own compromized cipher at the end.
You're confusing "does not necessarily yield" with "never yields".
Consider the notorious one-time pad: ciphertext = plaintext xor K.
What happens if you double encrypt?
It's as secure as a single encryption, assuming the keys are independently chosen at random.
Ueli Maurer, who wrote the paper [1] I *think* you are referring to - though I don't really understand your post - says "The distinction between cascade ciphers and product ciphers 6 is that, in the latter, the keys of the component ciphers need not be statistically independent, whereas they are in the former."
For the record, Ueli's example in the paper doesn't work (at all!), and afaict Even and Goldreich's result [2] stands (ie a cipher cascade is at least as strong as the strongest cipher, independent of order).
-- Peter Fairbrother
[1] Cascade Ciphers: The Importance of Being First, Journal of Cryptology Volume 6, Number 1 / March, 1993
[2] S. Even and O. Goldreich, On the power of cascade ciphers, ACM Transactions on Computer. Systems, Vol. 3, Issue 2 Pages: 108 - 116
.
- References:
- cipher combinations
- From: George Orwell
- Re: cipher combinations
- From: Zom-B
- Re: cipher combinations
- From: invalid
- Re: cipher combinations
- From: Paul Rubin
- cipher combinations
- Prev by Date: Re: a nonlinear 4-bit permutation
- Next by Date: free tattoo designs
- Previous by thread: Re: cipher combinations
- Next by thread: Re: JSH: Finding k
- Index(es):
Relevant Pages
|
|
