This preview shows page 1. Sign up to view the full content.
Unformatted text preview: ss not only the algorithm key, but also one of the whitening values. Since there is an XOR both before and after the block algorithm, this technique is not susceptible to a meetinthemiddle attack. C = K3 • EK2(P • K1) P = K1 • DK2(C • K3) If K1 = K3, then a bruteforce attack requires 2n + m/p operations, where n is the key size, m is the block size, and p is the number of known plaintexts. If K1 and K3 are different, then a bruteforce attack requires 2n + m + 1 operations with three known plaintexts. Against differential and linear cryptanalysis, these measures only provide a few key bits of protection. But computationally this is a very cheap way to increase the security of a block algorithm. 15.7 Cascading Multiple Block Algorithms
What about encrypting a message once with Algorithm A and key KA, then again with Algorithm B and key KB? Maybe Alice and Bob have different ideas about which algorithms are secure: Alice wants to use Algorithm A and Bob wants to use Algorithm B. This technique is sometimes called cascading, and can be extended far beyond only two algorithms and keys. Pessimists have said that there is no guarantee that the two algorithms will work together to increase security. There may be subtle interactions between the two algorithms that actually decrease security. Even triple encryption with three different algorithms may not be as secure as you think. Cryptography is a black art; if you don’t know what you are doing, you can easily get into trouble. Reality is much rosier. The previous warnings are true only if the different keys are related to each other. If all of the multiple keys are independent, then the resultant cascade is at least as difficult to break as the first algorithm in the cascade [1033]. If the second algorithm is vulnerable to a chosenplaintext attack, then the first algorithm might facilitate that attack and make the second algorithm vulnerable to a knownplaintext attack when used in a cascade. This potential attack i...
View
Full
Document
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details