applied cryptography - protocols, algorithms, and source code in c

authors bruce schneier isbn 0471128457 publication

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ss not only the algorithm key, but also one of the whitening values. Since there is an XOR both before and after the block algorithm, this technique is not susceptible to a meet-in-the-middle attack. C = K3 • EK2(P • K1) P = K1 • DK2(C • K3) If K1 = K3, then a brute-force attack requires 2n + m/p operations, where n is the key size, m is the block size, and p is the number of known plaintexts. If K1 and K3 are different, then a brute-force attack requires 2n + m + 1 operations with three known plaintexts. Against differential and linear cryptanalysis, these measures only provide a few key bits of protection. But computationally this is a very cheap way to increase the security of a block algorithm. 15.7 Cascading Multiple Block Algorithms What about encrypting a message once with Algorithm A and key KA, then again with Algorithm B and key KB? Maybe Alice and Bob have different ideas about which algorithms are secure: Alice wants to use Algorithm A and Bob wants to use Algorithm B. This technique is sometimes called cascading, and can be extended far beyond only two algorithms and keys. Pessimists have said that there is no guarantee that the two algorithms will work together to increase security. There may be subtle interactions between the two algorithms that actually decrease security. Even triple encryption with three different algorithms may not be as secure as you think. Cryptography is a black art; if you don’t know what you are doing, you can easily get into trouble. Reality is much rosier. The previous warnings are true only if the different keys are related to each other. If all of the multiple keys are independent, then the resultant cascade is at least as difficult to break as the first algorithm in the cascade [1033]. If the second algorithm is vulnerable to a chosen-plaintext attack, then the first algorithm might facilitate that attack and make the second algorithm vulnerable to a known-plaintext attack when used in a cascade. This potential attack i...
View Full Document

Ask a homework question - tutors are online