applied cryptography - protocols, algorithms, and source code in c

# Ci ek3dk2ek1pi ci 1 pi ci 1 dk1ek2dk3ci previous

This preview shows page 1. Sign up to view the full content.

This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: t one, is not smart. For the same algorithm, it does not affect the complexity of a brute-force search. (Remember, you assume a cryptanalyst knows the algorithm including the number of encryptions used.) For different algorithms, it may or may not. If you are going to use any of the techniques in this chapter, make sure the multiple keys are different and independent. 15.1 Double Encryption A naìve way of improving the security of a block algorithm is to encrypt a block twice with two different keys. First encrypt a block with the first key, then encrypt the resulting ciphertext with the second key. Decryption is the reverse process. C = EK2(EK1(P)) P = DK1(DK2(C)) If the block algorithm is a group (see Section 11.3), then there is always a K3 such that C = EK2(EK1(P)) = EK3(P) If this is not the case, the resultant doubly-encrypted ciphertext block should be much harder to break using an exhaustive search. Instead of 2n attempts (where n is the bit length of the key), it would require 22n attempts. If the algorithm is a 64-bit algorithm, the doubly-encrypted ciphertext would require 2128 attempts to find the key. This turns out not to be true for a known-plaintext attack. Merkle and Hellman [1075] developed a time-memory trade-off that could break this double-encryption scheme in 2n + 1 encryptions, not in 22n encryptions. (They showed this for DES, but the result can be generalized to any block algorithm.) The attack is called a meet-in-the-middle attack; it works by encrypting from one end, decrypting from the other, and matching the results in the middle. In this attack, the cryptanalyst knows P1, C1, P2, and C2, such that C1 = EK2(EK1(P1)) C2 = EK2(EK1(P2)) For each possible K, he computes EK(P1) and stores the result in memory. After collecting them all, he computes DK(C1) for each K and looks for the same result in memory. If he finds it, it is possible that the current key is K2 and the key in memory is K1. He tries encrypting P2 with K1 and K2; if he gets C2 he can be pretty sure (with a probabili...
View Full Document

{[ snackBarMessage ]}

### What students are saying

• As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

Kiran Temple University Fox School of Business ‘17, Course Hero Intern

• I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

Dana University of Pennsylvania ‘17, Course Hero Intern

• The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

Jill Tulane University ‘16, Course Hero Intern