This preview shows page 1. Sign up to view the full content.
Unformatted text preview: riple-encryption modes: Inner-CBC: Encrypt the entire file in CBC mode three different times (see Figure 15.1a). This requires three different IVs. Ci = EK3(Si • Ci - 1); Si = DK2(Ti • Si - 1); Ti = EK1(Pi • Ti - 1) Pi = Ti - 1 • DK1(Ti); Ti = Si - 1 • EK2(Si); Si = Ci - 1 • DK3(Ci) C0, S0, and T0 are IVs. Outer-CBC: Triple-encrypt the entire file in CBC mode (see Figure 15.1b). This requires one IV. Ci = EK3(DK2(EK1(Pi • Ci - 1))) Pi = Ci - 1 • DK1(EK2(DK3(Ci))) Previous Table of Contents Next Products | Contact Us | About Us | Privacy | Ad Info | Home Use of this site is subject to certain Terms & Conditions, Copyright © 1996-2000 EarthWeb Inc. All rights reserved. Reproduction whole or in part in any form or medium without express written permission of EarthWeb is prohibited. Read EarthWeb's privacy statement. To access the contents, click the chapter and section titles. Applied Cryptography, Second Edition: Protocols, Algorthms, and Source Code in C (cloth)
Brief Full Advanced Search Search Tips (Publisher: John Wiley & Sons, Inc.) Author(s): Bruce Schneier ISBN: 0471128457 Publication Date: 01/01/96 Search this book:
Go! Previous Table of Contents Next
----------- Both modes require more resources than single encryption: more hardware or more time. However, given three encryption chips, the throughput of inner-CBC is no slower than single encryption. Since the three CBC encryptions are independent, three chips can be kept busy all the time, each feeding back into itself. On the other hand, outer-CBC feedback is outside the three encryptions. This means that even with three chips, the throughput is only one-third that of single encryption. To get the same throughput with outer-CBC, you need to interleave IVs (see Section 9.12): Figure 15.1 Triple encryption in CBC mode. Ci = EK3(DK2(EK1(Pi • Ci-3))) In this case C0, C-1, and C-2 are IVs. This doesn’t help software implementations any, unless you have a parallel machine. Unfortunately, the simpler mode is also the least secure. Biham analyzed various modes with respe...
View Full Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
- Fall '10