applied cryptography - protocols, algorithms, and source code in c

The differential attacks require enormous amounts of

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ty of success of 1 in 22m – 2n, where m is the block size) that he has both K1 and K2. If not, he keeps looking. The maximum number of encryption trials he will probably have to run is 2*2n, or 2n + 1. If the probability of error is too large, he can use a third ciphertext block to get a probability of success of 1 in 23m – 2n. There are still other optimizations [912]. This attack requires a lot of memory: 2n blocks. For a 56-bit algorithm, this translates to 256 64-bit blocks, or 1017 bytes. This is still considerably more memory storage than one could comfortably comprehend, but it’s enough to convince the most paranoid of cryptographers that double encryption is not worth anything. For a 128-bit key, the amount of memory required is an enormous 1039 bytes. If we assume that a way exists to store a bit of information on a single atom of aluminum, the memory device required to launch this attack would be a cube of solid aluminum over a kilometer on a side. And then you need some place to put it! The meet-in-the middle attack seems infeasible for keys this size. Another double-encryption method, sometimes called Davies-Price, is a variant of CBC [435]. Ci = EK1(Pi • EK2(Ci - 1)) Pi = DK1(Ci) • EK2(Ci - 1) They claim “no special virtue of this mode,” but it seems to be vulnerable to the same meet-in-the-middle attacks as other double-encryption modes. 15.2 Triple Encryption Triple Encryption with Two Keys A better idea, proposed by Tuchman in [1551], operates on a block three times with two keys: with the first key, then with the second key, and finally with the first key again. He suggested that the sender first encrypt with the first key, then decrypt with the second key, and finally encrypt with the first key. The receiver decrypts with the first key, then encrypts with the second key, and finally decrypts with the first key. C = EK1(DK2(EK1(P))) P = DK1(EK2(DK1(C))) Previous Table of Contents Next Products | Contact Us | About Us | Privacy | Ad Info | Home Use of this site is subject to certain Terms & Conditions, Copyright © 1996-2000 EarthWeb Inc. All...
View Full Document

Ask a homework question - tutors are online