This preview shows page 1. Sign up to view the full content.
Unformatted text preview: ty of success of 1 in 22m – 2n, where m is the block size) that he has both K1 and K2. If not, he keeps looking. The maximum number of encryption trials he will probably have to run is 2*2n, or 2n + 1. If the probability of error is too large, he can use a third ciphertext block to get a probability of success of 1 in 23m – 2n. There are still other optimizations [912]. This attack requires a lot of memory: 2n blocks. For a 56bit algorithm, this translates to 256 64bit blocks, or 1017 bytes. This is still considerably more memory storage than one could comfortably comprehend, but it’s enough to convince the most paranoid of cryptographers that double encryption is not worth anything. For a 128bit key, the amount of memory required is an enormous 1039 bytes. If we assume that a way exists to store a bit of information on a single atom of aluminum, the memory device required to launch this attack would be a cube of solid aluminum over a kilometer on a side. And then you need some place to put it! The meetinthe middle attack seems infeasible for keys this size. Another doubleencryption method, sometimes called DaviesPrice, is a variant of CBC [435]. Ci = EK1(Pi • EK2(Ci  1)) Pi = DK1(Ci) • EK2(Ci  1) They claim “no special virtue of this mode,” but it seems to be vulnerable to the same meetinthemiddle attacks as other doubleencryption modes. 15.2 Triple Encryption Triple Encryption with Two Keys
A better idea, proposed by Tuchman in [1551], operates on a block three times with two keys: with the first key, then with the second key, and finally with the first key again. He suggested that the sender first encrypt with the first key, then decrypt with the second key, and finally encrypt with the first key. The receiver decrypts with the first key, then encrypts with the second key, and finally decrypts with the first key. C = EK1(DK2(EK1(P))) P = DK1(EK2(DK1(C))) Previous Table of Contents Next Products  Contact Us  About Us  Privacy  Ad Info  Home Use of this site is subject to certain Terms & Conditions, Copyright © 19962000 EarthWeb Inc. All...
View
Full
Document
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details