Super-Encryption
Amir Herzberg
amir at herzberg.name
Mon Dec 15 03:07:38 EST 2003
Matt, may I suggest you state your goal, not just `super-encryption`? The
term is often used for cascading of two encryptions, usually using two
different cryptosystems. Under many attack models (not all e.g. not under
CCA2), this ensures tolerance of weaknesses of one of the two
cryptosystems, i.e. the cascaded encryption is secure (under many
definitions) if (at least) one of the two cascaded encryption schemes is
secure.
But I don't think your use satisfies this as the sender signs rather than
encrypts the first symmetric key; notice you use the wrong & misleading
term `encrypt with the sender's secret key` to mean signing, which may be
the root of this mistake.
Your solution is therefore essentially a combination of signature and
encryption; this is not as simple as it seems and indeed I happened to work
on this recently with a student, Yitchak Gertner, in his MSc thesis which
he completed these days. I can provide details (or paper/thesis) but first
I wonder if this is what you wanted to achieve at all.
Best,
Amir Herzberg
Computer Science Dept, Bar Ilan University
Lectures: http://www.cs.biu.ac.il/~herzbea/book.html
At 16:42 12/12/2003, wrote:
>Hi,
>
>I've been experimenting with ways to use XML-ENC to compact the wire format
>and provide a high degree of security. The following is a notational example
>of the the current 'thought' of the methodology. I would like to ask for
>input as to potential security holes to this method.
>
>Thx,
>
>-Matt Long
>Phalanx Systems, LLC
>
>Summary:
>The concept is to super-encrypt a message. The method would:
>(1) Encrypt message with symmetric key algorithm, i.e., cipher1
>(2) RSA_Encrypt (SHA1(message) + symmetric key) with sender's RSA private key
>(3) Encrypt cipher1 with symmetric key algorithm, i.e., cipher2
>(4) RSA_Encrypt (symmetric key2) with receiver's RSA public key
>(5) Send super-encrypted message
>(6) RSA_Decrypt (symmetric key2) with receiver's RSA private key
>(7) Decrypt(cipher2)
>(8) RSA_Decrypt (symmetric key1), parse out digest, i.e., SHA1(message)
>(9) Decrypt(cipher1)
>(10) compare digest with SHA1(Decrypt(cipher1))
>
>
>Sender's Algorithm
>
>SymmetricKey1 = 3DES_IV1, 3DES_Key1
>Cipher1 = 3DES_Encrypt(message)
>Digest = SHA1(message)
>RSA_Key1 = RSA_Private_Encrypt(Digest || 3DES_Key1)
>
>SymmetricKey2 = 3DES_IV2, 3DES_Key2
>Cipher2 = 3DES_Encrypt(Cipher1)
>RSA_Key2 = RSA_Public_Encrypt(3DES_Key2)
>
>
>Receiver's Algorithm
>
>3DES_Key2 = RSA_Private_Decrypt(RSA_Key2)
>Cipher1 = 3DES_Decrypt(Cipher2)
>
>Digest || 3DES_Key1 = RSA_Public_Decrypt(RSA_Key1)
>message = 3DES_Decrypt(Cipher1)
>
>Compare Digest with SHA1(message)
>
>---------------------------------------------------------------------
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list