<HTML><HEAD></HEAD>
<BODY dir=ltr>
<DIV dir=ltr>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR: #000000">
<DIV>
<DIV
style='FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; DISPLAY: inline'><B>From:</B>
<A title=ryacko@gmail.com href="mailto:ryacko@gmail.com">Ryan Carboni</A> </DIV>
<DIV style="FONT: 10pt tahoma">
<DIV style="BACKGROUND: #f5f5f5">
<DIV><B>Subject:</B> [Cryptography] Is there a point to key
schedules?</DIV></DIV></DIV>
<DIV> </DIV></DIV>
<DIV
style='FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; DISPLAY: inline'>
<DIV dir=ltr>> Is there a point to key schedules? </DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>Absolutely yes.</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>> Let's look at the origin of entropy for an HTTPS session.
First hardware entropy is collected. </DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>Very, very slowly, and incompletely, and every refresh of hardware
actually works to eliminate sources of entropy as much as possible. Turing type
machines are a nightmare to get entropy from.</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>> It is usually then hashed. </DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>This is as much as anything to try and distill down to just the
entropy, working on concentrating the extremely slow entropy collection so as
not to store all the non-entropy.</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>> That is then used to seed a PRNG, often a block cipher,
sometimes RC4 (although ChaCha is being adopted). Due to biases in RC4 and other
biases in all block ciphers, if a 256-bit key is generated, </DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>> it is at best 255.999... bits secure. </DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>I separated out the part where you answered your own question. It
is at best secure, everything around it is to attempt to help make it
secure.</DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>
<DIV>> Now lets go see how many bits a 128-bit block cipher takes... say a
hypothetical one with thirty-two rounds. </DIV>
<DIV>32*128= 4096 bits. 4096 bit asymmetric ciphers have 128-bit security and
could transmit 4096 bits. so everything is mathematically comparable.</DIV>
<DIV> </DIV>
<DIV>You’re assuming an inherent compatibility where none exists. </DIV>
<DIV> </DIV>
<DIV>First, 4096 bit asymmetric ciphers do not offer 128 bits of security.
Depending on the exact numbers you want to believe, as there is significant
debate, the value ranges from 108-142 bits and is often banned from standards on
principal. </DIV>
<DIV> </DIV>
<DIV>Second, the security of the various bits is not equal, both RSA and DH have
very weak low order bits. </DIV>
<DIV> </DIV>
<DIV>Third, as mentioned before, in increasing numbers of environments RSA and
DH are not acceptable. </DIV>
<DIV> </DIV>
<DIV>Fourth, when using ECC 4096 bit keys offer approximately 2048 bit security.
Far exceeding any requirement today.</DIV>
<DIV> </DIV>
<DIV>Fifth, at 4096 bits RSA and DH are slower and more costly than similar
security with ECC.</DIV>
<DIV> </DIV>
<DIV>Sixth, these numbers keep moving around, there was a time where 500 bit RSA
was effectively as secure as 128-bit ciphers. It is my view that attacks on
factoring are extremely likely to advance far faster than counting.</DIV>
<DIV> </DIV>
<DIV>So that is a brief initial list of the problems with the argument.</DIV>
<DIV> </DIV>
<DIV>Now as to why key schedules are necessary.</DIV>
<DIV> </DIV>
<DIV>First, entropy is hard to find. Having a reliable, smooth method of
spreading the entropy around the keys for a cipher is extremely important.</DIV>
<DIV> </DIV>
<DIV>Second, maintaining compatibility across key transfer methods. </DIV>
<DIV> </DIV>
<DIV>Third, addressing weaknesses in the cipher itself. A tiny key schedule
change can remove weak keys in a cipher that would not be possible
otherwise.</DIV>
<DIV> </DIV>
<DIV>Fourth, I’m actually tired of writing this email so I’m going to
stop.</DIV>
<DIV>
Joe</DIV></DIV></DIV></DIV></DIV></BODY></HTML>