Super-Encryption

Mon Dec 15 03:07:38 EST 2003

Matt, may I suggest you state your goal, not just `super-encryption`? The 
term is often used for cascading of two encryptions, usually using two 
different cryptosystems. Under many attack models (not all e.g. not under 
CCA2),  this ensures tolerance of weaknesses of one of the two 
cryptosystems, i.e. the cascaded encryption is secure (under many 
definitions) if (at least) one of the two cascaded encryption schemes is 
secure.

But I don't think your use satisfies this as the sender signs rather than 
encrypts the first symmetric key; notice you use the wrong & misleading 
term `encrypt with the sender's secret key` to mean signing, which may be 
the root of this mistake.

Your solution is therefore essentially a combination of signature and 
encryption; this is not as simple as it seems and indeed I happened to work 
on this recently with a student, Yitchak Gertner, in his MSc thesis which 
he completed these days. I can provide details (or paper/thesis) but first 
I wonder if this is what you wanted to achieve at all.

Best,

Amir Herzberg
Computer Science Dept, Bar Ilan University
Lectures: http://www.cs.biu.ac.il/~herzbea/book.html

At 16:42 12/12/2003,  wrote:
>Hi,
>
>I've been experimenting with ways to use XML-ENC to compact the wire format
>and provide a high degree of security.  The following is a notational example
>of the the current 'thought' of the methodology.  I would like to ask for
>input as to potential security holes to this method.
>
>Thx,
>
>-Matt Long
>Phalanx Systems, LLC
>
>Summary:
>The concept is to super-encrypt a message.  The method would:
>(1) Encrypt message with symmetric key algorithm, i.e., cipher1
>(2) RSA_Encrypt (SHA1(message) + symmetric key) with sender's RSA private key
>(3) Encrypt cipher1 with symmetric key algorithm, i.e., cipher2
>(4) RSA_Encrypt (symmetric key2) with receiver's RSA public key
>(5) Send super-encrypted message
>(6) RSA_Decrypt (symmetric key2) with receiver's RSA private key
>(7) Decrypt(cipher2)
>(8) RSA_Decrypt (symmetric key1), parse out digest, i.e., SHA1(message)
>(9) Decrypt(cipher1)
>(10) compare digest with SHA1(Decrypt(cipher1))
>
>
>Sender's Algorithm
>
>SymmetricKey1 = 3DES_IV1, 3DES_Key1
>Cipher1 = 3DES_Encrypt(message)
>Digest = SHA1(message)
>RSA_Key1 = RSA_Private_Encrypt(Digest || 3DES_Key1)
>
>SymmetricKey2 = 3DES_IV2, 3DES_Key2
>Cipher2 = 3DES_Encrypt(Cipher1)
>RSA_Key2 = RSA_Public_Encrypt(3DES_Key2)
>
>
>Receiver's Algorithm
>
>3DES_Key2 = RSA_Private_Decrypt(RSA_Key2)
>Cipher1 = 3DES_Decrypt(Cipher2)
>
>Digest || 3DES_Key1 = RSA_Public_Decrypt(RSA_Key1)
>message = 3DES_Decrypt(Cipher1)
>
>Compare Digest with SHA1(message)
>
>---------------------------------------------------------------------
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com