Double Encryption Q

Martin James Cochran Martin.Cochran at Colorado.EDU
Fri Apr 18 19:09:27 EDT 2008


If your original mode of operation is secure, then this should be  
secure.

The reduction:

Consider algorithm A that tries to break the double encryption mode of  
operation (DM) in the IND-CPA setting.  We can construct an algorithm  
B that tries to break the original mode of operation (OM) in the IND- 
CPA setting.  B simply runs A and responds to A's queries by querying  
B's oracle twice to simulate A's oracle, and returning the result.  B  
returns the output of A.

If A breaks the encryption, so does B.  So if the original mode is IND- 
CPA secure, this double encryption should be okay.

Note that the examples given, OCB and CTR with repeated counters, are  
not IND-CPA secure.

Martin Cochran

On Apr 11, 2008, at 8:30 AM, COMINT wrote:
> Quick system scenario:
>
> You have packet [A].
>
> It gets encrypted using an AES algo in a particular mode and we are
> left with [zA].
>
> More data [B] is added to that encrypted packet.
>
> Now I have [zA]+[B] in one packet and I re-encrypt it with the same
> algo/key/mode.
>
> Have I just compromised the security somehow? I wasn't aware of
> anything but something about this double encryption made something
> ring in my mind so I wanted to double check...
>
> Many thanks,
>
> Mr Pink
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list