[Cryptography] End-to-End, One-to-Many, Encryption Question
Jonathan Katz
jkatz at cs.umd.edu
Fri Jun 13 16:18:19 EDT 2014
On Thu, Jun 12, 2014 at 6:50 AM, Ben Laurie <ben at links.org> wrote:
> On 12 June 2014 07:35, Bill Frantz <frantz at pwpconsult.com> wrote:
> > On 6/11/14 at 5:49 PM, kentborg at borg.org (Kent Borg) wrote:
> >
> >> Is there a way to encrypt once with key A, super-encrypt with key B1
> (not
> >> knowing any other keys), and finally decrypt with key C1 (not knowing
> any
> >> other keys)? Or, super-encrypt with key B2, then decrypt with key C2?
> >
> >
> > This problem is similar to the problem which would occur if an encryption
> > algorithm was a group. If the algorithm is a group, then there is a key C
> > which can decrypt a message which is encrypt(B, encrypt(A, text)). DES
> was
> > proven to not be a group, making triple-DES a viable way to get the
> security
> > of a longer encryption key.
>
> All symmetric crypto algorithms need to have keys that are not a
> group, or there is a meet-in-the-middle attack available.
>
Getting a bit off track here, but I don't think this claim true for at
least two reasons:
First, the issue with being a group is that it implies that *double* or
*triple*-key encryption does not yield the expected level security.
Vulnerability of *single*-key encryption to a meet-in-the-middle attack is,
as far as I know, specific to DES.
Second, vulnerability to a meet-in-the-middle attack just means that the
algorithm does not achieve security equal to its bit-length; it does not
mean the algorithm is not secure. (Note that public-key algorithms do not
achieve security equal to their bit-length either...)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140613/3084e9d0/attachment.html>
More information about the cryptography
mailing list