[Cryptography] Guaranteeing that no distinct keys produce indistinguishable results
Jonathan Thornburg
jthorn at astro.indiana.edu
Wed May 27 22:41:21 EDT 2015
On Wed, May 27, 2015 at 05:38:45PM -0700, Ray Dillinger wrote:
> In fact there's a
> related issue with DES, where the effect of composing
> any two encryptions with different keys is the same as
> a single encryption with a third key (hence 3DES with
> a DEcryption in the middle rather than another ENcryption
> that wouldn't actually add anything to security).
There is good evidence that DES is *not* a group (references below).
This means that composing multiple DES encryptions yields an operation
which is distinct from any single-DES.
The reason to use EDE rather than EEE when doing 3DES is to allow
backward-compatability with single-DES when all three keys are the same.
References:
* Kaliski, Burton S. Jr.; Ronald L. Rivest; and Alan T. Sherman,
"Is the Data Encryption Standard a Group?"
Eurocrypt 85 (Springer LNCS 219) pp 81 - 95
* Kaliski, Burton S. Jr.; Ronald L. Rivest; and Alan T. Sherman,
"Is the Data Encryption Standard a group?"
Journal of Cryptology, 1:1 (1988), 3--36.
--
-- "Jonathan Thornburg [remove -animal to reply]" <jthorn at astro.indiana-zebra.edu>
Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA
"There was of course no way of knowing whether you were being watched
at any given moment. How often, or on what system, the Thought Police
plugged in on any individual wire was guesswork. It was even conceivable
that they watched everybody all the time." -- George Orwell, "1984"
More information about the cryptography
mailing list