[Cryptography] Dan Bernstein has a new blog entry on key breaking

Jerry Leichter leichter at lrw.com
Sun Nov 22 15:52:16 EST 2015


> Don't modern algorithm use some kind of IV to defeat such attacks?The point here is that I don't just get the decrypt of one block, I can work out the key used to encrypt that block. And if I know that, I can (usually) work back to figure out what the original key was.
> 
> There are a couple of ways to defeat this type of attack. One would be to effectively randomize the plaintext by pre-encrypting with something like RC4. This would make it much harder to use the 'guessable plaintext' attack.
This comes back to Killian and Rogoway's result on DESX (DES with a fixed random whitener XOR's in before an after encryption):  DESX, when the only attack under consideration is a brute force attack, is about as strong as any pre- and post-whitened version of DES (where the whitener changes from block to block).  How to Protect DES Against Exhaustive Key Search (an analysis of DESX) <http://web.cs.ucdavis.edu/~rogaway/papers/desx.pdf>

The result has nothing to do with DES as such; it applies to any block cipher.  You can, I suppose, view the inner XOR as making it impossible to identify a successful decryption, though there is more to it than that, since given just the inner XOR with a fixed value, one could guess small pieces of the mask across different blocks.

                                                        -- Jerry



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151122/e76020ad/attachment.html>


More information about the cryptography mailing list