[Cryptography] Key meshing (Re: [Crypto-practicum] Retire all 64-bit block ciphers.)
Phillip Hallam-Baker
phill at hallambaker.com
Tue Aug 30 12:22:40 EDT 2016
What I don't understand is why the various symmetric cipher modes we have
keep the key fixed and modify the data.
So for CBC we take
C0 = E (B0 XOR IV, k)
C1 = E (B1 XOR C0, k)
...
Why not use:
C0 = E (B0, k)
C1 = E (B1, k + 1)
...
This has the advantage that it can be applied to the use cases that
motivated ECB and CBC. It doesn't require an initialization vector either.
Of course with DES you have the problem of weak keys but these days we
consider weak keys as disqualifying a cipher completely.
The main reason for not doing this seems to be that the key schedule has to
be recalculated and that was expensive for DES. But that shouldn't be a
major problem on a modern CPU.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160830/c686aa45/attachment.html>
More information about the cryptography
mailing list