[Cryptography] quantum computers & crypto
huitema at huitema.net
Mon Nov 8 18:31:40 EST 2021
On 11/8/2021 1:00 PM, Ray Dillinger wrote:
> On 11/8/21 5:42 PM, Jerry Leichter wrote:
>>>> [Suggestions for ciphers with longer keys]
>>> Why not just use Triple AES26, ala Triple DES? E_AES256_k1 -> D_AES256_k2 -> E_AES256_k1 ? Voila (albeit @1/3 the throughput), 512 bits!
>>> Or even Triple AES256 with three different keys, Ek1 -> Dk2 -> Ek3 for 768 bits?
> I can't think of a very strong argument that Triple AES, applied one
> block at a time, would _necessarily_ be stronger than AES. It is very
> likely to be. Almost certain to be. It would be very surprising if it
> weren't. But I remember the 'Double DES' superencryption proposal and
> how certain that seemed and how very surprising was the analysis that
> proved it wasn't.
> My goto example of 'more isn't always better' is shuffling a card deck.
> Shuffling is understood as randomizing the order of the cards. So you
> may decide that 'shuffle(n)' to shuffle the cards n times is a good
> randomization algorithm.
> But if you do 52 perfect shuffles in a row you bring the deck back into
> its original order. No matter what (n) you use, it will never be 'more
> secure' than some (n) less than 52. The so-called 'perfect shuffle' is
> actually fairly lousy considered as a randomization algorithm, but you
> see the point.
Really? Did you mean to write 52! perfect shuffles in a row?
-- Christian Huitema
More information about the cryptography