Superencryption

From Wikipedia, the free encyclopedia

You have new messages (last change).
Cryptography Portal

Superencryption refers to a situation where an encrypted message is then encrypted again using either the same encryption algorithm (referred to as multiple encryption — e.g., 3DES) or different algorithm(s) (referred to as cascade — e.g., AES-Twofish). The number of the encryption "layers" is greater than or equal to two.

Contents

[edit] Security of superencrypted messages

Suppose that Alice wants to send Bob an encrypted message, and Turing wants to listen in on the secret. If Alice uses the German Enigma machine to encrypt her message, Turing can run the message through his Bombes and decode rather easily because it is easy to figure out if each Enigma key gives intelligible results or not. If Alice uses a Vigenère cipher for the first encryption and then uses the Enigma Machine on that, Turing's Bombes will never find intelligible results from simple Enigma decrypts, and Turing will have to build a new machine, thus ensuring that Alice and Bob's message is safe for quite a while.

[edit] Independent keys

If you choose any couple of ciphers, and if you use the same key for both ciphers, the second cipher could undo (a part of) the work of the first cipher. This is obviously the case in ciphers where the decryption process is exactly the same as the encryption process, where the second cipher would completely undo the first. Also, if the attacker recovers the key by cryptanalysing the first encryption layer, he can decrypt all the remaining layers (as the same key is used for all layers).

To prevent that risk, you can use keys that are statistically independent for each layer (e.g. independent RNGs).

[edit] The importance of the first layer

With the exception of the one time pad, no other cipher has been theorically proven to be unbreakable. Thus some recurring properties may be found in the ciphertexts generated by the first cipher. Since those ciphertexts are the plaintexts used by the second cipher, the second cipher will be more vulnerable to attacks based on known plaintext properties (see references below).

This is obviously the case when the first layer is a program P that always add the same string S of characters at the begining (or end) of all ciphertexts. When found in a file, the string S allows an operating system to know that the program P has to be launched in order to decrypt the file. This string should be removed before adding a second layer.

To prevent this kind of attack, you can use the method provided by Bruce Schneier in the references below: generate 2 random pads of the same size of the plaintext, XOR the plaintext with the first pad , then XOR the result with the second pad, resulting in a first ciphertext. Encrypt each pad with a different cipher and a different key, resulting in 2 more ciphertexts. Concatenate all 3 ciphertexts in order to build the final ciphertext. A cryptanalyst must break both ciphers to get any information.

[edit] References

  • A "way to combine multiple block algorithms" so that "a cryptanalyst must break both algorithms" in §15.8 of Applied Cryptography, Second Edition: Protocols, Algorithms, and Source Code in C by Bruce Schneier. Wiley Computer Publishing, John Wiley & Sons, Inc.
  • S. Even and O. Goldreich, On the power of cascade ciphers, ACM Transactions on Computer Systems, vol. 3, pp. 108–116, 1985.
  • M. Maurer and J. L. Massey, Cascade ciphers: The importance of being first, Journal of Cryptology, vol. 6, no. 1, pp. 55–61, 1993.
Retrieved from "http://en.wikipedia.org../../../s/u/p/Superencryption.html"