Multiple encryption

Multiple encryption

Multiple encryption is the process of encrypting an already encrypted message one or more times, either using the same or a different algorithm. The terms cascade encryption, cascade ciphering, multiple encryption, multiple ciphering, and superencipherment are used with the same meaning. Superencryption refers to the outer-level encryption of a multiple encryption.

Independent keys

Picking any two ciphers, if the key used is the same for both, the second cipher could possibly undo the first cipher, partly or entirely. This is true of ciphers where the decryption process is exactly the same as the encryption process—the second cipher would completely undo the first. If an attacker were to recover the key through cryptanalysis of the first encryption layer, the attacker could possibly decrypt all the remaining layers, assuming the same key is used for all layers.

To prevent that risk, one can use keys that are statistically independent for each layer (e.g. independent RNGs).

The importance of the first layer

With the exception of the one-time pad, no cipher has been theoretically proven to be unbreakable. Thus some recurring properties may be found in the ciphertexts generated by the first cipher. Since those ciphertexts are the plaintexts used by the second cipher, the second cipher will be more vulnerable to attacks based on known plaintext properties (see references below).

This is the case when the first layer is a program P that always adds the same string S of characters at the beginning (or end) of all ciphertexts (commonly known as a magic number). When found in a file, the string S allows an operating system to know that the program P has to be launched in order to decrypt the file. This string should be removed before adding a second layer.

To prevent this kind of attack, one can use the method provided by Bruce Schneier in the references below: generate a random pad of the same size of the plaintext, then XOR the plaintext with the pad, resulting in a first ciphertext. Encrypt the pad and the first ciphertext with a different cipher and a different key, resulting in 2 more ciphertexts. Concatenate the last 2 ciphertexts in order to build the final ciphertext. A cryptanalyst must break both ciphers to get any information. This will, however, have the drawback of making the ciphertext twice as long as the original plaintext.

References

  • "Multiple encryption" in "Ritter's Crypto Glossary and Dictionary of Technical Cryptography"
  • A "way to combine multiple block algorithms" so that "a cryptanalyst must break both algorithms" in §15.8 of Applied Cryptography, Second Edition: Protocols, Algorithms, and Source Code in C by Bruce Schneier. Wiley Computer Publishing, John Wiley & Sons, Inc.
  • S. Even and O. Goldreich, On the power of cascade ciphers, ACM Transactions on Computer Systems, vol. 3, pp. 108–116, 1985.
  • M. Maurer and J. L. Massey, Cascade ciphers: The importance of being first, Journal of Cryptology, vol. 6, no. 1, pp. 55–61, 1993.

Wikimedia Foundation. 2010.

Игры ⚽ Нужна курсовая?

Look at other dictionaries:

  • Multiple Single-Level — or Multi Security Level (MSL) is a method of separating different levels of data by using separate PCs or virtual machines for each level. It aims to give some of the benefits of Multilevel security without needing special changes to the OS or… …   Wikipedia

  • Multiple channel cryptography — Infobox block cipher name = MCC designers = Richard Ervasti publish date = 2008 ndash;02 key size = variable block size = variable structure = SPN rounds = 2 cryptanalysis = Multiple channel cryptography (MCC) is an emerging approach to block… …   Wikipedia

  • Data Encryption Standard — The Feistel function (F function) of DES General Designers IBM First publis …   Wikipedia

  • NSA encryption systems — The National Security Agency took over responsibility for all U.S. Government encryption systems when it was formed in 1952. The technical details of most NSA approved systems are still classified, but much more about its early systems has become …   Wikipedia

  • Data Encryption Algorithm — DES Eine Feistel Runde (F Funktion) Entwickler IBM Veröffentlicht 1975 Abgeleitet von Lucifer …   Deutsch Wikipedia

  • Data Encryption Standard — DES Eine Feistel Runde (F Funktion) Entwickler IBM Veröffentlicht 1975 Abgeleitet von …   Deutsch Wikipedia

  • Comparison of disk encryption software — This is a technical feature comparison of different disk encryption software. Contents 1 Background information 2 Operating systems 3 Features 4 Layering …   Wikipedia

  • Disk encryption — uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume. Disk encryption prevents unauthorized access to data storage. The term full disk encryption (or whole disk encryption) is often used to… …   Wikipedia

  • Full disk encryption — (or whole disk encryption) is a kind of disk encryption software or hardware which encrypts every bit of data that goes on a disk or disk volume. The term full disk encryption is often used to signify that everything on a disk, including the… …   Wikipedia

  • Array controller based encryption — Within a storage network, encryption of data may occur at different hardware levels. Array controller based encryption describes the encryption of data occurring at the disk array controller before being sent to the disk drives. This article will …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”