[cryptography] Repeated Encryptions Considered.... ?

Sampo Syreeni decoy at iki.fi
Sun Jun 19 16:21:59 EDT 2011


On 2011-06-18, Tom Ritter wrote:

> Applied Crypto shows how it doesn't always provide the security you 
> expect it - but it doesn't go so far as to say it *decreases* 
> security.

Security, or the hardness of the cipher? Those are two different things. 
It's rather unlikely that repeated encryption would lead to weakened 
ciphers.

But that is the least of our worries today. Symmetric block ciphers 
especially are so strong now that the weak link in overall security is 
pretty much *always* somewhere else. After that, multiple encryption 
does multiply the possibilities for other kinds of security breaks, like 
side channel attacks and what not. Not to mention how much more 
difficult it makes the overall system to analyze and attack, which of 
course remain the single strongest guarantee that it's not leaky.

Architecturally it might make sense to multiple encrypt, sometimes, if 
you just have to use interfaces which encourage that by design. In that 
case, it probably does little harm on the margin. But if you find 
yourself in a situation where that is tempting, you should probably ask 
yourself why that is, precisely? A well thought out crypto architecture 
usually doesn't need that sort of thing, and shouldn't be encouraging it 
without an explicit reason, based on a carefully analyzed threat model, 
which suggests it is necessary.

If that reasoning cannot be found, you might be dealing with a bad 
crypto architecture. That is *much* worse than any attack we currently 
have on standard, modern, symmetric ciphers. Cascaded or not.
-- 
Sampo Syreeni, aka decoy - decoy at iki.fi, http://decoy.iki.fi/front
+358-50-5756111, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2



More information about the cryptography mailing list