Abstract | ||
---|---|---|
The security of cascade ciphers, in which by definition the keys of the component ciphers are independent, is considered. It is shown by a counterexample that the intuitive result, formally stated and proved in the literature, that a cascade is at least as strong as the strongest component cipher, requires the uninterestingly restrictive assumption that the enemy cannot exploit information about the plaintext statistics. It is proved, for very general notions of breaking a cipher and of problem difficulty, that a cascade is at least as difficult to break as the first component cipher. A consequence of this result is that if the ciphers commute, then a cascade is at least as difficult to break as the most-difficult-to-break component cipher, i.e., the intuition that a cryptographic chain is at least as strong as its strongest link is then provably correct. It is noted that additive stream ciphers do commute, and this fact is used to suggest a strategy for designing secure practical ciphers. Other applications in cryptology are given of the arguments used to prove the cascade cipher result. |
Year | DOI | Venue |
---|---|---|
1993 | 10.1007/BF02620231 | J. Cryptology |
Keywords | Field | DocType |
Cascade ciphers,Multiple encryption,Provable security,Computational security | Transposition cipher,Block size,Cipher,Key schedule,Affine cipher,Theoretical computer science,Stream cipher,Stream cipher attack,Mathematics,Differential cryptanalysis | Journal |
Volume | Issue | Citations |
6 | 1 | 47 |
PageRank | References | Authors |
4.74 | 6 | 2 |
Name | Order | Citations | PageRank |
---|---|---|---|
Ueli Maurer | 1 | 4526 | 505.09 |
James L. Massey | 2 | 1096 | 272.94 |