On the Power of Cascade Ciphers
The unicity distance of a cascade of random. ciphers, w.r.t. known plaintext attack, is shown to be the sum of the key lengths. A time-space trade-off for the exhaustive cracking of a cascade of ciphers is shown. The structure of the set of permutations realized by a cascade is studied; it is shown that only l·2k exhaustive experiments are necessary to determine the behavior of a cascade of l stages, each having k key bits. It is concluded that the cascade of random ciphers is not a random cipher. Yet, it is shown that, with high probability, the number of permutations realizable by a cascade of l random ciphers, each having k key bits, is 2lk. Next, it is shown that two stages are not worse than one, by a simple reduction of the cracking problem of any of the stages to the cracking problem of the cascade. Finally, it is shown that proving a nonpolynomial lower bound on the cracking problem of long cascades is a hard task, since such a bound implies that P≠NP.
Unable to display preview. Download preview PDF.
- [S]Shannon, C.E., “Communication Theory of Secrecy Systems,” Bell System J., Vol. 28, 1949, pp. 656–715.Google Scholar
- [DH]Diffie, W., and Hellman, M.E., “Exhaustive Cryptanalysis of the NBS Data Encryption Standard,” Computer, June 1977, pp. 74–84.Google Scholar
- [DES]Data Encryption Standard, National Bureau of Standards, Federal Information Processing Standards, Publ. 46, 1077.Google Scholar
- [AB]Asmuth, C.A., and Blakley, G.R., “An Efficient Algorithm for Constructing a Cryptosystem which is Harder to Break than Two Other Cryptosystems,” Comp. & Maths. with Appls., 7, 1081, pp. 447–450.Google Scholar
- [RS]Rivest, R.L., and Sherman, A.T., “Randomized Encryption Techniques,” in Advances in Cryptology, Proceedings of Crypto 82, Edited by Chaffin Plenum Press, 1983.Google Scholar
- [EG]Even, S., and Goldreich, O., “On the Power of Cascade Ciphers,” Tech. Rep. No. 275, Comp. Sci. Dept., Technion, Haifa, Israel. May 1983.Google Scholar