Gearing Up: How to Eat Your Cryptocake and Still Have It
Often Alice and Bob share a fixed quantity of master key and subsequently need to agree a larger amount of session key material. At present, they are inclined to be cautious about generating too much session key material from a single master key. We argue that this caution arises from their familiarity with keys consisting of a few dozen bytes, and may be misplaced when keys consist of many billions of bytes. In particular, if the proof that the master key was securely distributed depends on a bounded-memory assumption for Moriarty, then the same assumption also imposes constraints upon the cryptanalysis which Moriarty can apply to the generated session material. Block ciphers with (effectively) Terabit blocks allow a much higher ratio of session to master key than can be countenanced with current key lengths, and we construct one such cypher.