The symmetric ciphers

[Mark H. Wood]

On Wed, Oct 30, 2013 at 06:19:27PM +0100, Philipp Klaus Krause wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Am 10.09.2013 15:30, schrieb Robert J. Hansen:
> > On 9/10/2013 6:35 AM, Philipp Klaus Krause wrote:
> >> I wonder if it would be a good idea to have an option to combine
> >>  symmetric ciphers, e.g. users could state a preference list
> >> like this:
> > 
> > No.  This idea gets floated every few years and the answers never 
> > change.  It's not a good idea.  If you look in the list archives
> > you can find some pretty long, detailed writeups on why.
> 
> I just tried googling a bit, but the only posts I found are those that
> assume that the effort to break A+B would be a+b. I did not find the
> detailed writeups you mentoned, or even anything else about the
> assumption that breaking A+B takes at least effort max(a,b).

I often worry about the assumption that there are no unfortunate
interactions between the structures of A and B such that the effort to
break A+B < min(a,b).  Consider a composition of *three* ciphers:

  A := ROT13
  B := ROT10
  C := ROT3

Each different from the others, though similar in operation.  But
(when the symbol set is the Roman alphabet) A(B(C(x))) = x.  Composing
these three ciphers produces a cipher worse than any of its
components.  Any order of composition will do the same.  Compose any
two of them and the result is no stronger than any single one.

Obviously this should not be assumed to hold true for all possible
functions, but it provides a counterexample: composing ciphers does
not necessarily produce a stronger cipher.

-- 
Mark H. Wood, Lead System Programmer   mwood at IUPUI.Edu
Machines should not be friendly.  Machines should be obedient.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: </pipermail/attachments/20131031/5fdd7987/attachment.sig>