The symmetric ciphers

Johan Wevers johanw at
Thu Oct 31 15:00:38 CET 2013

On 31-10-2013 4:52, Robert J. Hansen wrote:

>> That's because ROT(N) is a group.
> Yes, but good luck answering the inevitable next two questions: "what's
> a group?"

Playing Captain Obvious:

G is a group for the operation X if:

- \forall {A,B \in G} --> A X B \in G: G is closed.

- \forall {A,B,C\in G} --> (A X B) X C = A X (B X C): G obeys the
associative law.

- \exists {E\in G} so that \forall {A\in G} A X E = E X A = A: G has a
unit element.

- \forall {A\in G} \exists {A^{-1}\in G} so that A X A^{-1} = E: Each
element in G has an inverse.

If also holds:

\forall {A,B\in G} --> A X B = B X A the group is called Abelian or

> and "how do we know if something's a group?"  You very quickly
> run into some complicated higher-level maths, and that's something best
> avoided.

I don't doubt that. I assumed (yes I know, assumption is the mother of
all fuckups) that these things were analyzed during the long
cryptanalysis the algorithms in gpg have had. From DES I know it is not
a group (otherwise 3DES would indeed not be more secure than single
DES), I admid that a quick Google about AES didn't turn up any
information one way or the other. Is that not determined yet? Did noone
researched something like 3AES yet?

> There is no single answer to this.  The "other symmetric ciphers" need
> to be evaluated combinatorically: for instance, are AES128, 3DES and
> Camellia a group?  That answer may be different from AES192, 3DES and
> Camellia.

However, encrypting a message with AES with key1 and then encrypting it
again with key2 (key1 unrelated to key2) can't make it less secure since
any attacker can encrypt the intercepted encrypted message again with
little effort. That would be like saying that base-64 encoding the
message would reduce security.

Of course there is one well-known encryption product that offers this
option: TrueCrypt allows one to stack encryption algorithms. But then,
the design decisions of TrueCrypt are not really known.

ir. J.C.A. Wevers
PGP/GPG public keys at

More information about the Gnupg-users mailing list