The symmetric ciphers

Robert J. Hansen rjh at
Thu Oct 31 22:36:08 CET 2013

> Playing Captain Obvious:

Excellent!  Let's play more.

> - \forall {A,B \in G} --> A X B \in G: G is closed.

What's this "\forall" and "\in"?  I don't understand.  Are those HTML  
entity codes that my email client isn't presenting properly?

... Or, in other words, your very first line assumes a level of  
mathematical knowledge that the overwhelming majority of people lack:  
namely, the abilities of understanding mathematical notion and TeX.   
Likewise with your answer about how it must uphold the associative  
property: a lot of people are going to conflate associativity with  

Abstract mathematics is the sort of thing that needs to be avoided at  
all costs when giving explanations to non-specialists.  It just  
doesn't work.

> I don't doubt that. I assumed (yes I know, assumption is the mother of
> all fuckups) that these things were analyzed during the long
> cryptanalysis the algorithms in gpg have had.

Quite possibly not, as whether AES is a group has absolutely no  
bearing on how easy it is to break AES -- only on whether AES can be  
used in composition, which is not particularly high priority.

The reason why the cryptanalytic community looked into whether DES  
forms a group is because the 56-bit keyspace was too short and we  
critically needed a way to compose DES into a stronger algorithm.   
That's not the case with AES.

A quick search of Google Scholar does not turn up any articles about  
whether AES forms a group.  I don't know one way or another.  My  
suspicion is that it does not, but I'm not willing to trust that  

> Did noone researched something like 3AES yet?

Not to my knowledge.

> However, encrypting a message with AES with key1 and then encrypting it
> again with key2 (key1 unrelated to key2) can't make it less secure since
> any attacker can encrypt the intercepted encrypted message again with
> little effort.

Beware of saying "can't" unless you've got a formal mathematical proof  
in your hands.  Even then, salt your pronouncements with "at our  
present level of ignorance."

It is true that one of AES's design goals was exactly as you say  
above.  However, there is no proof that they succeeded.  A lot of  
eminent mathematicians think it's overwhelmingly probable they  
succeeded, but I'm unaware of anyone who believes this has been proven.

More information about the Gnupg-users mailing list