Citations: the Security of Multiple Encryption - Merkle, Hellman (ResearchIndex)

35 citations found. Retrieving documents...

R. Merkle and M. Hellman. On the security of multiple encryption. Communications of the ACM, vol. 24, pp. 465--467, 1981.

Home/Search Document Not in Database Summary Related Articles Check

This paper is cited in the following contexts:

First 50 documents

How To Make DES-Based Smartcards Fit For The 21-st Century -.. - Lucks, Weis (Correct)

....1. C P P C L M N L M DES DES Figure 1 Double DES with two 56 bit keys L and M (top) and Triple DES with three 56 bit keys L, M , and N (bottom) Double DES has long been known to be vulnerable to meet in themiddle (MITM) techniques, see Merkle and Hellman [14]. While the original MITM attack requires a huge amount of memory and is hardly feasible, Oorschot and Wiener [16, 17] developed improved MITM techniques with greatly reduced space requirements at the cost of a slightly increased computation time for the attacker. Triple DES is typically used in ....

R.C. Merkle, M.E. Hellman, On the security of multiple encryption, Communications of the ACM, Vol. 24, No. 7 (1981).

Enhancing the Strength of Conventional Cryptosystems - Damgård, Knudsen (1994) (1 citation) (Correct)

....have already appeared in the literature. The most well known example is known as two key triple encryption, where we encipher under one key, decipher under a second key, and finally encipher under the first key. Van Oorschot and Wiener [7] have shown, refining an attack of Merkle and Hellman [5], that this construction is not optimal: under a known plaintext attack, it can be broken significantly faster than exhaustive key search. We propose a new variant of two key triple encryption, which has all the properties we require above. 2 Multiple encryption In this section, we look at ....

....does not meet our second demand. 5 For the two key triple encryption scheme, each of K 1 and K 2 only influences particular parts of the encryption process. Because of this, variants of the meet in the middle attack are possible that are even faster than exhaustive search for K 1 ; K 2 . In [5] Merkle and Hellman describes an attack on two key triple DES encryption requiring 2 chosen plaintext ciphertext pairs and a running time of 2 encryptions using 2 words of memory. This attack was refined in [7] into a known plaintext attack on the DES, which on input n ....

[Article contains additional citation context not shown here]

R. Merkle and M. Hellman. On the security of multiple encryption. Communications of the ACM, 24(7):465--467, 1981.

Enhancing Survivability of Security Services using.. - Hiltunen, Schlichting.. (2001) (3 citations) (Correct)

....only the sender s public key is required to later prove the message was sent by the sender. Other ordering constraints have been identified elsewhere [1, 2] A related issue not addressed here but considered elsewhere is the actual effectiveness of multiple encryption and custom security solutions [17, 24]. Implementation constraints are those that result from the specific design of the SecComm micro protocols. Compared with systems that support linear or hierarchical com position models, the non hierarchical model supported by Cactus introduces minimal implementation constraints on ....

R. Merkle and M. Hellman. On the security of multiple encryption. Communications of the ACM, 24(7):465--467, Jul 1981.

Security Amplification by Composition: The case of.. - Aiello, Bellare, al. (1998) (6 citations) (Correct)

....as DES to differential and linear cryptanalysis. The (apparent) strength of Double and two key triple DES against cryptanalysis coupled with the proven strength against generic attacks seem to make a strong combination that is absent for DESX. The basic meet in the middle attacks are due to [5, 12]. Even and Goldreich provide some time space tradeoffs for meet in the middle attacks [6] and Van Oorschot and Wiener [14] reduce the space requirements. Even and Goldreich [6] had shown that the cascade of m ciphers is at least as strong as its strongest component. Maurer and Massey [10] argued ....

R. Merkle, and M. Hellman, "On the security of multiple encryption", Communications of the ACM, vol. 24, n. 7, pp. 465--467, July 1981.

Securing Asynchronous Transfer Mode Networks - Haskins (1997) (Correct)

....key agility on a per cell basis. 7. Details of the algorithm should be publicly available. Table 5.1 is a list of algorithms which meet the criteria. All items have been derived from [17] 26] and [29] Algorithm Block Key Length Security Speed Size DES 64 56 baseline baseline Triple DES[22] 64 112 DES 1 3 DES DESX[25] 64 56 64 DES =DES RC2[24] 64 variable variable DES RC5[23] variable variable variable variable IDEA[15] 64 128 DES DES CA 1.1[13] 384 64 1024 unknown CAST[1] 64 64 =DES unknown SAFER[18] 64 64 unknown DES LOKI[7] 64 64 =DES unknown 3 Way[10] 96 ....

R.C. Merkle and M. Hellman. On the security of multiple encryption. Communications of the ACM, 24:465--467, 1981.

Cryptography, Trusted Third Parties and Escrow - Phoenix The Promise (Correct)

....in cryptography our intuition fails and this turns out not to be the case. The problem here is not so much with DES itself but with the notion of multiple encryption. Multiple encryption is susceptible to an attack known as the meet in the middle attack first invented by Merkle and Hellman [7]. To see how this kind of attack works we suppose that we shall encrypt the plaintext X to produce the ciphertext W = E 1 (X, K 1 ) This is then further encrypted under a different cipher to produce the ciphertext Y = E 2 (W, K 2 ) where K 1 and K 2 are independent sub keys of bit length N 1 and ....

Merkle R C and Hellman M E: `On the security of multiple encryption', Communications of the ACM, 24, p 465 (1981).

Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER.. - Kelsey, Schneier, Wagner (1996) (9 citations) (Correct)

....Attacks Meet in the middle attacks occur when the first part of a cipher depends upon a di#erent set of key bits than does the second part. This allows an attacker to attack the two parts independently, and works against double encryption with a block cipher and two di#erent keys [MH81, OW91, OW95]. 2.2 Linear Factors A linear factor is a fixed set of key bits whose complementation leaves the XOR of a fixed set of ciphertext bits unchanged; this weakness can be used to speed up an exhaustive key search. Six round DES has a linear factor [CE86] 2.3 Weak Keys A weak key, K, is a key for ....

....the key K, we obtain the decryption of C under key K # to obtain P # = E 1 (k a ##,E(k a , P ) now exhaustive search will recover k a in 2 56 encryptions. After that, one can find k b , k c with a meet in the middle attack on double DES, which has complexity of approximately 2 56 to 2 72 [MH81, OW91, OW95]. In total, we need one chosen related key query, one chosen ciphertext query, and 2 56 2 72 o#ine trial encryptions. Note this attack does not work against two key triple DES, and is the first attack for which two key triple DES is stronger than three key triple DES. 4.7 ECB OFB Matt ....

R.C. Merkle and M. Hellman, "On the Security of Multiple Encryption," Communications of the ACM, v. 24, n. 7, Jul 1981 pp. 465--467.

Using Diversity Techniques to Enhance Communication Security - Hiltunen, Schlichting.. (Correct)

.... break double DES much more efficiently than a brute 2 force key guessing attack [11] However, there have been recent results indicating multiple encryption can increase security [3] and some forms of multiple encryption such as triple DES are considered significantly more secure than single DES [24, 19]. As noted above, one of the key open questions in this area is the exact level of security that can be achieved using multiple methods, especially multiple encryption. 2.3 Analysis Analyzing the precise level of security that can be achieved using diversity is difficult, in part because it is ....

R. Merkle and M. Hellman. On the security of multiple encryption. Communications of the ACM, 24(7):465--467, Jul 1981.

Fine-Grain Configurability for Secure Communication - Hiltunen, Jaiprakash.. (2000) (1 citation) (Correct)

....private key is required to later prove the message was sent by the sender. Other ordering constraints have been identified elsewhere [AN96, AN95] A related issue not addressed here but considered elsewhere is the actual effectiveness of multiple encryption and custom security solutions [Bla99, MH81, Rit99, Sch94a, Sch99] Implementation constraints are those that result from the specific design of the SecComm micro protocols. Compared with systems that support linear or hierarchical composition models, the non hierarchical model 13 supported by Cactus introduces minimal implementation ....

R. Merkle and M. Hellman. On the security of multiple encryption. Communications of the ACM, 24(7):465--467, Jul 1981.

Code-Based Game-Playing Proofs and the Security of Triple.. - Bellare, Rogaway (2006) (Correct)

No context found.

R. Merkle and M. Hellman. On the security of multiple encryption. Communications of the ACM, vol. 24, pp. 465--467, 1981.

On the Security of Double and 2-key Triple Modes of Operation - Handschuh, Preneel (1999) (Correct)