Weekly edition Kernel Security Distributions Contact Us Search Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

# AES security

## AES security

Posted Oct 16, 2009 13:02 UTC (Fri) by pharm (guest, #22305)
In reply to: AES security by brouhaha
Parent article: Ubuntu to store copies of all users' address books

Just using the same encryption algorithm twice with two different keys of size N does not increase
the exhaustive search time from 2^n to 2^2n, thanks to meet-in-the-middle attacks, which reduce
the time to 4^n. IOW in return for doubling your key size you've increased the search time by a
factor of 2: That doesn't seem a good tradeoff.

Leave designing encryption algorithms to the experts: Personally, I know just enough to know that I
don't know anything like enough to start designing my own encryption schemes.

AES security

Posted Oct 16, 2009 19:22 UTC (Fri) by brouhaha (guest, #1698) [Link]

The meet in the middle attack reduces the time from 2^(2n) to 2^(n+1). This is why 3DES (even with 168 bits of keying) only effectively gives 112 bits of security. That's why I didn't propose 4DES, which wouldn't have any improvement in security over 3DES. However, my proposed 6DES would give 168 bits of security, or 8DES sould give 224, etc. 6DES has the advantage that you can use an existing 3DES implementation twice.

However, that's just the time complexity. The meet in the middle attack also requires storage for 2^n blocks, which is obviously not available for n=112, let alone larger values of n.

AES security

Posted Oct 16, 2009 20:08 UTC (Fri) by ABCD (subscriber, #53650) [Link]

> Just using the same encryption algorithm twice with two different keys of
> size N does not increase the exhaustive search time from 2^n to 2^2n,
> thanks to meet-in-the-middle attacks, which reduce the time to 4^n.

I think there is a mistake somewhere in there, because 2^(2n) = (2^2)^n = 4^n.

AES security

Posted Oct 18, 2009 16:08 UTC (Sun) by pharm (guest, #22305) [Link]

Yes, a thinko on my part.