Key whitening
Encyclopedia
In cryptography
, key whitening is a technique intended to increase the security of an iterated block cipher
. It consists of steps that combine the data with portions of the key
(most commonly using a simple XOR) before the first round and after the last round of encryption
.
The first block cipher to use a form of key whitening is DES-X
, which simply uses two extra 64-bit keys for whitening, beyond the normal 56-bit key of DES
. This is intended to increase the complexity of a brute force attack
, increasing the effective size of the key without major changes in the algorithm. DES-X's inventor, Ron Rivest
, named the technique whitening.
The cipher FEAL
(followed by Khufu and Khafre
) introduced the practice of key whitening using portions of the same key used in the rest of the cipher. Obviously this offers no additional protection from brute force attacks, but it can make other attacks more difficult. In a Feistel cipher
or similar algorithm, key whitening can increase security by concealing the specific inputs to the first and last round functions. In particular, it is not susceptible to a meet-in-the-middle attack
. This form of key whitening has been adopted as a feature of many later block ciphers, including MARS, RC6
, and Twofish
.
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
, key whitening is a technique intended to increase the security of an iterated block cipher
Block cipher
In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext...
. It consists of steps that combine the data with portions of the key
Key (cryptography)
In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...
(most commonly using a simple XOR) before the first round and after the last round of encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
.
The first block cipher to use a form of key whitening is DES-X
DES-X
In cryptography, DES-X is a variant on the DES block cipher intended to increase the complexity of a brute force attack using a technique called key whitening....
, which simply uses two extra 64-bit keys for whitening, beyond the normal 56-bit key of DES
Data Encryption Standard
The Data Encryption Standard is a block cipher that uses shared secret encryption. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is...
. This is intended to increase the complexity of a brute force attack
Brute force attack
In cryptography, a brute-force attack, or exhaustive key search, is a strategy that can, in theory, be used against any encrypted data. Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system that would make the task easier...
, increasing the effective size of the key without major changes in the algorithm. DES-X's inventor, Ron Rivest
Ron Rivest
Ronald Linn Rivest is a cryptographer. He is the Andrew and Erna Viterbi Professor of Computer Science at MIT's Department of Electrical Engineering and Computer Science and a member of MIT's Computer Science and Artificial Intelligence Laboratory...
, named the technique whitening.
The cipher FEAL
FEAL
In cryptography, FEAL is a block cipher proposed as an alternative to the Data Encryption Standard , and designed to be much faster in software. The Feistel based algorithm was first published in 1987 by Akihiro Shimizu and Shoji Miyaguchi from NTT...
(followed by Khufu and Khafre
Khufu and Khafre
In cryptography, Khufu and Khafre are two block ciphers designed by Ralph Merkle in 1989 while working at Xerox's Palo Alto Research Center...
) introduced the practice of key whitening using portions of the same key used in the rest of the cipher. Obviously this offers no additional protection from brute force attacks, but it can make other attacks more difficult. In a Feistel cipher
Feistel cipher
In cryptography, a Feistel cipher is a symmetric structure used in the construction of block ciphers, named after the German-born physicist and cryptographer Horst Feistel who did pioneering research while working for IBM ; it is also commonly known as a Feistel network. A large proportion of block...
or similar algorithm, key whitening can increase security by concealing the specific inputs to the first and last round functions. In particular, it is not susceptible to a meet-in-the-middle attack
Meet-in-the-middle attack
The meet-in-the-middle attack is a cryptographic attack which, like the birthday attack, makes use of a space-time tradeoff. While the birthday attack attempts to find two values in the domain of a function that map to the same value in its range, the meet-in-the-middle attack attempts to find a...
. This form of key whitening has been adopted as a feature of many later block ciphers, including MARS, RC6
RC6
In cryptography, RC6 is a symmetric key block cipher derived from RC5. It was designed by Ron Rivest, Matt Robshaw, Ray Sidney, and Yiqun Lisa Yin to meet the requirements of the Advanced Encryption Standard competition. The algorithm was one of the five finalists, and was also submitted to the...
, and Twofish
Twofish
In cryptography, Twofish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It was one of the five finalists of the Advanced Encryption Standard contest, but was not selected for standardisation...
.