Superencryption
Encyclopedia
Multiple encryption is the process of encrypting
an already encrypted message one or more times, either using the same or a different algorithm. The terms cascade encryption, cascade ciphering, multiple encryption, multiple ciphering, and superencipherment are used with the same meaning. Superencryption refers to the outer-level encryption of a multiple encryption.
s, if the key
used is the same for both, the second cipher could possibly undo the first cipher, partly or entirely. This is true of ciphers where the decryption process is exactly the same as the encryption process—the second cipher would completely undo the first. If an attacker were to recover the key through cryptanalysis
of the first encryption layer, the attacker could possibly decrypt all the remaining layers, assuming the same key is used for all layers.
To prevent that risk, one can use keys that are statistically independent
for each layer (e.g. independent RNGs).
, no cipher has been theoretically proven to be unbreakable.
Thus some recurring properties may be found in the ciphertexts generated by the first cipher. Since those ciphertexts are the plaintexts used by the second cipher, the second cipher will be more vulnerable to attacks based on known plaintext properties (see references below).
This is the case when the first layer is a program P that always adds the same string S of characters at the beginning (or end) of all ciphertexts (commonly known as a magic number
). When found in a file, the string S allows an operating system
to know that the program P has to be launched in order to decrypt the file. This string should be removed before adding a second layer.
To prevent this kind of attack, one can use the method provided by Bruce Schneier
in the references below: generate a random pad of the same size of the plaintext, then XOR the plaintext with the pad, resulting in a first ciphertext. Encrypt the pad and the first ciphertext with a different cipher and a different key, resulting in 2 more ciphertexts. Concatenate the last 2 ciphertexts in order to build the final ciphertext. A cryptanalyst must break both ciphers to get any information. This will, however, have the drawback of making the ciphertext twice as long as the original plaintext.
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
an already encrypted message one or more times, either using the same or a different algorithm. The terms cascade encryption, cascade ciphering, multiple encryption, multiple ciphering, and superencipherment are used with the same meaning. Superencryption refers to the outer-level encryption of a multiple encryption.
Independent keys
Picking any two cipherCipher
In cryptography, a cipher is an algorithm for performing encryption or decryption — a series of well-defined steps that can be followed as a procedure. An alternative, less common term is encipherment. In non-technical usage, a “cipher” is the same thing as a “code”; however, the concepts...
s, if the key
Key (cryptography)
In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...
used is the same for both, the second cipher could possibly undo the first cipher, partly or entirely. This is true of ciphers where the decryption process is exactly the same as the encryption process—the second cipher would completely undo the first. If an attacker were to recover the key through cryptanalysis
Cryptanalysis
Cryptanalysis is the study of methods for obtaining the meaning of encrypted information, without access to the secret information that is normally required to do so. Typically, this involves knowing how the system works and finding a secret key...
of the first encryption layer, the attacker could possibly decrypt all the remaining layers, assuming the same key is used for all layers.
To prevent that risk, one can use keys that are statistically independent
Statistical independence
In probability theory, to say that two events are independent intuitively means that the occurrence of one event makes it neither more nor less probable that the other occurs...
for each layer (e.g. independent RNGs).
The importance of the first layer
With the exception of the one-time padOne-time pad
In cryptography, the one-time pad is a type of encryption, which has been proven to be impossible to crack if used correctly. Each bit or character from the plaintext is encrypted by a modular addition with a bit or character from a secret random key of the same length as the plaintext, resulting...
, no cipher has been theoretically proven to be unbreakable.
Thus some recurring properties may be found in the ciphertexts generated by the first cipher. Since those ciphertexts are the plaintexts used by the second cipher, the second cipher will be more vulnerable to attacks based on known plaintext properties (see references below).
This is the case when the first layer is a program P that always adds the same string S of characters at the beginning (or end) of all ciphertexts (commonly known as a magic number
Magic number (programming)
In computer programming, the term magic number has multiple meanings. It could refer to one or more of the following:* A constant numerical or text value used to identify a file format or protocol; for files, see List of file signatures...
). When found in a file, the string S allows an operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
to know that the program P has to be launched in order to decrypt the file. This string should be removed before adding a second layer.
To prevent this kind of attack, one can use the method provided by Bruce Schneier
Bruce Schneier
Bruce Schneier is an American cryptographer, computer security specialist, and writer. He is the author of several books on general security topics, computer security and cryptography, and is the founder and chief technology officer of BT Managed Security Solutions, formerly Counterpane Internet...
in the references below: generate a random pad of the same size of the plaintext, then XOR the plaintext with the pad, resulting in a first ciphertext. Encrypt the pad and the first ciphertext with a different cipher and a different key, resulting in 2 more ciphertexts. Concatenate the last 2 ciphertexts in order to build the final ciphertext. A cryptanalyst must break both ciphers to get any information. This will, however, have the drawback of making the ciphertext twice as long as the original plaintext.