[cryptography] Compositing Ciphers?
Thor Lancelot Simon
tls at panix.com
Fri Sep 6 23:37:32 EDT 2013
On Sat, Sep 07, 2013 at 02:53:22AM +0200, Natanael wrote:
> http://blog.cryptographyengineering.com/2012/02/multiple-encryption.html
> Apparently it's called "cascade encryption" or "cascade encipherment",
> and the implementations are apparently called "robust combiners". And
> by the way, Truecrypt already lets you pick your chosen combo of AES
> and two other ciphers.
If you want to do this with stream ciphers, a fundamentally different
approach would be to use Knuth's "Algorithm M" (Knuth, 2ed, vol.1 , p 32):
Algorithm M (Randomizing by shuffling). Given methods for generating
sequences (Xn) and (Yn), this algorithm will successively output
the terms of a "considerably more random" sequence. We use a table
V[0], V[1], ... V[k-1], where k is some number chosen for convenience,
usually in the neighborhood of 100. Initially, the V-table is filled
with the first k values of the X-sequence.
M1. [Generate X, Y.] Set X and Y equal to the next members of the
sequences (Xn) and (Yn), respectively.
M2. [Extract j.] Set j <- [kY/m] where m is the modulus used in
the sequence (Yn); that is, j is a random value, 0 <= j < k,
determined by Y.
M3 [Exchange.] Output V[j] and then set V[j] <- X.
The reference proceeds to give two examples.
If there are more modern (post-1981) references that agitate against this
method of combining two keystream generators, I'd love to learn of them.
Thor
More information about the cryptography
mailing list