Literatecode

There are some vendors provides an “even more secure” products by using cascading encryption for the data. They are declaring that applying encryption to the data by two different ciphers one after another would indeed double cryptographic strength and security. Well, it is not actually and here is why it is so.

Let M is the data, E₁ and E₂ are two cryptographically strong ciphers and key₁ and key₂ are two encryption keys whatever they are. Cascading ciphers will give us M“ by

M –> E₁(M, key₁) –> M` –> E<sub>2</sub>(M`, key₂) –> M”

Now look: M<>M` guaranteed by nature and definition of E<sub>1</sub>, M`<>M” guaranteed by nature and definition of E₂, but neither E₁ nor E₂ guaranteed M<>M”. In other words there is a chance a “double-protected” data may not be encrypted after all. It may and one day it will, according to Murphy’s Law.

There is the homework to whom skeptical, hard believer or simply curious:
• M= 5C 6D 71 CA 30 DE 8B 8B 00 54 99 84 D2 EC 7D 4B (one of the test vectors for AES cipher but it does not matter actually)
• E₁ is an one-time pad encryption with key₁=A8 74 05 B8 C2 CB 72 F5 7A 42 17 3B 83 79 9B 9F (confusion by XOR with random, non-repeatable key of the same size as a data)
• E₂ is AES-128 in ECB mode with key₂=14 15 16 17 19 1A 1B 1C 1E 1F 20 21 23 24 25 26
Find M”.