Question
Alice is trying to decide between two different block ciphers, FOO and BAR, for her application. Both FOO and BAR have the same block size
Alice is trying to decide between two different block ciphers, FOO and BAR, for her application. Both FOO and BAR have the same block size and key length: {0, 1}n {0, 1}l {0, 1}l
Shes confident that at least one of them is secure, in that it doesnt have known vulnerabilities (beyond exhaustive key search), but isnt sure which of the two it is. As a hedge, she decides to combine them into a single new block cipher BAZ, that is also {0, 1}k {0, 1}l {0, 1}l and is defined for all x, y {0, 1}l and all K {0, 1}k as: BAZK(x) = FOOK(BARK(x)) BAZ1K (y) = BAR1K (FOO1K(y))
Alice finds its performance to be acceptable, but is BAZ a sound design from a security point of view? Find a convincing argument that BAZ can be insecure. (This can be shown even for the case when both blockciphers are secure.) Also, suggest a better design (no formal proof of security is required).
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started