Join Log in
Score:2
user2357 avatar Crypto

Is it practical to build a symmetric encryption cipher that needs the changing of the "main" key for each plaintext?

us flag
user2357

I read about an encryption cipher that needs the changing of the "main" key for the encryption of each plaintext. Sometimes this change depends on the plaintext and is done automatically.

Question: Is it practical to build a symmetric encryption cipher that needs the changing of the "main" key for each plaintext?

[Edit] Some ciphers take some aspects of the plaintext and include it into the key, that is an example of being automated. Is not this okay?

Note: I am sorry, I think the question still has to be refined.

270
4 + 4
Nat avatar
de flag
Nat
The obvious example would be a one-time-pad (OTP).
1
Reply
user2357 avatar
us flag
user2357
@Nat But one-time pad is not so practical
0
Reply
Nat avatar
de flag
Nat
Depends on what you're assessing practicality for -- not really for streaming YouTube, but for two friends who want to keep in-contact, pre-sharing a pad for text dialogs requires pretty little space and tends to be easy to do.
1
Reply
user2357 avatar
us flag
user2357
@Nat Thank you.
0
Reply
Score:3
fgrieu avatar Crypto
ng flag
fgrieu

Is it practical to build a symmetric encryption cipher that needs to change the key for each process?

As is, this statement is a contradiction of the definition of a cipher and it's key. The key is defined to be an input to the cipher, thus the cipher itself can't change it. More importantly, attack models (ciphertext only, known plaintext, chosen plaintext, chosen ciphertext) assume key reuse, thus no key change for different messages. That important assumption matches actual field use, and arguably dates back to Kerckhoffs.

It follows the One Time Pad does not match the definition of a cipher. The OTP is at best an encryption method. If something in the input of a cipher must be changed from message to message (which is common), that's not the key, it's an Initialization Vector. If something not an input of a cipher changes as the message is processed, that's not the cipher's key, that's an internal state of the cipher (which can be the key of an internal cipher).

Thus we need to do one or more of the following to make sense out of the question:

  1. Replace the word key by internal state initially setup to the cipher's key, that the cipher is now free to change. That's a fair match for what's asked, is practical, but not quite mainstream. For example, it makes sense to change the key of a block cipher after each block, in order to foil some DPA attacks.
  2. Replace the word key by internal state initially setup as function of the cipher's key (and possibly other input of the cipher, like IV). Now that's practical, and mainstream (as pointed in this answer): the internal state can be a session key, used as key of an internal auxiliary cipher, derived from the overall cipher's key, and changed after some number of plaintext bytes of the overall cipher. However that's less a match for what's asked, for what's change is an internal key, never matching the key of the overall cipher.
  3. Change cipher to method or device. That makes us free to change the cipher's key, and ignore the battle-tested, real issues that users will reuse the key initially fed to the method or device, no matter what prescription against that is made. To illustrate the danger of that reuse, see e.g. this the gizmo in anther answer. Even though it uses Quantum Key Distribution, it still needs an initial secret key (source) sent by traditional means like a trusted courier. If that secret is reused because the QKD link gets out of sync, the security claim of the gizmo falls apart.

Some time this change depends on the plaintext and is done automatically.

That's no unheard of, and is OK at least in thory. A block cipher in CBC or CFB mode, and some other ciphers, change their internal state according to plaintext and key. However the mixing of plaintext and key must be carefully analyzed, for it can open to some attack.

0 + 8
Paul Uszak avatar
cn flag
Paul Uszak
Are there not session keys?
0
Reply
fgrieu avatar
ng flag
fgrieu
@Paul Uszak: session keys are not "the key" (of the cipher). They are an internal state. I'll clarify that.
1
Reply
user2357 avatar
us flag
user2357
@fgrieu Some ciphers takes some aspects of the plaintext and include it into the key, that is an example of being automated. Is not this okay?
0
Reply
user2357 avatar
us flag
user2357
@fgrieu does not this open the door to building encryption systems by having a prng and xor the result with the plaintext and change the key in each process, as most chaotic ciphers do? Actually, they use it in the main key, not the internal key.
0
Reply
fgrieu avatar
ng flag
fgrieu
@ThePrince: By the definitions I use, "the key" of the cipher can't be changed by the cipher. The cipher can only change an internal state initially set to "the key".
0
Reply
user2357 avatar
us flag
user2357
@fgrieu So, what about the automated change of the main key for every new plaintext?
0
Reply
fgrieu avatar
ng flag
fgrieu
@ThePrince: "Automated change of the main key for every new plaintext" can't be _for a cipher_, by modern definition of cipher and key, since in a cipher the same key must be reusable with different plaintexts. That's why OTP is not a cipher. There's nothing to prevent an _encryption device_ or _encryption method_ to change it's key automatically for each plaintext; yet if such method is used in a cipher, that method's key is an internal state of the cipher, initially set to the key of the cipher. And the cipher is broken if it can't safely be used for different plaintexts with the same key.
1
Reply
user2357 avatar
us flag
user2357
@fgrieu Thanks very much. I am planning to edit the question. First, I have to review some material and come with an example at least. It would take me some time to make it a more rigorous question. It is hard to ask a firm question about the loose system, i. e., Chaos-based ciphers. I am not a fan of them, but I have to cryptanalyze them. All in all, I am working on editing the question. Thanks for your patience
0
Reply
Score:2
Nat avatar Crypto
de flag
Nat

tl;dr The common example of a symmetric-crypto-transform that uses a different key each time would be one-time pads (OTP), where the key is a yet-unused subset of the one-time-pad that's a shared secret between communicating parties. Ratcheting-schemes may mutate their keys each step, and other schemes might vary their keys too.

Symmetric-ciphers with changing keys.

A symmetric-key is a secret known to both sides. If that'd be changed each encryption, how would each side know the new secret?

Possibilities:

  1. They already know the set of keys to be used. This is how the one-time pad (OTP) scheme works.

    • People usually don't think of one-time-pad schemes as a block-cipher since it's not limited to operating on blocks. Still, it's able to operate on blocks too.

  2. They mutate prior secrets to generate new ones. For example, perhaps hash the prior-symmetric key. This would be ratcheting.

    • Often the idea is to get forward-secrecy, which is the property of a new key-compromise not compromising the secrecy of older messages.

  3. They share information through a different channel.

  4. They mutate the key based upon information obtained from a prior message.

Or some combination thereof.

Related concepts.

Related concepts include:

  1. Initialization Values (IV).
    Initialization-values are values that change each message to help improve encryption. However, such values aren't assumed secret, so they're not generally considered part of a key.

  2. Re-key-ing.
    Parties can do asymmetric-key exchanges to agree on new keys. They could potentially opt to do this before each new symmetric message if they'd care to.

Note: This may require an ordering-scheme.

In some contexts, basic symmetric-crypto implies unordered messages. This is, the decrypt-er should be able to decrypt ciphertexts even if they don't know what order those ciphertexts were generated in.

However, schemes that change keys generally need to address the issue of order since the keys are changing. Maybe they can assume a channel provides ordering; maybe they can tag messages; or maybe something else.

It often wouldn't be a difficult problem to address, though it'd be something to be aware of.

0 + 3
user2357 avatar
us flag
user2357
But one-time pad is not so practical.
0
Reply
Nat avatar
de flag
Nat
@ThePrince: OTP definitely has its uses; it has powerful security guarantees and requires very little computation to encrypt/decrypt. If you've got two endpoints that have a bit of storage space, OTP can be a useful tool. Of course, it's not right for everything, but usually we select crypto-methods on a case-by-case basis.
1
Reply
user2357 avatar
us flag
user2357
Thank you very much.
0
Reply
Score:1
Paul Uszak avatar Crypto
cn flag
Paul Uszak

Yes.

I read about an encryption cipher that needs to change the key for each encryption process.

Not quite sure what a "process" is, but yes, automatic key change/rotation is increasingly common. As:-

qkdn

Keys are (quantum) distributed between sites A and B at a rate of say 10 kbit/s. Those keys are then passed onto physical encryptor devices. These devices use conventional encryption (perhaps AES or the Light Encryption Algorithm) to transmit the bulk of the data at a much higher rate than using the quantum channel (40 Gbits/s).

The encryptor keys can then be changed every few seconds. A 256 bit key can be shared within 26 ms. So it's not quite a pre-process change, but rather periodic. It would not be out of the bounds of possibility to change the encryptor key per data burst/session as you suggest. Switches do after all offer quality of service (QoS) management. This might be an extension of that. And entirely practical.

So it's not the actual cipher that requires the constant key change, but the implementation that uses it. Close enough?

These particulars based on Clavis300 kit.

0 + 0
Score:1
A. Hersean avatar Crypto
cr flag
A. Hersean

Yes, it is common practice. Indeed, this is for example how TLS works. For TLS, this process is explained on this page in the step "Client Encryption Keys Calculation".

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.