Score:1

Multiple Encryption Using GCM For Multi-Key Security

my flag

Multiple Encryption For Multi-Key Security

I have a hypothetical question about multiple encryption after reading Matthew Green’s blog on multiple encryption. For those who are familiar with GCM…I want to understand the efficacy of multi-key security through an implementation of multiple encryption with a secure form of authenticated encryption such as AES-256-GCM.

https://blog.cryptographyengineering.com/2012/02/02/multiple-encryption/

Let’s assume we are cascading the same secure encryption scheme:

C = EncryptA(KC, EncryptA(KB,(EncryptA(KA,P))))

• EncryptA is a published, flawlessly implemented algorithm for AES-256-GCM. • Each IV is only ever used once, 96 bits in length, and each is generated by a new Cryptographic Random Number Generator (CSPRNG). • Each key (KA, KB, and KC) is only ever used once, 256 bits in length, and each is generated by a new Cryptographic Random Number Generator (CSPRNG). • Each of the three IVs and tags are public knowledge • The final ciphertext, C, is public knowledge • P is 1 of 2^132 possible plaintexts

Each key is stored separately. Let’s assume three individuals each have one key in their own safety deposit boxes and no other copies of these keys exist anywhere else.

Now let’s assume two individuals come together with their keys to decrypt, but are missing the third key:

P = DecryptA(KA, DecryptA(KB,(DecryptA(KC,C))))

Is there any scenario (statistically probable of course) where P could be revealed without the third key? Would it matter which key was missing? Interested to hear your thoughts!

Score:0
in flag

where P could be revealed

You are talking about confidentiality. In the end the plaintext is still encrypted using AES in counter mode (underlying the GCM encryption) and the missing key. So yeah, P is just as secure as just implementing GCM once. So no, even if you break one of the other implementations you'd still be secure.

Of course, it makes maybe more sense to use different algorithms if this is just about multiple encryption. If there are multiple parties then it probably makes more sense to use a key sharing scheme.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.