Multiple Encryption For Multi-Key Security
I have a hypothetical question about multiple encryption after reading Matthew Green’s blog on multiple encryption. For those who are familiar with GCM…I want to understand the efficacy of multi-key security through an implementation of multiple encryption with a secure form of authenticated encryption such as AES-256-GCM.
https://blog.cryptographyengineering.com/2012/02/02/multiple-encryption/
Let’s assume we are cascading the same secure encryption scheme:
C = EncryptA(KC, EncryptA(KB,(EncryptA(KA,P))))
• EncryptA is a published, flawlessly implemented algorithm for AES-256-GCM.
• Each IV is only ever used once, 96 bits in length, and each is generated by a new Cryptographic Random Number Generator (CSPRNG).
• Each key (KA, KB, and KC) is only ever used once, 256 bits in length, and each is generated by a new Cryptographic Random Number Generator (CSPRNG).
• Each of the three IVs and tags are public knowledge
• The final ciphertext, C, is public knowledge
• P is 1 of 2^132 possible plaintexts
Each key is stored separately. Let’s assume three individuals each have one key in their own safety deposit boxes and no other copies of these keys exist anywhere else.
Now let’s assume two individuals come together with their keys to decrypt, but are missing the third key:
P = DecryptA(KA, DecryptA(KB,(DecryptA(KC,C))))
Is there any scenario (statistically probable of course) where P could be revealed without the third key? Would it matter which key was missing? Interested to hear your thoughts!