Score:2

Crypto

AES key encryption on one time pad

Ss1996

2/13/24, 7:16 PM

I need to use the following scenario: There are 2 keys: AES-key and OTP-key (one-time pad). I encrypt the AES-key (as if it were plaintext) with an OTP key. Then I send the encrypted AES-key to another person who has the same OTP-key on which the AES-key was encrypted. This person decrypts the AES-key. Is it safe for him to use this AES-key to encrypt plaintext on it in CBC mode? And the second question: I'm almost sure that encryption using this AES-key in CTR mode is unreliable (because it turns out that there will be a double XOR in the same AES-key, am I right?).

Step-by-step execution:

AES-key XOR OTP-key = AES-key_encrypted
Transmit AES-key_encrypted to another people
AES-key_encrypted XOR OTP-key = AES-key
AES_CBC(AES-key, plaintext) - is it safe?
AES_CTR(AES-key, plaintext) - is it safe?

0 + 12

aes

Maarten Bodewes

2/13/24, 7:23 PM

AES is an algorithm, a block cipher to be precise; we do not *encrypt algorithms*. You need to use terms like plaintext and ciphertext to make this intelligible. Why not try and describe it step by step, using entities A and B that communicate with each other? I've closed this question until the issues are resolved (use [edit]), you can ask for help on that in the comments.

Ss1996

2/13/24, 7:53 PM

@MaartenBodewes, I fixed it.

Maarten Bodewes

2/13/24, 8:33 PM

Perfect Ss1996, welcome to the site. One question: if the OTP key stream is as large as the AES key, then why not simply use those bits **as** AES key. I don't think there is much wrong with your scheme and I might come up with some reasons myself, but do you have any practical case? Using CTR mode is fine although 1. you'd need a unique nonce per message encrypted with a specific key if you reuse keys, and 2. it's not an authenticated cipher. OK, and 3 it directly leaks the plaintext size.

Ss1996

2/14/24, 2:31 AM

@MaartenBodewes, Is it really possible to transmit AES-key in the gamming mode (which is essentially encryption using OTP-key?), and then use (after decryption) AES-key to encrypt data? I thought that the keys must necessarily be encrypted with a block cipher (AES_CBC for example)

Amit

2/14/24, 5:08 PM

@Ss1996 - I suppose by "Gamming" you mean "Jamming"? Anyway, an AES key is nothing but a sequence of bytes, exactly in the same way that an OTP key is a sequence of bytes (that needs to be as long as the plaintext). If you trust that the sequence of bytes is long enough (e.g. 32 bytes for AES256, 16 bytes for AES128, etc.), and was produced by a good CSPRNG, you can use it as the AES key. You don't need to *transmit* it (and that would be bad). But your assumption stated, that both sides are already in possession of such a sequence of bytes, in other words: they already have a shared secret!

Ss1996

2/16/24, 3:24 PM

@Amit gamming - it is stream mode of AES. For example - CTR.

Amit

2/16/24, 3:28 PM

@Ss1996 - If you can provide a reference for that I'll be glad to learn something new. I can't find such a term anywhere in relation to either AES or Cryptography in general. But anyway did you understand why I said you don't need to transmit any key if you already have secret material that can be used as the key?

Ss1996

2/17/24, 9:05 PM

@Amit https://en.m.wikipedia.org/wiki/Block_cipher_mode_of_operation CTR mode, or CFB mode

Amit

2/17/24, 9:06 PM

@Ss1996 - Thank you, I'm well aware of those. Still can't see any "gamming" mentioned there.

Ss1996

2/17/24, 9:08 PM

@Amit Sorry, I mean stream mode. Forget word "gamming" - bad termin(

Amit

2/17/24, 9:14 PM

@Ss1996 - sure anyway, this doesn't change what I wrote earlier. It doesn't matter if you want to use CTR, CBC, GCM or any other mode. All those modes require AES key of exactly the same type. For stream modes however like CTR and GCM, indeed it's better to have unidirectional keys: make sure that the key for outbound communication is different from the key for inbound communication, that prevents certain attacks.

Ss1996

2/17/24, 9:25 PM

@Amit, спасибо!

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: AES key encryption on one time pad

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.