The question I'm wondering is whether the AES cipher is a closed cipher (which is equivalent to AES being a group). And this question interests me due to the lack of understanding of whether it is possible to encrypt using the AES algorithm with two different keys and hope for increased strength, as for example in 3DES. But for DES this is possible because DES does not form a group (and there are public publications to confirm this). So, can you give me a detailed answer to my question with obligatory confirmation from the scientific literature?
Asked
Active
Viewed 774 times
1 Answers
8
See the paper DES is not a group by Campbell and Wiener.
TL;DR There are computational proofs that DES is not a group. The point is to carry out the types of computations that established DES is not a group is not feasible for AES due to the much larger space involved and its better design. Maybe someone will discover a new property, but it is unknown as of now.
There are no weak keys or special short cycle properties that are currently known [Coppersmith used properties of encrypting alternatively all 1 and all 0 vectors with DES, see below].
Just mathematical properties were not enough without randomness assumptions as Kaliski et al found out:
Kaliski, Rivest, and Sherman developed novel cycling tests which gave evidence that the set of DES permutations is not closed [3]. However, their work relied upon randomness assumptions about either DES itself or a pseudo-random function which was used in cycling experiments. Because of the randomness assumptions, it is difficult to use the results of their cycling tests to make any claims about the probability that DES is not closed.
Afterwards, DES was shown not to be a group computationally:
We have developed our own DES cycling experiments which provide evidence that DES is not closed; this evidence does not rely upon randomness assumptions
and
Don Coppersmith has developed an approach to finding a lower bound on the size of the subgroup generated by the DES permutations [ 11. He has shown this lower bound to be greater than the number of DES permutations, providing conclusive proof that DES is not closed.
Coppersmith himself described his approach in a 1992 sci.crypt posting.
kodlu
- 25,146
- 2
- 30
- 63