0

What is the effective key length of a deterministic encryption scheme, given a meet-in-the-middle attack scenario when you encrypt five times (64 bit keys for each)?

.

Say the encryption scheme has |key space K| = |plaintext space M| = |ciphertext space C| , all keys are 64 bit length, and $k1,k2,k3,k4,k5$ are all different (no key reuse like in some DES key options).

$c = E_{k5}(E_{k4}(E_{k3}(E_{k2}(E_{k1}(m))))$

You know that double encryption would not result in $|K|^2$ possibilities, but in fact due to the mitm attack the possibilities the attacker is forced to iterate over is only around ~2*K. You also know that triple encryption is much better, as it forces the attacker to have to iterate a total of ~$|K|^2$ even with the mitm tactic. What is the effective key length then when using double encryption, triple encryption, and x5 encryption respectively when using the above scheme?

hardyrama
  • 2,288
  • 1
  • 17
  • 41
bb2prime
  • 11
  • 3

1 Answers1

1

I believe I have settled it, please comment below if I have inaccuracies or am missing something:

c=Ek5(Ek4(Ek3(Ek2(Ek1(m)))) We can also represent these as the following: (by applying the appropriate decryptions to either side)

Dk4(Dk5(c)) = Ek3(Ek2(Ek1(m))) _____ OR ______ Dk3(Dk4(Dk5(c)))=Ek2(Ek1(m))

Effective key length: with the mitm attacker, it would take 2^192 operations on one side of the equation to find the "collisions" in the stored lists and determine a set of proper keys by brute force, and 2^128 operations on the other side.

Stated more abstractly, approximately ~|K|^3 + ~|K|^2, but in big O notation O(|K|^3)

bb2prime
  • 11
  • 3