If your original mode of operation is secure, then this should be
secure.
The reduction:
Consider algorithm A that tries to break the double encryption mode of
operation (DM) in the IND-CPA setting. We can construct an algorithm
B that tries to break the original mode of operation (OM)
On Fri, Apr 11, 2008 at 04:30:47PM +0200, COMINT wrote:
Quick system scenario:
You have packet [A].
It gets encrypted using an AES algo in a particular mode and we are
left with [zA].
More data [B] is added to that encrypted packet.
Now I have [zA]+[B] in one packet and I re-encrypt
There are some situations when this can be dangerous. It's a matter of
implementation. I can directly come up with one trivial scenario that
will end you up in trouble:
Assume that you are using AES-CTR (AES in Counter mode) and do not
change the IV between the two encryptions. In this case you
Quick system scenario:
You have packet [A].
It gets encrypted using an AES algo in a particular mode and we are
left with [zA].
More data [B] is added to that encrypted packet.
Now I have [zA]+[B] in one packet and I re-encrypt it with the same
algo/key/mode.
Have I just compromised the
