3

I have some encrypted binary data I want to decrypt. I know nothing about it, but I can get it encrypted with as many different (random, unknown) symmetric keys as I want. The keys are long enough to not get repeated. Something like this:

$A_1 = Data ⊕ Key_1\\ A_2 = Data ⊕ Key_2\\ A_3 = Data ⊕ Key_3\\ …\\ A_n = Data ⊕ Key_n$

Is it possible to get $Data$ just having the $A$s?

Thanks

e-sushi
  • 17,891
  • 12
  • 83
  • 229
Wizardy
  • 31
  • 2
  • Maybe this question can help you: http://crypto.stackexchange.com/questions/12281/des-can-i-recover-the-key-when-i-have-both-ciphertext-and-the-plaintext. Also, if you want to encrypt A using only the same cipher, then that does not increase the time to encrypt the text with brute force. Because for most ciphers, if $A_1 = E(E(A_0, K_0), K_1)$, it can be reduced to $A_1 = E(A_0, K')$ (E is the cipher, $K_x$ the keys), so you don't search for two keys, you still just need one. If someone thinks I am wrong (I am doubting myself at the moment), then please prove me wrong. – Sirac May 17 '14 at 10:48
  • @Sirac : $;;;$ The DES permutations are a non-empty subset of the group of all permutations of ${\hspace{-0.02 in}0,\hspace{-0.05 in}1\hspace{-0.03 in}}^{\hspace{-0.02 in}64}$. $:$ Since that group is finite, composing a non-identity element of that group with itself sufficiently many times gives $:$ (continued ...) $;;;;;;;$ –  May 17 '14 at 13:29
  • (... continued ) $:$ that element's inverse; and then one more time gives the identity element. $:$ Thus if DES had the property you describe, then the DES permutations would be a group under composition. $:$ However, it is known that DES is not a group. $;;;$ –  May 17 '14 at 13:30
  • No. As long as only 1 of the 3 elements is known, $Data$ is not immediately recoverable… you’ld need either $A_n$ or $Key_n$ for that. Yet, this encoding could be trivially broken nevertheless if it weren’t for the fact that you wrote The keys are long enough to not get repeated. That’s called a [tag:One-Time-Pad]. It may be interesting for you to check related Q&As and to learn about OTP security properties. – e-sushi May 17 '14 at 13:31
  • @Wizardy : $;;;$ How much is the situation like what you wrote? $:$ In particular, are the cipher texts really equal to [data xor key]? $;;;;;;;$ –  May 17 '14 at 13:33
  • @RickyDemer The description and that ”non-repeating key” point to OTP. If that’s the case, you can bet the key is at least as long as the data. To me, it reads as of someone is “playing” Wizardy with a simple OTP, asking him/her to decode it… which is somewhat impossible unless the key sequence is trivially non-random. I’m not sure – would it make sense to throw in OPT description and statistical cryptanalysis of potentially weak-key usage as an answer? Something tells me that might be too much for OP to grasp at this stage… and I certainly don’t want to confuse OP with too much information. – e-sushi May 17 '14 at 13:40
  • @e-sushi : $:$ I think that would be too much. $;;;;$ –  May 17 '14 at 13:42
  • Thank you all for your help. As e-sushi points it's a OTP (I didn't know what that was until now). I can get the $Data$ encrypted with as many keys as I want, but never know the unencrypted Data or the Key used. The keys are completely random, so I suppose it's absolutely impossible to get the $Data$ back. – Wizardy May 17 '14 at 15:37

1 Answers1

3

If the keys are at least as long as the data (which is confirmed in the comments), and the keys are chosen randomly and independent of each other, no there is no way to get the data. Even if you had infinitely many encryptions.

This is because this type of encryption, called the one time pad, is perfectly secure.

mikeazo
  • 38,563
  • 8
  • 112
  • 180