How to effectively apply combination of Block and Stream Cipher?

Question

I have used TrueCrypt but it uses a cascaded encryption. I want to know about encrypting a file using two ciphers with each cipher having different key.

Cipher A (Block Cipher) - with Key KA

Cipher B (Stream Cipher) - with Key KB

First I am encrypting a file with Cipher A (KA). Again I am encrypting a file using Cipher B (KB).

Does this, in any way, make the final encrypted file vulnerable? Or, rather, leave some loopholes.

One other approach I thought is to compress a file before applying second cipher so as to make it more random.

Cipher A -> ZIP -> Cipher B

How secure is this and in which mode the two ciphers be operated to achieve high security?

** Edited **

Both the keys are different. Encrypted file also does not contain any key.

Are the keys independent? Is the file you encrypt independent of both keys? — Geoffroy Couteau, Oct 10 '16 at 14:01
@RPK The key stream is the output of a stream cipher (ones that are not reliant on the plaintext anyway). This key stream is XOR'ed (again, in general) with the plaintext to form the ciphertext. If you've got two key streams then you can just XOR both key streams and the plaintext to form the ciphertext. That way you should not convey any additional information about the plaintext contents or size (some information about the plaintext size is always leaked - in the case of stream ciphers all of it...). — Maarten Bodewes, Oct 10 '16 at 14:41
Cipher A -> ZIP -> Cipher B The intermediate step of compressing is not going to do anything. A ciphertext is incompressible on average. In specific cases compression might work, but the Kolmogorov complexity is uncomputable. We just know it is bounded by the usual entropy, and is equal to it for almost all input values. — tylo, Oct 10 '16 at 16:46
@tylo Completely agree. Actually it should be: ZIP -> Cipher A -> Cipher B. — RPK, Oct 10 '16 at 16:49
@RPK No, don't use compression unless you have to. Using the PKZIP compression on different data will likely result in different size output. This will give hints to an attacker on the contents of the data. — Maarten Bodewes, Oct 10 '16 at 16:59
@MaartenBodewes One old PGP documentation says: Compressing files before encryption is more secure. Yes but it also says: (Files that are too short to compress or which don't compress well aren't compressed.) — RPK, Oct 10 '16 at 17:05
@RPK That's a tricky statement. I don't think there will be many people that support that statement anymore. But in the end the core question is: does the ciphertext size leak too much information? And that's pretty much dependent on the content of the messages. — Maarten Bodewes, Oct 10 '16 at 17:18

Maarten Bodewes · Accepted Answer · 2016-10-13T10:00:48.127

What you can do is convert the block cipher into a stream cipher. You can do this by using it as primitive for a stream cipher mode of encryption such as CTR. Then you can use the resulting key streams of cipher A and B and XOR them together with the plaintext.

In principle you can also encrypt it using a block cipher mode of encryption or stream cipher in any order. This should not leave loopholes.

Compression or no compression is a tricky question. I'd say that no compression is better. As long as your plaintext doesn't leak information through the size of the plaintext, you're OK. The amount of compression is dependent on the contents and size of the plaintext.

The problem with this is that the compression factor may differ for slightly different plaintext. This means that it will become next to impossible to not leak information.

It's good if the keys are not related to each other. For best security it would also be wise to make sure that the algorithms are not related either.

The use of two ciphers to achieve confidentiality is an operation with questionable returns. Often it is more useful to e.g. use public key cryptography (in a hybrid scheme, so that the private key is not required during encryption) and/or authenticated ciphers.

How to effectively apply combination of Block and Stream Cipher?

1 Answers1