[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 80 bit security from 40 bit exportable products

>Even if you assume complete independence of key setup, if a successful
>decryption at each layer can be independently detected and verified
>(which seems likely in your example), there're only about 3 * (2 ^ 40)
>total operations in the worst case, NOT 2 ^ (3 * 40) operations needed
>to expose the plaintext.  This is an effective 41.5 bits, not 120.

Of course.  It comes down to whether each encryption step plans some known
plaintext to be used for brute force testing of any next layer.