Distributed system security

Dr Watson is worried that a 56 bit key is not long enough, so he has invented a new

combination of DES with a one-time pad.

“You see Holmes” he explains, “the government just chooses a one-time pad R,

exclusive-or’s this pad with the plaintext P, and then encrypts the result under the

first DES key k1. The result is sent by ordinary e-mail to the embassy, and the

ambassador was given k1 before he left the country.”

Holmes is intrigued. “But won’t the embassy also need to know R in order to decrypt

P?” “Ah, that’s the clever bit” says Watson modestly. “The government then

encrypts the pad R under a second shared DES key k2, and sends that to the

embassy as well. The attacker will need to guess both k1 and k2 correctly to

decipher P, and that’s 112 bits! Not only that, but the one-time pad really is

unbreakable, so the ambassador can keep on using the same k1 and k2. “

GàE: E"#(P XOR R), E",(R)

“Oh dear, says Holms sadly, “I think Moriarty would have no more difficulty with your

system than he would with ordinary DES. Embassy messages are very formal, and

we must assume that Moriarty knows the Ambassador’s name and title at least…”

