Mixing
Can AES be used with a static key?
$begingroup$
I am making an embedded system for a project that uses AES.
As I cannot accommodate key generation (hardware constraints) I am using a static key. I can use another small algorithm to create dynamism and then pass it to the static AES.
I'm concerned about using a static key, is it safe?
encryption aes cryptanalysis
edited Jan 4 at 9:25
kelalaka
6,39522142
asked Jan 4 at 9:15
kali007kali007
161
$endgroup$
add a comment |
$begingroup$
I am making an embedded system for a project that uses AES.
As I cannot accommodate key generation (hardware constraints) I am using a static key. I can use another small algorithm to create dynamism and then pass it to the static AES.
I'm concerned about using a static key, is it safe?
encryption aes cryptanalysis
edited Jan 4 at 9:25
kelalaka
6,39522142
asked Jan 4 at 9:15
kali007kali007
161
$endgroup$
$begingroup$
You should write more about yoursmallalgorithm; what is the randomness source. and also, are there any hash algorithm around.
$endgroup$
– kelalaka
Jan 4 at 9:24
$begingroup$
Have you looked on LED cipher? It is AES-like , they use one key with round constants. It might help you
$endgroup$
– hardyrama
Jan 4 at 9:40
$begingroup$
if you don’t use AES, you’ll have a lot more transistors for better security options. a feistel network cipher will serve you well
$endgroup$
– b degnan
Jan 4 at 13:11
$begingroup$
Have a look into whitebox crypto: github.com/ph4r05/Whitebox-crypto-AES
$endgroup$
– patrickf
Jan 6 at 20:31
add a comment |
$begingroup$
I am making an embedded system for a project that uses AES.
As I cannot accommodate key generation (hardware constraints) I am using a static key. I can use another small algorithm to create dynamism and then pass it to the static AES.
I'm concerned about using a static key, is it safe?
encryption aes cryptanalysis
edited Jan 4 at 9:25
kelalaka
6,39522142
asked Jan 4 at 9:15
kali007kali007
161
$endgroup$
I am making an embedded system for a project that uses AES.
As I cannot accommodate key generation (hardware constraints) I am using a static key. I can use another small algorithm to create dynamism and then pass it to the static AES.
I'm concerned about using a static key, is it safe?
encryption aes cryptanalysis
encryption aes cryptanalysis
edited Jan 4 at 9:25
kelalaka
6,39522142
asked Jan 4 at 9:15
kali007kali007
161
edited Jan 4 at 9:25
kelalaka
6,39522142
asked Jan 4 at 9:15
kali007kali007
161
edited Jan 4 at 9:25
kelalaka
6,39522142
edited Jan 4 at 9:25
kelalaka
6,39522142
edited Jan 4 at 9:25
kelalaka
6,39522142
6,39522142
asked Jan 4 at 9:15
kali007kali007
161
asked Jan 4 at 9:15
kali007kali007
161
asked Jan 4 at 9:15
kali007kali007
161
161
$begingroup$
You should write more about yoursmallalgorithm; what is the randomness source. and also, are there any hash algorithm around.
$endgroup$
– kelalaka
Jan 4 at 9:24
$begingroup$
Have you looked on LED cipher? It is AES-like , they use one key with round constants. It might help you
$endgroup$
– hardyrama
Jan 4 at 9:40
$begingroup$
if you don’t use AES, you’ll have a lot more transistors for better security options. a feistel network cipher will serve you well
$endgroup$
– b degnan
Jan 4 at 13:11
$begingroup$
Have a look into whitebox crypto: github.com/ph4r05/Whitebox-crypto-AES
$endgroup$
– patrickf
Jan 6 at 20:31
add a comment |
$begingroup$
You should write more about yoursmallalgorithm; what is the randomness source. and also, are there any hash algorithm around.
$endgroup$
– kelalaka
Jan 4 at 9:24
$begingroup$
Have you looked on LED cipher? It is AES-like , they use one key with round constants. It might help you
$endgroup$
– hardyrama
Jan 4 at 9:40
$begingroup$
if you don’t use AES, you’ll have a lot more transistors for better security options. a feistel network cipher will serve you well
$endgroup$
– b degnan
Jan 4 at 13:11
$begingroup$
Have a look into whitebox crypto: github.com/ph4r05/Whitebox-crypto-AES
$endgroup$
– patrickf
Jan 6 at 20:31
$begingroup$
You should write more about your
small algorithm; what is the randomness source. and also, are there any hash algorithm around.$endgroup$
– kelalaka
Jan 4 at 9:24
$begingroup$
You should write more about your
small algorithm; what is the randomness source. and also, are there any hash algorithm around.$endgroup$
– kelalaka
Jan 4 at 9:24
$begingroup$
Have you looked on LED cipher? It is AES-like , they use one key with round constants. It might help you
$endgroup$
– hardyrama
Jan 4 at 9:40
$begingroup$
Have you looked on LED cipher? It is AES-like , they use one key with round constants. It might help you
$endgroup$
– hardyrama
Jan 4 at 9:40
$begingroup$
if you don’t use AES, you’ll have a lot more transistors for better security options. a feistel network cipher will serve you well
$endgroup$
– b degnan
Jan 4 at 13:11
$begingroup$
if you don’t use AES, you’ll have a lot more transistors for better security options. a feistel network cipher will serve you well
$endgroup$
– b degnan
Jan 4 at 13:11
$begingroup$
Have a look into whitebox crypto: github.com/ph4r05/Whitebox-crypto-AES
$endgroup$
– patrickf
Jan 6 at 20:31
$begingroup$
Have a look into whitebox crypto: github.com/ph4r05/Whitebox-crypto-AES
$endgroup$
– patrickf
Jan 6 at 20:31
add a comment |
2 Answers
2
active
oldest
votes
$begingroup$
AES - the block cipher - can be used to process a large amount of data. In that sense it is possible to keep a single static key. How much data is specified in this answer by Thomas on the Security.SE site: around $2^{64}$ blocks of data or 250 millions of terabytes.
Generally would want to keep to $2^{32}$ blocks of random data though ("only" 64 GiB of data) to make sure that the chance of collision remains low. How much you can actually encrypt depends in the end on the mode of operation used. For CTR mode you can for instance encrypt 64 GiB with a random 96 bit nonce $2^{32}$ times with a ~ $1 over 2^{64}$ chance of collision as the input of the block cipher isn't random.
If the use of AES with a static key is secure therefore depends not on the block cipher but how the block cipher is used: in other words, the protocol or protocols in which it is used. It may be insecure because the mode of operation introduces constraints that are voided by your protocol. It may not be secure because replay attacks are possible, oracles exist, the combination of cipher mode and MAC mode are vulnerable to attack, the list goes on...
AES does certainly leak information if the same input block is fed into it twice. If that's an issue depends - again - on the protocol. Your small algorithm could possibly be used to generate nonces so that the input to the AES cipher is always unique.
That using such a scheme can be relatively secure is shown by memory cards such as DESFire (which, funny enough, may also use AES). These cards are generally provided with one or more symmetric keys that are static during the lifetime of the product. Of course all the devices use derived keys that are tied to some unique identity of the card, otherwise extraction of one key would be enough to destroy the functionality of all of the cards.
Still, if the master key (from which the device keys are derived) is lost from which the other keys have been derived such schemes are certain to run into some form of trouble or another. It is very tricky to perform key management on static keys, and such schemes are fraught with danger. This is why asymmetric keys are commonly used with a PKI scheme to ensure validity. For such schemes the controlling device doesn't need to hold a master key.
Sometimes devices are also provided with multiple keys (for multiple master keys) in advance. That way the device may still be used with a new master key if one becomes compromised. Needless to say, invalidating a master key on the devices and moving to the next one is tricky at best (if you can detect compromise in the first place), but you could possibly provide key rollover for your protocol.
Needless to say, using a static key makes it very vulnerable against side channel attacks on the implementation. Compare this for instance with a secure channel which needs to be reestablished using fresh session keys any time the MAC authentication tag is invalid. Those keys are probably invalidated before you can find out anything interesting about them.
answered Jan 4 at 10:19
Maarten Bodewes♦Maarten Bodewes
53.6k677193
$endgroup$
$begingroup$
Comments about the maximum number of calls to the AES block cipher have been moved to chat.
$endgroup$
– Maarten Bodewes♦
Jan 7 at 17:38
add a comment |
$begingroup$
You can fix a public key to AES and use it as a random permutation. Now based on
a random permutation, you can construct an ideal cipher out of it (you might need more than one call to the random permutation). There might be efficiency loss, but it works and no AES-key scheduling is needed.Note that AES key scheduling is very similar to one round of AES encryption. See https://eprint.iacr.org/2015/751.pdf page 10.
answered Jan 5 at 3:28
redplumredplum
30216
$endgroup$
$begingroup$
Could you possibly explain a bit more about your solutions? As it stands, your ideas are not that clear, at least not to me. What do you mean with "fix" a public key to AES? Could you create a more formal description? Are you suggesting replacing the key schedule of AES? With what? How does it make it more efficient compared to deriving a key, for instance?
$endgroup$
– Maarten Bodewes♦
Jan 7 at 17:43
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
});
});
}, "mathjax-editing");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "281"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f66259%2fcan-aes-be-used-with-a-static-key%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
$begingroup$
AES - the block cipher - can be used to process a large amount of data. In that sense it is possible to keep a single static key. How much data is specified in this answer by Thomas on the Security.SE site: around $2^{64}$ blocks of data or 250 millions of terabytes.
Generally would want to keep to $2^{32}$ blocks of random data though ("only" 64 GiB of data) to make sure that the chance of collision remains low. How much you can actually encrypt depends in the end on the mode of operation used. For CTR mode you can for instance encrypt 64 GiB with a random 96 bit nonce $2^{32}$ times with a ~ $1 over 2^{64}$ chance of collision as the input of the block cipher isn't random.
If the use of AES with a static key is secure therefore depends not on the block cipher but how the block cipher is used: in other words, the protocol or protocols in which it is used. It may be insecure because the mode of operation introduces constraints that are voided by your protocol. It may not be secure because replay attacks are possible, oracles exist, the combination of cipher mode and MAC mode are vulnerable to attack, the list goes on...
AES does certainly leak information if the same input block is fed into it twice. If that's an issue depends - again - on the protocol. Your small algorithm could possibly be used to generate nonces so that the input to the AES cipher is always unique.
That using such a scheme can be relatively secure is shown by memory cards such as DESFire (which, funny enough, may also use AES). These cards are generally provided with one or more symmetric keys that are static during the lifetime of the product. Of course all the devices use derived keys that are tied to some unique identity of the card, otherwise extraction of one key would be enough to destroy the functionality of all of the cards.
Still, if the master key (from which the device keys are derived) is lost from which the other keys have been derived such schemes are certain to run into some form of trouble or another. It is very tricky to perform key management on static keys, and such schemes are fraught with danger. This is why asymmetric keys are commonly used with a PKI scheme to ensure validity. For such schemes the controlling device doesn't need to hold a master key.
Sometimes devices are also provided with multiple keys (for multiple master keys) in advance. That way the device may still be used with a new master key if one becomes compromised. Needless to say, invalidating a master key on the devices and moving to the next one is tricky at best (if you can detect compromise in the first place), but you could possibly provide key rollover for your protocol.
Needless to say, using a static key makes it very vulnerable against side channel attacks on the implementation. Compare this for instance with a secure channel which needs to be reestablished using fresh session keys any time the MAC authentication tag is invalid. Those keys are probably invalidated before you can find out anything interesting about them.
answered Jan 4 at 10:19
Maarten Bodewes♦Maarten Bodewes
53.6k677193
$endgroup$
$begingroup$
Comments about the maximum number of calls to the AES block cipher have been moved to chat.
$endgroup$
– Maarten Bodewes♦
Jan 7 at 17:38
add a comment |
$begingroup$
AES - the block cipher - can be used to process a large amount of data. In that sense it is possible to keep a single static key. How much data is specified in this answer by Thomas on the Security.SE site: around $2^{64}$ blocks of data or 250 millions of terabytes.
Generally would want to keep to $2^{32}$ blocks of random data though ("only" 64 GiB of data) to make sure that the chance of collision remains low. How much you can actually encrypt depends in the end on the mode of operation used. For CTR mode you can for instance encrypt 64 GiB with a random 96 bit nonce $2^{32}$ times with a ~ $1 over 2^{64}$ chance of collision as the input of the block cipher isn't random.
If the use of AES with a static key is secure therefore depends not on the block cipher but how the block cipher is used: in other words, the protocol or protocols in which it is used. It may be insecure because the mode of operation introduces constraints that are voided by your protocol. It may not be secure because replay attacks are possible, oracles exist, the combination of cipher mode and MAC mode are vulnerable to attack, the list goes on...
AES does certainly leak information if the same input block is fed into it twice. If that's an issue depends - again - on the protocol. Your small algorithm could possibly be used to generate nonces so that the input to the AES cipher is always unique.
That using such a scheme can be relatively secure is shown by memory cards such as DESFire (which, funny enough, may also use AES). These cards are generally provided with one or more symmetric keys that are static during the lifetime of the product. Of course all the devices use derived keys that are tied to some unique identity of the card, otherwise extraction of one key would be enough to destroy the functionality of all of the cards.
Still, if the master key (from which the device keys are derived) is lost from which the other keys have been derived such schemes are certain to run into some form of trouble or another. It is very tricky to perform key management on static keys, and such schemes are fraught with danger. This is why asymmetric keys are commonly used with a PKI scheme to ensure validity. For such schemes the controlling device doesn't need to hold a master key.
Sometimes devices are also provided with multiple keys (for multiple master keys) in advance. That way the device may still be used with a new master key if one becomes compromised. Needless to say, invalidating a master key on the devices and moving to the next one is tricky at best (if you can detect compromise in the first place), but you could possibly provide key rollover for your protocol.
Needless to say, using a static key makes it very vulnerable against side channel attacks on the implementation. Compare this for instance with a secure channel which needs to be reestablished using fresh session keys any time the MAC authentication tag is invalid. Those keys are probably invalidated before you can find out anything interesting about them.
answered Jan 4 at 10:19
Maarten Bodewes♦Maarten Bodewes
53.6k677193
$endgroup$
$begingroup$
Comments about the maximum number of calls to the AES block cipher have been moved to chat.
$endgroup$
– Maarten Bodewes♦
Jan 7 at 17:38
add a comment |
$begingroup$
AES - the block cipher - can be used to process a large amount of data. In that sense it is possible to keep a single static key. How much data is specified in this answer by Thomas on the Security.SE site: around $2^{64}$ blocks of data or 250 millions of terabytes.
Generally would want to keep to $2^{32}$ blocks of random data though ("only" 64 GiB of data) to make sure that the chance of collision remains low. How much you can actually encrypt depends in the end on the mode of operation used. For CTR mode you can for instance encrypt 64 GiB with a random 96 bit nonce $2^{32}$ times with a ~ $1 over 2^{64}$ chance of collision as the input of the block cipher isn't random.
If the use of AES with a static key is secure therefore depends not on the block cipher but how the block cipher is used: in other words, the protocol or protocols in which it is used. It may be insecure because the mode of operation introduces constraints that are voided by your protocol. It may not be secure because replay attacks are possible, oracles exist, the combination of cipher mode and MAC mode are vulnerable to attack, the list goes on...
AES does certainly leak information if the same input block is fed into it twice. If that's an issue depends - again - on the protocol. Your small algorithm could possibly be used to generate nonces so that the input to the AES cipher is always unique.
That using such a scheme can be relatively secure is shown by memory cards such as DESFire (which, funny enough, may also use AES). These cards are generally provided with one or more symmetric keys that are static during the lifetime of the product. Of course all the devices use derived keys that are tied to some unique identity of the card, otherwise extraction of one key would be enough to destroy the functionality of all of the cards.
Still, if the master key (from which the device keys are derived) is lost from which the other keys have been derived such schemes are certain to run into some form of trouble or another. It is very tricky to perform key management on static keys, and such schemes are fraught with danger. This is why asymmetric keys are commonly used with a PKI scheme to ensure validity. For such schemes the controlling device doesn't need to hold a master key.
Sometimes devices are also provided with multiple keys (for multiple master keys) in advance. That way the device may still be used with a new master key if one becomes compromised. Needless to say, invalidating a master key on the devices and moving to the next one is tricky at best (if you can detect compromise in the first place), but you could possibly provide key rollover for your protocol.
Needless to say, using a static key makes it very vulnerable against side channel attacks on the implementation. Compare this for instance with a secure channel which needs to be reestablished using fresh session keys any time the MAC authentication tag is invalid. Those keys are probably invalidated before you can find out anything interesting about them.
answered Jan 4 at 10:19
Maarten Bodewes♦Maarten Bodewes
53.6k677193
$endgroup$
AES - the block cipher - can be used to process a large amount of data. In that sense it is possible to keep a single static key. How much data is specified in this answer by Thomas on the Security.SE site: around $2^{64}$ blocks of data or 250 millions of terabytes.
Generally would want to keep to $2^{32}$ blocks of random data though ("only" 64 GiB of data) to make sure that the chance of collision remains low. How much you can actually encrypt depends in the end on the mode of operation used. For CTR mode you can for instance encrypt 64 GiB with a random 96 bit nonce $2^{32}$ times with a ~ $1 over 2^{64}$ chance of collision as the input of the block cipher isn't random.
If the use of AES with a static key is secure therefore depends not on the block cipher but how the block cipher is used: in other words, the protocol or protocols in which it is used. It may be insecure because the mode of operation introduces constraints that are voided by your protocol. It may not be secure because replay attacks are possible, oracles exist, the combination of cipher mode and MAC mode are vulnerable to attack, the list goes on...
AES does certainly leak information if the same input block is fed into it twice. If that's an issue depends - again - on the protocol. Your small algorithm could possibly be used to generate nonces so that the input to the AES cipher is always unique.
That using such a scheme can be relatively secure is shown by memory cards such as DESFire (which, funny enough, may also use AES). These cards are generally provided with one or more symmetric keys that are static during the lifetime of the product. Of course all the devices use derived keys that are tied to some unique identity of the card, otherwise extraction of one key would be enough to destroy the functionality of all of the cards.
Still, if the master key (from which the device keys are derived) is lost from which the other keys have been derived such schemes are certain to run into some form of trouble or another. It is very tricky to perform key management on static keys, and such schemes are fraught with danger. This is why asymmetric keys are commonly used with a PKI scheme to ensure validity. For such schemes the controlling device doesn't need to hold a master key.
Sometimes devices are also provided with multiple keys (for multiple master keys) in advance. That way the device may still be used with a new master key if one becomes compromised. Needless to say, invalidating a master key on the devices and moving to the next one is tricky at best (if you can detect compromise in the first place), but you could possibly provide key rollover for your protocol.
Needless to say, using a static key makes it very vulnerable against side channel attacks on the implementation. Compare this for instance with a secure channel which needs to be reestablished using fresh session keys any time the MAC authentication tag is invalid. Those keys are probably invalidated before you can find out anything interesting about them.
answered Jan 4 at 10:19
Maarten Bodewes♦Maarten Bodewes
53.6k677193
edited Jan 7 at 16:19
answered Jan 4 at 10:19
Maarten Bodewes♦Maarten Bodewes
53.6k677193
answered Jan 4 at 10:19
Maarten Bodewes♦Maarten Bodewes
53.6k677193
answered Jan 4 at 10:19
Maarten Bodewes♦Maarten Bodewes
53.6k677193
53.6k677193
$begingroup$
Comments about the maximum number of calls to the AES block cipher have been moved to chat.
$endgroup$
– Maarten Bodewes♦
Jan 7 at 17:38
add a comment |
$begingroup$
Comments about the maximum number of calls to the AES block cipher have been moved to chat.
$endgroup$
– Maarten Bodewes♦
Jan 7 at 17:38
$begingroup$
Comments about the maximum number of calls to the AES block cipher have been moved to chat.
$endgroup$
– Maarten Bodewes♦
Jan 7 at 17:38
$begingroup$
Comments about the maximum number of calls to the AES block cipher have been moved to chat.
$endgroup$
– Maarten Bodewes♦
Jan 7 at 17:38
add a comment |
$begingroup$
You can fix a public key to AES and use it as a random permutation. Now based on
a random permutation, you can construct an ideal cipher out of it (you might need more than one call to the random permutation). There might be efficiency loss, but it works and no AES-key scheduling is needed.Note that AES key scheduling is very similar to one round of AES encryption. See https://eprint.iacr.org/2015/751.pdf page 10.
answered Jan 5 at 3:28
redplumredplum
30216
$endgroup$
$begingroup$
Could you possibly explain a bit more about your solutions? As it stands, your ideas are not that clear, at least not to me. What do you mean with "fix" a public key to AES? Could you create a more formal description? Are you suggesting replacing the key schedule of AES? With what? How does it make it more efficient compared to deriving a key, for instance?
$endgroup$
– Maarten Bodewes♦
Jan 7 at 17:43
add a comment |
$begingroup$
You can fix a public key to AES and use it as a random permutation. Now based on
a random permutation, you can construct an ideal cipher out of it (you might need more than one call to the random permutation). There might be efficiency loss, but it works and no AES-key scheduling is needed.Note that AES key scheduling is very similar to one round of AES encryption. See https://eprint.iacr.org/2015/751.pdf page 10.
answered Jan 5 at 3:28
redplumredplum
30216
$endgroup$
$begingroup$
Could you possibly explain a bit more about your solutions? As it stands, your ideas are not that clear, at least not to me. What do you mean with "fix" a public key to AES? Could you create a more formal description? Are you suggesting replacing the key schedule of AES? With what? How does it make it more efficient compared to deriving a key, for instance?
$endgroup$
– Maarten Bodewes♦
Jan 7 at 17:43
add a comment |
$begingroup$
You can fix a public key to AES and use it as a random permutation. Now based on
a random permutation, you can construct an ideal cipher out of it (you might need more than one call to the random permutation). There might be efficiency loss, but it works and no AES-key scheduling is needed.Note that AES key scheduling is very similar to one round of AES encryption. See https://eprint.iacr.org/2015/751.pdf page 10.
answered Jan 5 at 3:28
redplumredplum
30216
$endgroup$
You can fix a public key to AES and use it as a random permutation. Now based on
a random permutation, you can construct an ideal cipher out of it (you might need more than one call to the random permutation). There might be efficiency loss, but it works and no AES-key scheduling is needed.Note that AES key scheduling is very similar to one round of AES encryption. See https://eprint.iacr.org/2015/751.pdf page 10.
answered Jan 5 at 3:28
redplumredplum
30216
answered Jan 5 at 3:28
redplumredplum
30216
answered Jan 5 at 3:28
redplumredplum
30216
answered Jan 5 at 3:28
redplumredplum
30216
30216
$begingroup$
Could you possibly explain a bit more about your solutions? As it stands, your ideas are not that clear, at least not to me. What do you mean with "fix" a public key to AES? Could you create a more formal description? Are you suggesting replacing the key schedule of AES? With what? How does it make it more efficient compared to deriving a key, for instance?
$endgroup$
– Maarten Bodewes♦
Jan 7 at 17:43
add a comment |
$begingroup$
Could you possibly explain a bit more about your solutions? As it stands, your ideas are not that clear, at least not to me. What do you mean with "fix" a public key to AES? Could you create a more formal description? Are you suggesting replacing the key schedule of AES? With what? How does it make it more efficient compared to deriving a key, for instance?
$endgroup$
– Maarten Bodewes♦
Jan 7 at 17:43
$begingroup$
Could you possibly explain a bit more about your solutions? As it stands, your ideas are not that clear, at least not to me. What do you mean with "fix" a public key to AES? Could you create a more formal description? Are you suggesting replacing the key schedule of AES? With what? How does it make it more efficient compared to deriving a key, for instance?
$endgroup$
– Maarten Bodewes♦
Jan 7 at 17:43
$begingroup$
Could you possibly explain a bit more about your solutions? As it stands, your ideas are not that clear, at least not to me. What do you mean with "fix" a public key to AES? Could you create a more formal description? Are you suggesting replacing the key schedule of AES? With what? How does it make it more efficient compared to deriving a key, for instance?
$endgroup$
– Maarten Bodewes♦
Jan 7 at 17:43
add a comment |
Thanks for contributing an answer to Cryptography Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f66259%2fcan-aes-be-used-with-a-static-key%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
$begingroup$
You should write more about your
smallalgorithm; what is the randomness source. and also, are there any hash algorithm around.$endgroup$
– kelalaka
Jan 4 at 9:24
$begingroup$
Have you looked on LED cipher? It is AES-like , they use one key with round constants. It might help you
$endgroup$
– hardyrama
Jan 4 at 9:40
$begingroup$
if you don’t use AES, you’ll have a lot more transistors for better security options. a feistel network cipher will serve you well
$endgroup$
– b degnan
Jan 4 at 13:11
$begingroup$
Have a look into whitebox crypto: github.com/ph4r05/Whitebox-crypto-AES
$endgroup$
– patrickf
Jan 6 at 20:31