<p dir="ltr">Den 20 okt 2015 19:01 skrev "Jeff Burdges" <<a href="mailto:burdges@gnunet.org">burdges@gnunet.org</a>>:<br>
> Are there any good symmetric-ish cyphers that involve three or more<br>
> steps with independent key material for each step?<br>
><br>
> Formally, there should be a function KG(s) that returns a tuple<br>
> (k_1,..,k_n) and a function P(k,d) such that if d_i = P(k_i,d_{i-1})<br>
> then d_n=d_0 but there are no known relationships between strictly<br>
> fewer than n of the k_i.<br>
><br>
> Stream cyphers provide this for n=2 of course, as the independence<br>
> requirement becomes vacuous, but I'm unaware of anything with n>2<br>
> that's both secure and efficient as a symmetric cypher.<br>
><br>
> It's okay if we replace P by another operation P' for the i-th step for<br>
> preferably at most one i but we do not want any relationship between<br>
> k_i and k_j for j != i.<br>
><br>
> One could use secret sharing algorithms, or simply XOR, to do this<br>
> quite securely, but that'd require key material as big as the original<br>
> file, making it inefficient.<br>
><br>
> There are tricks for doing roughly this with asymmetric systems like<br>
> elliptic curve scalar multiplication, but that's too slow for my<br>
> purposes.</p>
<p dir="ltr">Secret Sharing on the symmetric key? Do you need it to be integrated into the encryption algorithm itself? Your terminology is a bit unclear to me, what exactly are you trying to achieve?</p>
<p dir="ltr">Seems like you want to use different subsets of keys for different plaintexts, in some serial order, maybe? Or am I way off? </p>