1

If I encrypt a 1MiB file with AES-CBC (or any other cipher) and XOR a 128KiB of (truly) unpredictable random data repeating until the end of file, will I have a security of 1048576-bits (128KiB*8)?

This question is a little weird, but I would like to know if this scheme has a security flaw (maybe known-plaintext attacks).

phantomcraft
  • 877
  • 4
  • 13

1 Answers1

2

This will be only as secure as AES-CBC, as the repeating XOR you're describing is massively vulnerable to a myriad of attacks, including known-plaintext attacks. Also remember that you could "cancel out" the 128 KiB by XORing two blocks together, since $P_1 \oplus K \oplus P_2 \oplus K = P_1 \oplus P_2$.

Don't try to chase large key sizes. 256 bits of key material is more than enough.

forest
  • 15,253
  • 2
  • 48
  • 103
  • Yes, I was trying to chase large key sizes, pardon me. =) – phantomcraft Nov 28 '22 at 00:57
  • 1
    @phantomcraft There's really no need to do that. 256 bits is plenty, although you can use XTS to get a little more strength for "free" (384 bits when you take into account meet-in-the-middle). – forest Nov 28 '22 at 00:58
  • In a quantum scenario I would get 192-bits with AES-256-XTS, am I right? – phantomcraft Nov 28 '22 at 01:06
  • 1
    @phantomcraft Well, sort of, but see https://crypto.stackexchange.com/a/102672/54184. While it would reduce it to 192 bits, quantum computers simply don't scale when running Grover's algorithm. Even 256 bits (thus 128 vs Grover's) is more than enough. – forest Nov 28 '22 at 01:08
  • I was thinking that quantum computers could reduce AES-256-XTS to 128-bits. That's why I asked. I know, my PC is AES-256-XTS encrypted. – phantomcraft Nov 28 '22 at 01:14
  • 1
    They can, but $2^{128}$ quantum operations is way more difficult to achieve than $2^{128}$ classical operations. – forest Nov 28 '22 at 01:15