2

The popular VeraCrypt encryption utility, as well as its precursor TrueCrypt, has the option to cascade multiple ciphers on top of each other, such as AES-Twofish-Serpent. It works by cascading three ciphers running in XTS mode. Potentially unnecessary security benefits aside, I am curious how this differs functionally from using a single instance of XTS with a block cipher defined as three cascaded ciphers. Each block cipher uses a different key, expanded from a 512-bit master key with a hash-based KDF.

The only thing I can think of is that the total keyspace would be less, as each XTS increases keyspace. What differences are there between the two schemes in terms of theoretical security or performance?

forest
  • 15,253
  • 2
  • 48
  • 103
  • Perhaps you might want to add how it can cascade pairs such as AES/Twofish; Serpent/AES; and Twofish/Serpent. – Patriot Jul 25 '19 at 13:56
  • Let's not forget that a highly classified stolen document from Ft. Meade, which was made public, said that this utility posed a potentially catastrophic threat to their gaining access to information. Whether that document is real or not is another question. – Patriot Jul 25 '19 at 14:17
  • 1
    I assume you're referring to the Snowden leaks. Yes, those documents are legitimate. Anyway my question isn't about VeraCrypt specifically, but about the mathematical properties of the different ways to cascade ciphers in XTS mode. I just used VeraCrypt as an example implementation. – forest Jul 26 '19 at 08:48

0 Answers0