Questions tagged [key-reuse]

Using the same key for more than one purpose, e.g. to encrypt two messages or to encrypt and authenticate a message. Some cryptosystems may be vulnerable to attacks if keys are inappropriately reused.

Key reuse refers to using the same key for more than one purpose, e.g. to encrypt two messages or to encrypt and authenticate a message. Some cryptosystems (such as the one-time pad or many stream ciphers) may be vulnerable to attacks if keys are inappropriately reused. In some cases, using different but similar ("related") keys may also be problematic.

Common ways to avoid problems arising from key reuse include deriving multiple pseudo-independent keys from a single master key using a key derivation function (KDF) or using unique initialization vectors or "tweaks" to differentiate uses of the same key.

114 questions

124

votes

7 answers

Taking advantage of one-time pad key reuse?

Suppose Alice wants to send encryptions (under a one-time pad) of $m_1$ and $m_2$ to Bob over a public channel. Alice and Bob have a shared key $k$; however, both messages are the same length as the key $k$. Since Alice is extraordinary lazy (and…

cryptanalysis one-time-pad key-reuse

asked Jul 13 '11 at 03:24

Elliott

1,711
3
15
9

votes

3 answers

How does one attack a two-time pad (i.e. one time pad with key reuse)?

My question might appear the same as the question Taking advantage of one-time pad key reuse?, but actually I did read all the answers and none of them helped me with the details I need. I am new to cryptography and my problem is with two time pad…

cryptanalysis one-time-pad key-reuse

asked Mar 31 '12 at 22:29

Samer Makary

votes

4 answers

How many RSA keys before a collision?

I was wondering how many possible private/public keys exist? If a million people – for whatever reason – would try to generate 5 keys each in the same minute (on the same date and time) is there a high chance of collision? I believe GUID would…

rsa keys collision-resistance key-reuse

asked May 06 '12 at 13:00

Nick wheatley

votes

2 answers

Deriving Keys for Symmetric Encryption and Authentication

So here's the concept. Rather than storing 2 keys and using a random IV, which presents its own problems (key rotation, ensuring no key is used in more than 2^32 cycles, sharing the keys, etc), is it OK to derive the cipher key, authentication key…

symmetric key-derivation key-reuse

asked Dec 08 '12 at 14:57

ircmaxell

votes

1 answer

How to attack a "many-time pad" based on what happens when an ASCII space is XORed with a letter?

I've already sent my correct solution to a homework exercise from Dan Boneh's Introduction to Cryptography class on Coursera: "Let us see what goes wrong when a stream cipher key is used more than once. Below are eleven hex-encoded ciphertexts that…

stream-cipher one-time-pad xor key-reuse ciphertext-only-attack

asked Jan 18 '13 at 17:40

sunrise

votes

1 answer

Why must IV/key-pairs not be reused in CTR mode?

Many sources mention that IVs must not be reused with the same key in CTR mode, for encrypting 2 different pieces of data, because that totally destroys security - but I haven't found an explanation so far as to why this is the case. The issue is…

initialization-vector ctr key-reuse

asked Jun 20 '12 at 17:36

Dexter

votes

3 answers

Can I use a one time pad key twice with random plaintext?

I understand the basics of OTP: $|\text{key space}| = |\text{plaintext space}|$ implies perfect security, key reuse destroys this. Cryptanalysis on the $N$-Time Pad for $N > 1$ involves finding patterns in the ciphertext; this, however, all seems…

cryptanalysis one-time-pad key-reuse

asked Apr 03 '12 at 13:48

mfsiega

votes

2 answers

Is it safe to reuse ECDH asymmetric keys for authentication?

Alice, Bob, and Carol each generate ECDH keypairs. Alice and Bob establish a communication channel and negotiate an AliceBob secret. The question is: Is it safe for Alice and/or Bob to reuse their keypairs to negotiate a new AliceCarol and/or…

elliptic-curves diffie-hellman authentication key-reuse

asked Mar 23 '14 at 15:33

Edward Ned Harvey

votes

3 answers

AES key reuse and guessing the key

Bit of a noob question and a fair bit of Googling didn't help. I understand that the current encryption standard is AES256. A few questions Is the point of this (and other encryption techniques) to reuse the same private key for multiple messages?…

aes keys brute-force-attack key-reuse

asked Mar 16 '16 at 08:25

user1936752

votes

1 answer

Is there any reason not to use Single-Key EM with AES and a constant key?

I've read recently the paper "Minimalism in Cryptography: The Even-Mansour Scheme Revisited" by Dunkelman, Keller and Shamir where it is claimed that the following construction (Single-Key EM) is secure: $$C=K\oplus E(P\oplus K)$$ with $E$ being a…

aes key-reuse

asked Nov 01 '15 at 14:18

SEJPM

46,697
9
103
214

votes

3 answers

Is RSA in a ECB-like-mode safe for bulk encryption?

Let's say I would like to communicate with my friend using asymmetric/public-key encryption, e.g. RSA. (Note: I do realize that in practice this is done through an intermediate symmetric key, but this question assumes we only use asymmetric…

encryption public-key rsa key-reuse

asked Jun 04 '12 at 16:42

user541686

1,409
1
11
24

votes

4 answers

Problems with using AES Key as IV in CBC-Mode

I'm a pentester and currently analysing a web application which are using some strange encryption scheme. The point is: They encrypt using AES-128, generate a (not cryptographic secure) key and use this as encryption key AND initialization…

aes cryptanalysis initialization-vector key-reuse

asked May 14 '14 at 12:36

Chris

votes

2 answers

Is there a downside to encrypting too much data with the same key?

Is there a downside to encrypting too much data? If so, what? I'm guessing things like too much data encrypted with the same key, possibly leaking information due to a collision encrypting non-essential data, wasting resources could be a problem,…

encryption attack key-reuse

asked Mar 05 '17 at 21:46

Drathier

1,063
1
8
17

votes

1 answer

Public Key generation for Ed25519 vs X25519

It is my understanding that EdDSA uses a slight variant of Curve25519 (typically used for ECDH), called Ed25519. Given the same private key, are the differences between the two algorithms enough to make the resulting public keys different between…

public-key elliptic-curves key-reuse

asked Dec 02 '19 at 21:14

Robert Quattlebaum

votes

2 answers

Why are ephemeral/session/temporary keys useful?

One reason that communication protocols use ephemeral keys is to help with implementing Perfect Forward Security. They're also used in SSL to go from using RSA to using a faster symmetric encryption. Why else are ephemeral keys used? In particular,…

encryption key-exchange key-derivation key-reuse key-generation

asked Jun 19 '17 at 22:23

theicfire

2 3 4 5 6 7 8 Next