No Weak Keys As A Design Goal
The goal of having a 'flat' keyspace (i.e., all keys equally strong) is always a cipher design goal. As in the case of DES, sometimes a small number of weak keys is acceptable, provided that they are all identified or identifiable. An algorithm that has unknown weak keys does not inspire much trust.
The two main countermeasures against inadvertently using a weak key:
- Checking generated keys against a list of known weak keys, or building rejection of weak keys into the key scheduling.
- When the number of weak keys is known to be very small (in comparison to the size of the keyspace), generating a key uniformly at random ensures that the probability of it being weak is a (known) very small number.
A large number of weak keys is a serious flaw in any cipher design, since there will then be a (perhaps too) large chance that a randomly generated one will be a weak one, compromising the security of messages encrypted under it. It will also take longer to check randomly generated keys for weakness in such cases, which will tempt shortcuts in interest of 'efficiency'.
However, weak keys are much more often a problem where the adversary has some control over what keys are used, such as when a block cipher is used in a mode of operation intended to construct a secure cryptographic hash function (e.g. Davies-Meyer).
Read more about this topic: Weak Key
Famous quotes containing the words weak, keys, design and/or goal:
“The little people must be sacred to the big ones, and it is from the rights of the weak that the duty of the strong is comprised.”
—Victor Hugo (1802–1885)
“Thou hast the keys of Paradise, O just, subtle, and mighty opium!”
—Thomas De Quincey (1785–1859)
“Delay always breeds danger; and to protract a great design is often to ruin it.”
—Miguel De Cervantes (1547–1616)
“Our goal should be to achieve joy.”
—Ana Castillo (b. 1953)