“Why encrypting twice with two symmetric keys using the same algorithm doesn’t give you twice the security?” was the question that was asked in a recent CSE509 (System Security) class. I had the intuition that encrypting with the same algorithm twice with two different keys, K1 and K2, is essentially equivalent to encrypting with one key (say, K3). However, I didn’t know how to convince others about this.

Someone pointed out that, since Symmetric Cryptography is essentially a combination of Permutation and Substitution at a very basic level (the person was referring to P-Boxes and S-Boxes, found in many algorithms), doing it twice is essentially equivalent to doing it once with some other key.

I found that this was a more convincing argument (though very informal), about the security of the proposed mechanism.