| Better just not to encrypt anything like that. If you have a house, which has windows, your locks do not provide security against someone smashing open the window. Key cutting schemes are a bit like this - no key offers security, only one of several access routes. Having multiple access routes may be desirable and simultaneously a concern - a fireman smashing through your window to save your life is desirable, a burglar slitting your throat after smashing through your window is not. Encryption is more like a lockbox or a safe room - having a burglar compromise your safe room is undesirable, and going into one during a fire is also undesirable. But you do want to use one in the event of a burglary. A key cutting scheme may be useful in the case of mutli tenancy, but it is not a reasonable dead man switch - if your data needs to be re-encrypted either the keys themselves must be related (calling into question the security of the keys), or the encrypting party must multi encrypt the data, meaning whomever does the encrypting has full access to all the key data. If e.g. you are yourself encrypting the data, you must multi encrypt - it would be faster just to share the key yourself, as you already have all the keys. If the third party is encrypting, this means they have side channeled your data such that they can decrypt at any point. Again, even in the case there are e.g. two mathematically related keys, you cannot then enforce a timeout without first referencing and thus controlling the original key. You MUST distribute your keys yourself to your 3rd parties, or your data cannot be secure. |
No. Cutting a key in half doesn't halve its security, but it reduces it exponentially.
256 bits = 2^256 possibilities for bruteforcing
255 bits = 2^255 possibilities for bruteforcing, or half
128 bits = 2^128 possibilities, or 1/(2^128) the security