> The security of modern cryptosystems is in the key, not in the obscurity of the algorithms or (at least not intentionally) the attacks.
Normally, we don't intentionally create attacks, but security absolutely DOES rely on there being easy attacks that
are well known - the obscurity of the attack. If there is an attack (and there's ALWAYS an attack), you're better of not
performing the attack yourself, but forcing the bad guy to first find, then carry out the attack.
An example from the physical world make it crystal clear:
Approximately all locks can be picked. Still, it is _more_ secure to lock your door than to not lock it.
You are arguing that it's just as secure for you to lock it, then pick your own lock and leave it unlocked.
"The bad guy could pick the lock himself", you say. That's true, he could, but requiring the bad guy
to pick the lock before he can get in is more secure than picking it yourself and leaving the door unlocked.
Let's do a select some specific values for your original claim, which was:
> Proof: if [the combined method] IS weaker, the attacker could just [use the outer method as an attack] ...
> on [the inner method], which means [the inner method] is exactly as strong as [the
> combined method]
If [leaving the door unlocked] IS weaker, the attacker could just [pick the lock] ... on the [locked door],
which means that the [locked door] is exactly as strong as [leaving he door unlocked]
The ellipses is where you said "with a small constant complexity". The complexity of F2 is not guaranteed to be constant.
Nor F2 guaranteed to return the plaintext. If it SOMETIMES returns the plaintext, because that timer tick happened
to have a zero as the least significant 32 bits, finding that 1 in 4,294,967,295 for them reduces their burden.