Re: What does the MAC in IES or ECIES achieve ?




Mark Wooding wrote:
fabrice.gautier@xxxxxxxxx <fabrice.gautier@xxxxxxxxx> wrote:

Okay, so obviously, with the MAC in IES, I can detect if the ciphertext
has been tampered with.

But since IES doesnt provide authentication anyway (the sender doesnt
even need a Public Key), what good does that do?

You should maybe read Victor Shoup's exposition `Why chosen ciphertext
security matters',

http://shoup.net/papers/expo.pdf


This paper is excellent. Especially for non experts, I think.

Thanks

.