Re: Blockcipher >256 bit (for hardware implementation)
- From: Kristian Gjøsteen <kristiag+news@xxxxxxxxxxxx>
- Date: Wed, 24 Jan 2007 20:35:47 +0000 (UTC)
Mike Amling <spamonly@xxxxxxxxxxx> wrote:
The OP's idea that somehow a
256-bit message and its 64-bit MAC should be encrypted by the
application of a cipher to a single 320-bit block is dubious.
Actually, I think it is perfectly sound. In fact, there's no need
for a MAC. If you have a 320 bit block cipher (f,g) and a 256 bit
message, I encrypt it as
c = f(k, m || 0^64) .
Do decrypt, I compute
m'||t = g(k, c)
and check that t = 0^64.
If the block cipher is secure (looks like a random permutation), the
forgery probability should be about 2^{-64}.
--
Kristian Gjøsteen
.
- Follow-Ups:
- Re: Blockcipher >256 bit (for hardware implementation)
- From: Mike Amling
- Re: Blockcipher >256 bit (for hardware implementation)
- References:
- Blockcipher >256 bit (for hardware implementation)
- From: jetmarc
- Re: Blockcipher >256 bit (for hardware implementation)
- From: Luc The Perverse
- Re: Blockcipher >256 bit (for hardware implementation)
- From: Kristian Gjøsteen
- Re: Blockcipher >256 bit (for hardware implementation)
- From: Mike Amling
- Blockcipher >256 bit (for hardware implementation)
- Prev by Date: Re: Encrpytion software
- Next by Date: for vanya: highly appreciated nntp server - uj div radgu - (1/1)
- Previous by thread: Re: Blockcipher >256 bit (for hardware implementation)
- Next by thread: Re: Blockcipher >256 bit (for hardware implementation)
- Index(es):
Relevant Pages
|
