Re: Authentication

Maaartin wrote:
Mok-Kong Shen wrote:
The matter is in my view rather obvious. What is the motivation of
having an "exception" to the decryption (by the sender or reciepient)

I only spoke about an exception in the CCA2 attack model. And the
reason is very obvious. Let's still assume, that the goal is to
decrypt a given ciphertext ("challenge"). If the attacker could ask
for the decryption of the very ciphertext, he would do and win
instantly. That's all.

and how could that exception be implemented "in practice"?

Not at all since it's just a restriction necessary to make the model
meaningful, nothing else. There's no implementation and no need for
it. I wonder if you missed the point or if you've just got an

I never (always don't) exclude misunderstanding on my part. In this
sense let me repeat once again (for your correction) the essentials
of what I meant: The communication partners want to authenticate, so
the authentication field is an essential part of their message. The
proper ciphertext blocks plus the authentication field is so to say
an (not divisible) ensemble that is to be regardes as a whole. So the
'challenge' is properly to be regarded as all the n blocks and not
the n-1 blocks of the ciphertext alone. Compare also in this way: If
there is no authentication, then there are n-1 blocks. If there is
authentication then there are n blocks. Is this clear a point for
the n blocks as a whole being the 'challenge' that (in case of
use of authentication) the communication partners should carefully
guard against from the "view" of the attacker? Or asked otherwise,
is there anything against a "definition" of treating everything processed/trasmitted that are necessary for fulfilling the purposes
of a certain given communication act between two partners as the "challenge" in the present context?


M. K. Shen