Re: Authentication



Maaartin wrote:
Mok-Kong Shen wrote:
The matter is in my view rather obvious. What is the motivation of
having an "exception" to the decryption (by the sender or reciepient)

I only spoke about an exception in the CCA2 attack model. And the
reason is very obvious. Let's still assume, that the goal is to
decrypt a given ciphertext ("challenge"). If the attacker could ask
for the decryption of the very ciphertext, he would do and win
instantly. That's all.

and how could that exception be implemented "in practice"?

Not at all since it's just a restriction necessary to make the model
meaningful, nothing else. There's no implementation and no need for
it. I wonder if you missed the point or if you've just got an
inspiration.

I never (always don't) exclude misunderstanding on my part. In this
sense let me repeat once again (for your correction) the essentials
of what I meant: The communication partners want to authenticate, so
the authentication field is an essential part of their message. The
proper ciphertext blocks plus the authentication field is so to say
an (not divisible) ensemble that is to be regardes as a whole. So the
'challenge' is properly to be regarded as all the n blocks and not
the n-1 blocks of the ciphertext alone. Compare also in this way: If
there is no authentication, then there are n-1 blocks. If there is
authentication then there are n blocks. Is this clear a point for
the n blocks as a whole being the 'challenge' that (in case of
use of authentication) the communication partners should carefully
guard against from the "view" of the attacker? Or asked otherwise,
is there anything against a "definition" of treating everything processed/trasmitted that are necessary for fulfilling the purposes
of a certain given communication act between two partners as the "challenge" in the present context?

Thanks.

M. K. Shen




.



Relevant Pages

  • Re: SPES (my new encryption) one of its kind
    ... test data should be $0000) and encrypt it. ... decryption is successfull (output is the expected known data, ... feature the output will not be validated since the authentication tag ...
    (sci.crypt)
  • Re: verify symmetric cipher key?
    ... the ciphertext is intact: proceed to step 2. ... WRONG decryption key was used, so the decrypted text is useless. ... a MAC. ... I have a few hundred bytes of data to encrypt with a user passphrase. ...
    (sci.crypt)
  • Re: ADVERT: Secure communications.
    ... What attacks could be applied to it? ... >> ciphertext were corrupted, after decryption the plaintext would differ ... Or would it be insecure for either privacy ... >> or authentication? ...
    (sci.crypt)
  • About Brute Forcing the Sample of Ciphertext.
    ... Each integer has to be decrypted in a reduction process that partitions the large initial ciphertext integer in two stages. ... This is only phase_1 of the decryption process however – ... This is strong cryptography that appears to be much more convoluted than it really is. ...
    (sci.crypt)
  • Re: byte inversion in ciphertext
    ... decryption, resulting in a large expenditure of work. ... Ci = Pi xor K xor N xor Ci-1 ... so if k is the length of the ciphertext then if the ciphertext is 384 bytes ...
    (sci.crypt)