Re: [Cfrg] draft-housley-ccm-mode-00.txt

Gé Weijers <Ge.Weijers@Sun.COM> Fri, 16 August 2002 16:55 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA22739 for <cfrg-archive@odin.ietf.org>; Fri, 16 Aug 2002 12:55:07 -0400 (EDT)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id MAA14843 for cfrg-archive@odin.ietf.org; Fri, 16 Aug 2002 12:56:28 -0400 (EDT)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id MAA14706; Fri, 16 Aug 2002 12:52:54 -0400 (EDT)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id MAA14686 for <cfrg@optimus.ietf.org>; Fri, 16 Aug 2002 12:52:53 -0400 (EDT)
Received: from pheriche.sun.com (pheriche.sun.com [192.18.98.34]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA22636 for <cfrg@ietf.org>; Fri, 16 Aug 2002 12:51:31 -0400 (EDT)
Received: from esunmail ([129.147.58.121]) by pheriche.sun.com (8.9.3+Sun/8.9.3) with ESMTP id KAA26527 for <cfrg@ietf.org>; Fri, 16 Aug 2002 10:52:52 -0600 (MDT)
Received: from xpa-fe1 ([129.147.58.121]) by edgemail1.Central.Sun.COM (iPlanet Messaging Server 5.2 HotFix 0.8 (built Jul 12 2002)) with ESMTP id <0H0Y008NP4843E@edgemail1.Central.Sun.COM> for cfrg@ietf.org; Fri, 16 Aug 2002 10:52:52 -0600 (MDT)
Received: from sun.com ([66.135.162.153]) by mail.sun.net (iPlanet Messaging Server 5.2 HotFix 0.2 (built Apr 26 2002)) with ESMTPSA id <0H0Y007KS4837W@mail.sun.net> for cfrg@ietf.org; Fri, 16 Aug 2002 10:52:52 -0600 (MDT)
Date: Fri, 16 Aug 2002 09:51:06 -0700
From: =?ISO-8859-1?Q?G=E9?= Weijers <Ge.Weijers@Sun.COM>
Subject: Re: [Cfrg] draft-housley-ccm-mode-00.txt
To: David Wagner <daw@mozart.cs.berkeley.edu>
Cc: cfrg@ietf.org
Message-id: <3D5D2D7A.1000508@sun.com>
Organization: Sun Microsystems, Inc.
MIME-version: 1.0
Content-type: text/plain; charset=ISO-8859-1; format=flowed
X-Accept-Language: en-us, nl, de-de, de
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4.1) Gecko/20020508 Netscape6/6.2.3
References: <200208160411.QAA18674@ruru.cs.auckland.ac.nz> <ajip36$538$1@abraham.cs.berkeley.edu>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by optimus.ietf.org id MAA14687
Sender: cfrg-admin@ietf.org
Errors-To: cfrg-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
X-BeenThere: cfrg@ietf.org
Content-Transfer-Encoding: 8bit

David Wagner wrote:

>Can you elaborate?  What advantages do you see for CCM over
>the standard encrypt-then-authenticate generic composition of
>AES-CBC encryption and AES-CBC-MAC (suitably modified to be
>secure for variable-length messages)?  The latter is unencumbered
>and has the same performance characteristics as CCM.
>
An advantage I can see is the use of the same key for both 
authentication and encryption. I'm not aware of any proof of security 
for an encrypt-then-authenticate design that holds up when you use the 
same key for both encryption and authentication. Using the same key 
halves the key storage requirements for an 802.11 base station.. CCM 
tries to ensure that the likelihood of collisions follows the usual 
birthday bound curve, and the article claims that encrypting the MAC 
value makes analysis of the MAC value impossible.

The proof of security will make for an interesting read.

Gé



_______________________________________________
Cfrg mailing list
Cfrg@ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg