[Cfrg] Repeated one-time pad
Yaron Sheffer <yaronf.ietf@gmail.com> Thu, 14 July 2011 19:42 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9522F21F8C35 for <cfrg@ietfa.amsl.com>; Thu, 14 Jul 2011 12:42:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m2drL0WJ16ci for <cfrg@ietfa.amsl.com>; Thu, 14 Jul 2011 12:42:02 -0700 (PDT)
Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by ietfa.amsl.com (Postfix) with ESMTP id 77BDB21F8C02 for <cfrg@irtf.org>; Thu, 14 Jul 2011 12:42:02 -0700 (PDT)
Received: by wwe6 with SMTP id 6so615316wwe.19 for <cfrg@irtf.org>; Thu, 14 Jul 2011 12:42:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=oq3QPFBZzwOddnCeZoKCr8jx5J44CT/DDZ2gcInmIIo=; b=s7P5X2b0hGv9II72kqwRI3QYksfeqQ47ZCJlc87l4eTePQpVHFnxAemzmeiKrmL6kq FZvqPF4ZDJBp6C5jxY/cw3fXrCxraJt+FYyx7yx8xfQ1wRwybIei53Vp6kmDXaSoKsi7 y3ctZ04Za0WWhTgKbJxCmXegPli15dx/cYOb0=
Received: by 10.227.157.75 with SMTP id a11mr2379302wbx.74.1310672521289; Thu, 14 Jul 2011 12:42:01 -0700 (PDT)
Received: from [10.0.0.1] (bzq-79-178-192-3.red.bezeqint.net [79.178.192.3]) by mx.google.com with ESMTPS id fc2sm474208wbb.52.2011.07.14.12.41.59 (version=SSLv3 cipher=OTHER); Thu, 14 Jul 2011 12:42:00 -0700 (PDT)
Message-ID: <4E1F467C.8090702@gmail.com>
Date: Thu, 14 Jul 2011 22:41:48 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20110624 Thunderbird/5.0
MIME-Version: 1.0
To: cfrg@irtf.org
References: <mailman.117.1310670016.1187.cfrg@irtf.org>
In-Reply-To: <mailman.117.1310670016.1187.cfrg@irtf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [Cfrg] Repeated one-time pad
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jul 2011 19:42:06 -0000
Regarding "immediate key disclosure": is is well known that reuse of a stream cipher or a one-time pad with different plaintexts leads to immediate exposure of the plaintext (see e.g. http://en.wikipedia.org/wiki/One-time_pad#True_randomness). For a course I am teaching, I would appreciate pointers to the algorithms that are used for this cryptanalysis and/or source code that implements this attack. Thanks, Yaron Message: 2 Date: Thu, 14 Jul 2011 10:00:44 +0200 From: Simon Josefsson <simon@josefsson.org> To: Ted Krovetz <ted@krovetz.net> Cc: cfrg@irtf.org Subject: Re: [Cfrg] Request For Comments: OCB Internet-Draft Message-ID: <87ipr5gukz.fsf@latte.josefsson.org> Content-Type: text/plain Ted Krovetz <ted@krovetz.net> writes: >> I have just submitted an internet-draft for OCB to the IETF. >> >> http://datatracker.ietf.org/doc/draft-krovetz-ocb >> >> I'd appreciate any comments you may have on how to make the draft better. > It would help if you explained (in the security considerations) what > happens if a nonce is repeated. The question of failure modes of > authenticated encryption modes has come up in several different > contexts. It turns out that different AEAD modes have different failure > properties. > > In particular, you want to address whether repeat of a nonce leads to > immediate key disclosure, or whether the key can be found after some > computation faster than obvious attacks, or whether it can only lead to > recovery of the plaintext, and/or whether it depends on the plaintext as > well (e.g., something interesting happens if the plaintexts are related). >
- [Cfrg] Repeated one-time pad Yaron Sheffer
- Re: [Cfrg] Repeated one-time pad Paterson, Kenny
- Re: [Cfrg] Repeated one-time pad Marshall Eubanks