Re: [Cfrg] IVs in the "authenticated encryption" draft
daw@cs.berkeley.edu (David Wagner) Fri, 15 September 2006 18:32 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GOIUG-0002WS-Tm; Fri, 15 Sep 2006 14:32:28 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GOIUE-0002UA-15 for cfrg@ietf.org; Fri, 15 Sep 2006 14:32:26 -0400
Received: from taverner.cs.berkeley.edu ([128.32.168.222]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GOINt-0004Ys-45 for cfrg@ietf.org; Fri, 15 Sep 2006 14:25:54 -0400
Received: from taverner.cs.berkeley.edu (localhost.localdomain [127.0.0.1]) by taverner.cs.berkeley.edu (8.13.7/8.13.7) with ESMTP id k8FIPh0l016970 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <cfrg@ietf.org>; Fri, 15 Sep 2006 11:25:43 -0700
Received: (from news@localhost) by taverner.cs.berkeley.edu (8.13.7/8.13.7/Submit) id k8FIPgkt016969 for cfrg@ietf.org; Fri, 15 Sep 2006 11:25:42 -0700
To: cfrg@ietf.org
Path: not-for-mail
From: daw@cs.berkeley.edu
Newsgroups: isaac.lists.ietf-cfrg
Subject: Re: [Cfrg] IVs in the "authenticated encryption" draft
Date: Fri, 15 Sep 2006 18:25:42 +0000
Organization: University of California, Berkeley
Lines: 33
Message-ID: <eeer76$g9r$1@taverner.cs.berkeley.edu>
References: <91CAF4F8-1791-4DD6-A8C0-5FDC6AE5C2F9@cisco.com>
NNTP-Posting-Host: taverner.cs.berkeley.edu
X-Trace: taverner.cs.berkeley.edu 1158344742 16699 128.32.168.222 (15 Sep 2006 18:25:42 GMT)
X-Complaints-To: news@taverner.cs.berkeley.edu
NNTP-Posting-Date: Fri, 15 Sep 2006 18:25:42 +0000 (UTC)
X-Newsreader: trn 4.0-test76 (Apr 2, 2001)
Originator: daw@taverner.cs.berkeley.edu (David Wagner)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b19722fc8d3865b147c75ae2495625f2
X-BeenThere: cfrg@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: David Wagner <daw-usenet@taverner.cs.berkeley.edu>
List-Id: Crypto Forum Research Group <cfrg.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:cfrg@ietf.org>
List-Help: <mailto:cfrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
Errors-To: cfrg-bounces@ietf.org
David McGrew wrote: >if you've read the draft, I'd be interested to hear your thoughts on >the use of IVs in that document. Currently, the IV is an *output* of >the encryption process, rather than an input to it. This property >puts IV generation into the crypto process, which simplifies the >interface for most users and eliminates the risk of security problems >due to inappropriate IV generation by the user. However, this >property adds some complexity; in order to support the use of >deterministic IVs when a single key is used by multiple encryptors, >it was necessary to add an "IV" contribution field. > >I very much like the idea of having an interface that is harder to >misuse, but I'm now wondering if that goal is "one too many" for the >current draft. Perhaps it would be better to allow the IVs to be >inputs, as is more conventional, which would allow this draft to get >finished more quickly, and then to consider a user-proof interface in >some separate future work, if that would be useful. I've heard >comments on both sides of this issue, and I'd like to gauge the >general feeling of the group, so I'd value your opinion. Have you considered factoring this out into two draft documents? Document #1: Documents AEAD modes that take an IV as input. Document #2: Documents IV generation processes that take an IV contribution as input and produce an IV as output. This seems like a third option you could consider. Would it be a better compromise? This way, folks could mix-and-match: if they want or have an AEAD mode that takes an IV as input, they can use Document #1 for guidance; if they have or want an AEAD mode that takes an IV contribution as input and produces an IV as output, they can use the composition of Documents #1 and #2 for guidance. _______________________________________________ Cfrg mailing list Cfrg@ietf.org https://www1.ietf.org/mailman/listinfo/cfrg
- [Cfrg] IVs in the "authenticated encryption" draft David McGrew
- Re: [Cfrg] IVs in the "authenticated encryption" … David Wagner