Re: [Cfrg] misuse-resistant AEAD

David McGrew <mcgrew@cisco.com> Fri, 03 January 2014 14:26 UTC

Return-Path: <mcgrew@cisco.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E82291ADFB0 for <cfrg@ietfa.amsl.com>; Fri, 3 Jan 2014 06:26:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.439
X-Spam-Level:
X-Spam-Status: No, score=-9.439 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_34=0.6, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K_mwcqfx8ZVY for <cfrg@ietfa.amsl.com>; Fri, 3 Jan 2014 06:26:06 -0800 (PST)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) by ietfa.amsl.com (Postfix) with ESMTP id 40FF31ADFAC for <cfrg@irtf.org>; Fri, 3 Jan 2014 06:26:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=497; q=dns/txt; s=iport; t=1388759159; x=1389968759; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=XRyWmkr8lNf7v4nJCo4ltAsyKqLK2VjLzfDpeG+iIuA=; b=G1/jaPXXe2+0mWgmE9Uh8XLuuPlQpkw2PQNWYE1R8HSxMy9L5OArzvYt GJjxrTsFJvt4i7Ft2T5yzqoMJUhGgiUOvWK8iyjodJfq5PSmwDlOt3g5t V2iHHMZWV5/eo7QXEHQ6JUyICSUnuewDxLqbmnKLhAnnS4VJwutje0PfV E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgMFADDIxlKtJV2c/2dsb2JhbABYgwuEC7MFgweBDRZ0giUBAQEEIxVBEAsYAgIFIQICDwJGBg0BBwKIAKkxmXEXgSmNZQeCb4FIAQOJQ45UhkWLT4NLHg
X-IronPort-AV: E=Sophos;i="4.95,598,1384300800"; d="scan'208";a="10343467"
Received: from rcdn-core-5.cisco.com ([173.37.93.156]) by alln-iport-8.cisco.com with ESMTP; 03 Jan 2014 14:25:50 +0000
Received: from [10.0.2.15] (rtp-mcgrew-8913.cisco.com [10.117.10.228]) by rcdn-core-5.cisco.com (8.14.5/8.14.5) with ESMTP id s03EPoS6023709; Fri, 3 Jan 2014 14:25:50 GMT
Message-ID: <52C6C40E.10804@cisco.com>
Date: Fri, 03 Jan 2014 09:07:10 -0500
From: David McGrew <mcgrew@cisco.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130922 Icedove/17.0.9
MIME-Version: 1.0
To: Watson Ladd <watsonbladd@gmail.com>
References: <CAGZ8ZG2f9QHX40RcB8aajWvEfG0Gh_uewu2Rq7bQGHYNx6cOmw@mail.gmail.com> <52C07436.2040709@cs.tcd.ie> <04C32948-02A2-44F4-B4C1-CF29D4146715@vpnc.org> <CEE6FEE3.2B330%paul@marvell.com> <52C57FB4.2050102@cisco.com> <CACsn0c=fykhhwCF3P24CC4gneo8W5NJFE42-dZf2iotQ0Pmfvw@mail.gmail.com> <2fe7d8ceead7a52aa4ae61585b9ea932.squirrel@www.trepanning.net> <CACsn0c=2uPuiWiO5qJH0s=8YD1_OuScU0yEdfiNojygq3H-h4Q@mail.gmail.com>
In-Reply-To: <CACsn0c=2uPuiWiO5qJH0s=8YD1_OuScU0yEdfiNojygq3H-h4Q@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] misuse-resistant AEAD
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jan 2014 14:26:08 -0000

On 01/02/2014 05:26 PM, Watson Ladd wrote:
>
> CBC+HMAC is an instance of generic composition. So is GCM and
> Chacha/Salsa/XSalsa/Poly1305.

A minor correction: GCM isn't a generic composition in the original 
sense of Bellare and Namprempre.   The same block cipher key is used 
both for encryption and authentication, and the particulars about what 
counter block is used during the encryption of the GHASH value matter, 
and are "coordinated" with the encryption operation.

David