NSA's new mode of operation broken in less than 24 hours

John Lowry jlowry at bbn.com
Fri Aug 10 13:46:23 EDT 2001


Attached.
Note that neither of the "double counter" creators are cryptomathematicians
but are compusec engineers who are - I presume - seeking to create a mode to
solve some systems performance and resource issues.

> -----Original Message-----
> From: owner-cryptography at wasabisystems.com
> [mailto:owner-cryptography at wasabisystems.com]On Behalf Of David G.
> Koontz
> Sent: Sunday, August 05, 2001 2:10 AM
> To: R. A. Hettinga
> Cc: Digital Bearer Settlement List; dcsb at ai.mit.edu;
> cryptography at wasabisystems.com
> Subject: Re: NSA's new mode of operation broken in less than 24 hours
>
>
> Had me going for a minute.  I had to check
> http://condor.securephone.net/documents/fnbdt_brief.pdf as
> well as the dual counter mode description.
>
> I thought dual counter might refer to the two half blocks
> found in the FNBDT Counter Mode  (which is instead the counter
> mode described by Lipmaa/Rogaway/Wagner).
>
> Are there any references/urls/notes describing an analysis
> of dual counter mode?  I searched web sites and NISTs Mode
> of Operation Forum.  The only thing readily apparent is
> that it appears to be inspired by the desire to generate
> new protocols.  While FNBDT has been said to have been implemented
> via wireless IP on notebooks,  I can sympathize with accumulating
> overhead - especially in narrowband applications.
>
>
> "R. A. Hettinga" wrote:
> >
> > --- begin forwarded text
> >
> > Reply-To: <paulo.barreto at terra.com.br>
> > From: "Paulo S. L. M. Barreto" <paulo.barreto at terra.com.br>
> > To: <coderpunks at toad.com>
> > Subject: NSA's new mode of operation broken in less than 24 hours
> > Date: Thu, 2 Aug 2001 22:40:32 -0300
> > Sender: owner-coderpunks at toad.com
> >
> > NSA has recently convinced NIST to include a new algorithm -
> something they
> > dubbed "Double Counter" mode after 18 months of development - for
> > consideration as a possible standard mode of operation for the AES. It's
> > described at
> <http://csrc.nist.gov/encryption/modes/proposedmodes/>, but I
> > wouldn't bother reading it now had I not done it already. The
> new mode seems
> > to have been reduced to bits by Phillip Rogaway, David Wagner
> and others.
> >
> > Could it be that the NSA is losing its proverbial cryptologic
> skills? For
> > one can't help but conclude that, if they acted in good faith
> to provide a
> > useful mode, then they did a very poor job, and if they acted otherwise,
> > then they quite underestimate current public knowledge in the area.
> >
> > Paulo Barreto.
> >
>
> --
> remove "no_spam_" from Reply-to address
>
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
> majordomo at wasabisystems.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Gligor DCM.pdf
Type: application/pdf
Size: 107056 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20010810/396b57aa/attachment.pdf>


More information about the cryptography mailing list