What's the state of the art in one-pass integrity/encryption?
Greg Rose
ggr at qualcomm.com
Sat Nov 24 19:22:09 EST 2001
All of the early schemes were broken, as was the NSA's submission to the
AES Modes of Operation workshop. However, three schemes, all similar in
principal, have not only survived, but have proofs of correctness. The
first was Charanjit Jutla's IAPM mode, another is Rogaway's OCB, and the
third is from Gligor and Pompescu but I can't remember its name (I'm
passing through SFO as I write this, so forgive me for not having
references to hand).
Phil Hawkes and I have extended IAPM (and I believe the method is
applicable to the other modes too) so that you can authenticate parts of
the message that are not encrypted, like IP headers for example. We sent
public comments to NIST about this, or I cam post more detail if you need.
regards,
Greg.
At 05:29 PM 11/24/2001 -0500, Radia Perlman - Boston Center for Networking
wrote:
>In the last few years I've heard of some one-pass schemes
>(schemes that with one cryptographic pass over the data encrypt
>the data and generate an integrity check), and I've
>also heard of some schemes being broken. Does anyone know what
>schemes have been broken and which schemes are still considered secure?
>Are these schemes mature enough to be considered in standards? And
>does anyone know about the patent status of these schemes?
>
>References to papers would be appreciated.
>
>Thanks,
>
>Radia
>
>
>
>
>---------------------------------------------------------------------
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to
>majordomo at wasabisystems.com
Greg Rose INTERNET: ggr at qualcomm.com
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/
Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list