What's the state of the art in one-pass integrity/encryption?

Greg Rose ggr at qualcomm.com
Sat Nov 24 19:22:09 EST 2001 

All of the early schemes were broken, as was the NSA's submission to the 
AES Modes of Operation workshop. However, three schemes, all similar in 
principal, have not only survived, but have proofs of correctness. The 
first was Charanjit Jutla's IAPM mode, another is Rogaway's OCB, and the 
third is from Gligor and Pompescu but I can't remember its name (I'm 
passing through SFO as I write this, so forgive me for not having 
references to hand).

Phil Hawkes and I have extended IAPM (and I believe the method is 
applicable to the other modes too) so that you can authenticate parts of 
the message that are not encrypted, like IP headers for example. We sent 
public comments to NIST about this, or I cam post more detail if you need.

regards,
Greg.

At 05:29 PM 11/24/2001 -0500, Radia Perlman - Boston Center for Networking 
wrote:
>In the last few years I've heard of some one-pass schemes
>(schemes that with one cryptographic pass over the data encrypt
>the data and generate an integrity check), and I've
>also heard of some schemes being broken. Does anyone know what
>schemes have been broken and which schemes are still considered secure?
>Are these schemes mature enough to be considered in standards? And
>does anyone know about the patent status of these schemes?
>
>References to papers would be appreciated.
>
>Thanks,
>
>Radia
>
>
>
>
>---------------------------------------------------------------------
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to 
>majordomo at wasabisystems.com


Greg Rose                                       INTERNET: ggr at qualcomm.com
Qualcomm Australia          VOICE:  +61-2-9817 4188   FAX: +61-2-9817 5199
Level 3, 230 Victoria Road,                http://people.qualcomm.com/ggr/
Gladesville NSW 2111    232B EC8F 44C6 C853 D68F  E107 E6BF CD2F 1081 A37C




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list