CCM Mode
despot at crosswinds.net
despot at crosswinds.net
Sat Aug 17 19:18:36 EDT 2002
On Thu, 15 Aug 2002, Housley, Russ wrote:
> http://ftp.ietf.org/internet-drafts/draft-housley-ccm-mode-00.txt
>
> It contains a specification for an authenticated encryption mode.
While this merging is alluded to in the OCB paper and elsewhere, I still
found the idea of the CCM mode interesting. It is taking two separate modes
and merging them into one. It is performing authentication (CBC-MAC) then
encryption (CTR), and, while I have not seen the details of the security of
this scheme, I imagine it is somewhat focused on the notions outlined in the
Krawczyk papers last year.
I think this "expansion" of modes is a beneficial move. Instead of allowing
protocol designers to attempt to figure out the proper ways to merge
authentication and encryption modes, modes are being designed that cover the
proper use of both. This is a good thing.
Of course, I am not ignoring modes like OCB that use "blended constructs" to
perform both encryption and authentication. Such modes can achieve the
benefits of "merged modes" with potentially more efficiency.
-Andrew
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list