how to encrypt and integrity-check with only one key

David-Sarah Hopwood david-sarah at
Tue Sep 15 00:03:59 EDT 2009

Zooko Wilcox-O'Hearn wrote:
> following-up to my own post:
> On Monday,2009-09-14, at 10:22 , Zooko Wilcox-O'Hearn wrote:
>> David-Sarah Hopwood suggested the improvement that the integrity-check
>> value "V" could be computed as an integrity check (i.e. a secure hash)
>> on the K1_enc in addition to the file contents.
> Oops, that's impossible.  What David-Sarah Hopwood actually said was
> that this would be nice if it were possible, but since it isn't then
> people should pass around the tuple of (v, K1_enc) whenever they want to
> verify the integrity of the ciphertext.

Zooko is referring to the argument after the first '-' in that post.
Note that the argument after the second '-' was wrong; see the correction in

David-Sarah Hopwood  ⚥

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list