[Cryptography] Speculation about Baton Block Cipher

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Aug 17 11:09:25 EDT 2015


ianG <iang at iang.org> writes:
>On 13/08/2015 07:37 am, Ryan Carboni wrote:
>> https://en.wikipedia.org/wiki/BATON
>>
>> I think in modern terms, according to the above wikipedia page:
>>
>> BATON is a family of authenticated encryption ciphers, with a variable
>> block width, and accepts a tweak as an input?
>
>But yes, I see the hint about the checksum:
>
>"160 bits of the key are checksum material."

>But yes, I see the hint about the checksum:
>
>"160 bits of the key are checksum material."

That's not a tweak, it's just a way of making the crypto capture-proof, you
can only key it using an NSA-supplied fill device.  The Clipper/Capstone chip
did the same thing (although not very well, as Matt Blaze demonstrated).

So what you've got is... a block cipher.  Nothing magic about it.

Peter.


More information about the cryptography mailing list