[Cryptography] Speculation about Baton Block Cipher
Peter Bowen
pzbowen at gmail.com
Mon Aug 17 16:12:00 EDT 2015
On Mon, Aug 17, 2015 at 8:09 AM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> ianG <iang at iang.org> writes:
>>On 13/08/2015 07:37 am, Ryan Carboni wrote:
>>> https://en.wikipedia.org/wiki/BATON
>>>
>>> I think in modern terms, according to the above wikipedia page:
>>>
>>> BATON is a family of authenticated encryption ciphers, with a variable
>>> block width, and accepts a tweak as an input?
>
>>"160 bits of the key are checksum material."
>
> That's not a tweak, it's just a way of making the crypto capture-proof, you
> can only key it using an NSA-supplied fill device. The Clipper/Capstone chip
> did the same thing (although not very well, as Matt Blaze demonstrated).
>
> So what you've got is... a block cipher. Nothing magic about it.
And various docs have indicated that BATON is used in CBC mode with
BIP32 for integrity while the newer MEDLEY algorithm is used in
galois/counter mode. So both look like common block ciphers.
More information about the cryptography
mailing list