[Cryptography] Speculation about Baton Block Cipher
Peter Bowen
pzbowen at gmail.com
Tue Aug 18 19:17:37 EDT 2015
On Tue, Aug 18, 2015 at 1:54 PM, Ray Dillinger <bear at sonic.net> wrote:
> On 08/18/2015 10:18 AM, Ryan Carboni wrote:
>> Baton has:
>>
>> 12 byte block size
>> 16 byte block size
>> 24 byte initialization vector
>> 20 byte key
>> 20 byte checksum
>>
>> Let's play a what does not belong game.
>>
>> Which number does not belong?
>
>
> Heh. Is this a trick question?
>
> The checksum size is of course ludicrous with respect to the key
> and block size.
>
> They don't need more than 4 bytes for a checksum, if that. BATON
> is implemented in hardware with a secret algorithm, so virtually
> anything could be encoded in the remaining 16 bytes and nobody
> would be the wiser.
>
> The fact, however, doesn't lead me to any specific speculations,
> except that it's probably some kind of deliberate side channel.
>
> But it's not at all clear what such a side channel would be
> useful for. It's a Type 1 product. Why do you suppose the
> NSA would install a side channel on their own communications?
I think this is confused. It is a 20 byte (160 bit key) combined with
20 byte "checksum" which is tied to the key. I would guess this is a
keyed checksum used to ensure that only authorized keys are used.
I'm guessing BIP32 is a bit-interleaved parity algorithm, so you are
only looking at 4 bytes of checksum for bulk data.
More information about the cryptography
mailing list