[Cryptography] Dan Bernstein has a new blog entry on key breaking
Patrick Chkoreff
patrick at rayservers.net
Tue Nov 24 14:21:16 EST 2015
Dave Horsfall wrote on 11/23/2015 11:36 PM:
> On Mon, 23 Nov 2015, Viktor Dukhovni wrote:
>
>> The other key can simply be the same for every block, no need for RC4:
>>
>> K_1 xor AES(K_2, data) xor K_1
>
> Err, unless I've missed something, isn't this just the AES() bit? Those
> two XORs would cancel out...
Yes, I was wondering about that. In light of the recent mention of
Even-Mansour, wouldn't that be something more like this?
AES(K_2, K_1 xor data) xor K_1
-- Patrick
More information about the cryptography
mailing list