[Cryptography] Shortening block cipher length...

Jon Callas jon at callas.org
Thu Apr 1 17:08:34 EDT 2021

> On Mar 29, 2021, at 19:21, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> If the presence of a nonce and use of nonstandard builing blocks is a 
> problem then there's the nonce-less two-pass encryption trick invented by 
> Colin Plumb which takes any standard block cipher, without needing a tweak/
> nonce/whatever, and makes it as wide as you need it to be.

Colin's trick is essentially isomorphic to XEX, and not as fast. He generates a CFB IV via a fast hash. Then it's just CFB. It's clever, and without much formal analysis. (If you want to argue that it doesn't need it, I agree, and yet it doesn't have it.)

Another option and much better defined is AEZ:


The really important thing is the theory paper, <https://www.cs.ucdavis.edu/~rogaway/aez/rae.pdf>, which is brilliant and anyone who wants to look at block cipher theory should read and understand it.


More information about the cryptography mailing list