[Cryptography] Shortening block cipher length...

Patrick Chkoreff pc at fexl.com
Wed Jul 21 13:41:50 EDT 2021


I wrote:

> (I suppose I could use the private key to derive a deterministic permutation on the set 2^192, but then I'd have to maintain a counter as mutable state and always increment it.  Guessing a nonce would then be roughly equivalent to guessing the private key itself, and no randomness would be needed except to generate the private key.)

It occurred to me while walking the dog that if you're doing the work of 
maintaining a counter state, the permutation I describe adds no 
security.  Might as well just use the counter directly.


-- Patrick


More information about the cryptography mailing list