[Cryptography] Shortening block cipher length...
Patrick Chkoreff
pc at fexl.com
Wed Jul 21 13:41:50 EDT 2021
I wrote:
> (I suppose I could use the private key to derive a deterministic permutation on the set 2^192, but then I'd have to maintain a counter as mutable state and always increment it. Guessing a nonce would then be roughly equivalent to guessing the private key itself, and no randomness would be needed except to generate the private key.)
It occurred to me while walking the dog that if you're doing the work of
maintaining a counter state, the permutation I describe adds no
security. Might as well just use the counter directly.
-- Patrick
More information about the cryptography
mailing list