[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cfrg] Re: [saag] Bad day at the hash function factory

To: saag at mit.edu, cfrg at ietf.org
Subject: Re: [Cfrg] Re: [saag] Bad day at the hash function factory
From: "D. J. Bernstein" <djb at cr.yp.to>
Date: 1 Nov 2004 06:28:04 -0000
Automatic-legal-notices: See http://cr.yp.to/mailcopyright.html.
List-help: <mailto:cfrg-request@ietf.org?subject=help>
List-id: Crypto Forum Research Group <cfrg.ietf.org>
List-post: <mailto:cfrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@ietf.org?subject=unsubscribe>
References: <151A63B4E33B4F49896AC6D1BA788A6E15C57F@EXCHVS2.louisville.stortek.com> <20040926155422.1F55F1AE84@berkshire.research.att.com> <20040926195031.59299.qmail@cr.yp.to> <200410280205.WAA29306@Sparkle.Rodents.Montreal.QC.CA> <kjoeinh8qp.fsf@romeo.rtfm.com>
Sender: cfrg-bounces at ietf.org

Eric Rescorla writes:
> You can then demonstrate that the MAC/Hash is secure if the
> encryption algorithm has a bunch of (somewhat idealized) properties.

There's just one assumption needed for these proofs: namely, someone who
doesn't know the key k can't distinguish AES_k from a uniform random
permutation of the set of 16-byte strings. This was an explicit design
criterion for AES.

---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago

_______________________________________________
Cfrg mailing list
Cfrg at ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg

Follow-Ups:
- Re: [Cfrg] Re: [saag] Bad day at the hash function factory
  - From: John Viega

References:
- [Cfrg] Re: [saag] Bad day at the hash function factory
  - From: Hughes, James P
- [Cfrg] Re: [saag] Bad day at the hash function factory
  - From: Steven M. Bellovin
- Re: [Cfrg] Re: [saag] Bad day at the hash function factory
  - From: D. J. Bernstein
- Re: [Cfrg] Re: [saag] Bad day at the hash function factory
  - From: der Mouse
- Re: [Cfrg] Re: [saag] Bad day at the hash function factory
  - From: Eric Rescorla

Prev by Date: Re: [Cfrg] Re: [saag] Algorithm upgrades
Next by Date: Re: [Cfrg] Re: [saag] Algorithm upgrades
Previous by thread: Re: [Cfrg] Re: [saag] Bad day at the hash function factory
Next by thread: Re: [Cfrg] Re: [saag] Bad day at the hash function factory
Index(es):
- Date
- Thread