[16305] in cryptography@c2.net mail archive
Re: AES Modes
daemon@ATHENA.MIT.EDU (John Kelsey)
Tue Oct 12 11:41:09 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 12 Oct 2004 09:57:15 -0400 (GMT-04:00)
From: John Kelsey <kelsey.j@ix.netcom.com>
Reply-To: John Kelsey <kelsey.j@ix.netcom.com>
To: Ian Grigg <iang@systemics.com>,
Metzdowd Crypto <cryptography@metzdowd.com>
>From: Ian Grigg <iang@systemics.com>
>Sent: Oct 10, 2004 11:11 AM
>To: Metzdowd Crypto <cryptography@metzdowd.com>
>Subject: AES Modes
>I'm looking for basic mode to encrypt blocks (using AES)
>of about 1k in length, +/- an order of magnitude. Looking
>at the above table (2nd link) there are oodles of proposed
>ones.
>It would be nice to have a mode that didn't also require
>a separate MAC operation - I get the impression that
>this is behind some of the proposals?
I think CCM is just about perfect for this goal. The MAC isn't free, but it's integrated into the chaining mode. There are also some patented modes that provide a MAC for almost no extra computation(OCB, IACBC), and some proposed modes that combine an efficient, parallelizeable MAC with encryption in a secure way (CWC,GCM), though none of these are standards yet.
>iang
--John
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
