[42167] in cryptography@c2.net mail archive
Re: IGE mode is broken (Re: IGE mode in OpenSSL)
daemon@ATHENA.MIT.EDU (James A. Donald)
Mon Sep 11 08:16:32 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 11 Sep 2006 06:33:59 +1000
From: "James A. Donald" <jamesd@echeque.com>
To: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <4503F7E4.6030109@echeque.com>
Typo:
James A. Donald wrote:
> Let P(k) be the kth block of plain text. We prepend a
> random block, P(0) to the text, and append a fixed block
> to the end. If anything is altered, the fixed block at
> the end will not contain the expected data, but will be
> gibberish.
>
> The adversary knows every block in the plain text
> message except our P(0). He can intercept and change
> the encrypted message. He wishes to modify the message
> so that the intended recipient receives something
> different from the message that the adversary knows he
> should receive without the intended recipient realizing
> something is wrong.
>
> Let W(k) = P(k) + W(k-1) + W(k-1)&{W(k-1)}
>
> Where & means bitwise and, and + means addition modulo 2
> to the block size.
>
> W(0) = P(0) (our random block, unknown to the adversary
> or the recipient, and changing with every message.)
>
> {} means encryption, {W(k-1)} is the block we get by
> encrypting W(k-1)
>
> We transmit T(k)= {W(k)} + W(k-1)|{W(k-1)} where |
> means bitwise or, curly brace means encryption.
Should read:
We transmit T(k) = {W(k)} + ((~W(k-11){W(k-1)})
where ~ means bitwise negation, | means bitwise or,
curly brace means encryption.
> W(-1) is zero.
>
> The adversary knows P(k), except for P(0), and can
> intercept all transmitted values T(k).
>
> Because the combination of addition and bitwise logical
> operations is non linear, this method gets through a
> loophole in Jutla's proof in
> http://eprint.iacr.org/2000/039
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
