[noise] Thoughts on semi-deterministic encryption
Jonathan Moore
moore at eds.org
Tue Aug 26 11:10:40 PDT 2014
Hello all, coming out of lurk mode.
I have been thinking about how to more safely use cyphers in environments
where one does not know for sure that they have a good source of entropy.
A simple approach is to not use any; for instance, just use the hash of
the clear text as the IV of a message when using a stream cipher. Ex:
nonce = hmac( key, message )
box( nonce, key, message )
The has the obvious downside of losing semantic security. To improve on
this we could mix a source of supposed entropy with a deterministic
approach. To extend the above example:
nonce = hmac( key, hmac( possiblyRand(), message ) )
box( nonce, key, message )
It would seem that if possibly rand turns out to be predictable the only
thing we have lost is semantic security and not confidentiality. This seems
like a nice property to have.
Questions for those interested:
1. Am I missing anything important that means this is a bad idea?
2. Does this have the claimed properties?
3. Is there a better mixing function then hmac?
-Jonathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20140826/1429eab9/attachment.html>
More information about the Noise
mailing list