[noise] suitably of using Noise in ICS environment
Samuel Neves
samuel.c.p.neves at gmail.com
Thu Jul 14 13:43:44 PDT 2016
On 14/07/2016 21:18, Adam Crain wrote:
> Following up on this thread, and not being a cryptographer, what's the
> reason for including len(ad) in the HMAC calculation? Is there some sort of
> attack possible if encrypt was redefined in terms of HMAC as:
>
> ENCRYPT(k, n, ad, plaintext):
> plaintext || HMAC(k, n || ad || plaintext)
>
> instead of:
>
> ENCRYPT(k, n, ad, plaintext):
> plaintext || HMAC(k, n || len(ad) || ad || plaintext)
>
> What does appending len(ad) accomplish?
Domain separation. Otherwise, you get the same tag for ad = "hello", plaintext = "world" or ad = "", plaintext = "helloworld".
More information about the Noise
mailing list