[noise] suitably of using Noise in ICS environment

Adam Crain jadamcrain at automatak.com
Thu Jul 14 13:50:36 PDT 2016


Thank you very much for this explanation.

-AC

On Thu, Jul 14, 2016 at 4:43 PM, Samuel Neves <samuel.c.p.neves at gmail.com>
wrote:

> On 14/07/2016 21:18, Adam Crain wrote:
> > Following up on this thread, and not being a cryptographer, what's the
> > reason for including len(ad) in the HMAC calculation? Is there some sort
> of
> > attack possible if encrypt was redefined in terms of HMAC as:
> >
> > ENCRYPT(k, n, ad, plaintext):
> >   plaintext || HMAC(k, n || ad || plaintext)
> >
> > instead of:
> >
> > ENCRYPT(k, n, ad, plaintext):
> >   plaintext || HMAC(k, n || len(ad) || ad || plaintext)
> >
> > What does appending len(ad) accomplish?
>
> Domain separation. Otherwise, you get the same tag for ad = "hello",
> plaintext = "world" or ad = "", plaintext = "helloworld".
>



-- 

J Adam Crain - Partner

 <http://www.automatak.com>

PGP 4096R/E2984A0C <https://www.automatak.com/keys/jadamcrain.asc> 2013-05-03
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20160714/f86c3e21/attachment.html>


More information about the Noise mailing list