<div dir="ltr">If you want a deterministic nonce, why not use a counter instead of SIV?</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Aug 26, 2014 at 11:10 AM, Jonathan Moore <span dir="ltr"><<a href="mailto:moore@eds.org" target="_blank">moore@eds.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hello all, coming out of lurk mode.</div><div><br></div>I have been thinking about how to more safely use cyphers in environments where one does not know for sure that they have a good source of entropy. A simple approach is to not use any; for instance, just use the hash of the clear text as the IV of a message when using a stream cipher. Ex:<div>
<br></div><div> nonce = hmac( key, message )</div><div> box( nonce, key, message ) </div><div><br></div><div><br></div><div>The has the obvious downside of losing semantic security. To improve on this we could mix a source of supposed entropy with a deterministic approach. To extend the above example:</div>
<div><div><br> nonce = hmac( key, hmac( possiblyRand(), message ) )</div><div> box( nonce, key, message ) </div></div><div><br></div><div>It would seem that if possibly rand turns out to be predictable the only thing we have lost is semantic security and not confidentiality. This seems like a nice property to have.</div>
<div><br></div><div>Questions for those interested:</div><div> 1. Am I missing anything important that means this is a bad idea?</div><div> 2. Does this have the claimed properties?</div><div> 3. Is there a better mixing function then hmac?</div>
<span class="HOEnZb"><font color="#888888">
<div><br></div><div>-Jonathan</div></font></span></div>
<br>_______________________________________________<br>
Noise mailing list<br>
<a href="mailto:Noise@moderncrypto.org">Noise@moderncrypto.org</a><br>
<a href="https://moderncrypto.org/mailman/listinfo/noise" target="_blank">https://moderncrypto.org/mailman/listinfo/noise</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Tony Arcieri<br>
</div>