[messaging] Sphinx symmetric crypto questions

Jeff Burdges burdges at gnunet.org
Wed Nov 11 11:05:26 PST 2015


I've two basic symmetric crypto questions about the usage of symmetric
crypto in the Sphinx mixnet format :

I suppose a stream cypher was used for the header to simplify padding
the header, yes?  And a stream cypher with a MAC is probably as good or
better than a block cypher anyways.  Amy I missing anything?

I suppose the lioness block cypher selected for the body because :
- We need a cypher that's secure when used in reverse for use with
single-use reply blocks (SURBs), but..
- We could not use a stream cypher because we could not MAC the body
when creating a SURB, but..
- A block cypher does not need the MAC to prevent message modification
- There is no explicit argument in the lionness paper that it's equally
secure in the forwards or backwards direction, but it's pretty obvious
since lion and bear are both sub-cyphers of it.

Is this all correct?

In short, if one wants to implement Sphinx then one really much needs
to implement Lionness too.  Or find something with similar properties,
but Lionness is pretty straight forward.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20151111/dce1301e/attachment.sig>

More information about the Messaging mailing list