[noise] Thoughts on semi-deterministic encryption

Jonathan Moore moore at eds.org
Tue Aug 26 11:10:40 PDT 2014

Hello all, coming out of lurk mode.

I have been thinking about how to more safely use cyphers in environments
where one does not know for sure that they have a good source of entropy.
 A simple approach is to not use any; for instance, just use the hash of
the clear text as the IV of a message when using a stream cipher. Ex:

  nonce = hmac( key, message )
  box( nonce, key, message )

The has the obvious downside of losing semantic security. To improve on
this we could mix a source of supposed entropy with a deterministic
approach. To extend the above example:

  nonce = hmac( key, hmac( possiblyRand(), message )  )
  box( nonce, key, message )

It would seem that if possibly rand turns out to be predictable the only
thing we have lost is semantic security and not confidentiality. This seems
like a nice property to have.

Questions for those interested:
  1. Am I missing anything important that means this is a bad idea?
  2. Does this have the claimed properties?
  3. Is there a better mixing function then hmac?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20140826/1429eab9/attachment.html>

More information about the Noise mailing list