This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
ae [18/03/2014 13:06:19] mmeh [Cryptanalysis] |
ae [06/11/2014 09:52:48] (current) mmeh Added draft 7 v2 which was posted on the group |
||
---|---|---|---|
Line 3: | Line 3: | ||
===== The Algorithm ===== | ===== The Algorithm ===== | ||
* Author(s): Francisco Recacha | * Author(s): Francisco Recacha | ||
- | * CAESAR submission: [[http://competitions.cr.yp.to/round1/aev10.pdf|++AE]] | + | * CAESAR submission: [[http://competitions.cr.yp.to/round1/aev10.pdf|++AE v1.0]] |
+ | * Updated specification: [[http://competitions.cr.yp.to/round1/aev11.pdf|++AE v1.1]] | ||
+ | * [[https://drive.google.com/file/d/0BwIp2vVoyv3lbWk4dS1fUTJTZWs/view|v2 draft 7]] | ||
+ | * [[http://competitions.cr.yp.to/round1/aev10-analysis.pdf|Security analysis]] | ||
+ | * [[https://maps.google.com/maps?q=40.380028,-3.101807&num=1&t=m&z=6|Location]] | ||
===== Cryptanalysis ===== | ===== Cryptanalysis ===== | ||
- | Damien Vizár pointed out in [[https://groups.google.com/forum/#!topic/crypto-competitions/J2ckmxKKupA|this discussion]] on the Cryptographic Competitions group that one can trivially forge valid ciphertext/tag pairs for input where the last block of associated data is not a multiple of the block length. This is due to the padding rule for the last associated data block: rather than using 10* padding, padding is done using only zeroes. This can be fixed using 10* padding instead. | + | ^ Type ^ Queries ^ Success probability ^ Reference ^ |
- | + | | Forgery | 1 | 1 | Vizár [[https://groups.google.com/forum/#!topic/crypto-competitions/J2ckmxKKupA| on newsgroup]] | | |
- | + |