User Tools

Site Tools


ae

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
ae [18/03/2014 13:06:19]
mmeh [Cryptanalysis]
ae [06/11/2014 09:52:48] (current)
mmeh Added draft 7 v2 which was posted on the group
Line 3: Line 3:
 ===== The Algorithm ===== ===== The Algorithm =====
   * Author(s): Francisco Recacha   * Author(s): Francisco Recacha
-  * CAESAR submission: [[http://​competitions.cr.yp.to/​round1/​aev10.pdf|++AE]]+  * CAESAR submission: [[http://​competitions.cr.yp.to/​round1/​aev10.pdf|++AE ​v1.0]] 
 +  * Updated specification:​ [[http://​competitions.cr.yp.to/​round1/​aev11.pdf|++AE v1.1]] 
 +  * [[https://​drive.google.com/​file/​d/​0BwIp2vVoyv3lbWk4dS1fUTJTZWs/​view|v2 draft 7]] 
 +  * [[http://​competitions.cr.yp.to/​round1/​aev10-analysis.pdf|Security analysis]] 
 +  * [[https://​maps.google.com/​maps?​q=40.380028,​-3.101807&​num=1&​t=m&​z=6|Location]]
  
 ===== Cryptanalysis ===== ===== Cryptanalysis =====
-Damien ​Vizár ​pointed out in [[https://​groups.google.com/​forum/#​!topic/​crypto-competitions/​J2ckmxKKupA|this discussion]] on the Cryptographic Competitions group that one can trivially forge valid ciphertext/​tag pairs for input where the last block of associated data is not a multiple of the block length. This is due to the padding rule for the last associated data block: rather than using 10* padding, padding is done using only zeroes. This can be fixed using 10* padding instead. +^ Type     ^ Queries ^ Success probability ^ Reference ^ 
- +| Forgery | 1 | 1 | Vizár [[https://​groups.google.com/​forum/#​!topic/​crypto-competitions/​J2ckmxKKupA| ​on newsgroup]] |
- +
ae.1395147979.txt.gz · Last modified: 18/03/2014 13:06:19 by mmeh