Re: IBM press release - encryption and authentication

[Enzo Michelangeli]

Apart from the parallelization-friendliness, wouldn't the same result be
achieved by encrypting the concatenation of the plaintext with a MAC
implemented through a fast error detection code (say, a sufficiently long
CRC)? Due to the presence of encryption, the security properties of the
inner MAC don't appear to really matter (as they would in the "DES-CBC
first, then HMAC-MD5" scenario mentioned in the draft for comparison).

Enzo

----- Original Message -----
From: "Steven M. Bellovin" <[EMAIL PROTECTED]>
To: "P.J. Ponder" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Saturday, December 09, 2000 8:50 AM
Subject: Re: IBM press release - encryption and authentication


> In message
<[EMAIL PROTECTED]>, "P
> .J. Ponder" writes:
> >from: http://www.ibm.com/news/2000/11/30.phtml
> >
> >IBM develops algorithm that encrypts and authenticates simultaneously
> >
>
> More precisely, this is a new mode of operation that does encryption
> and authentication in one pass.  It's also amenable to parallelization,
> thus making it suitable for very high speed networks.  (Traditional
> modes of operation, such as CBC, are problematic, since every block
> depends on the encryption of the previous block.)
>
> --Steve Bellovin
>
>
>