-----BEGIN PGP SIGNED MESSAGE-----
Bruce Schneier wrote (CRYPTO-GRAM, December 15, 2000):
> Combining encryption with authentication is not new. The literature has
> had algorithms that do both for years. This reearch has a lot in common
> with Phillip Rogaway's OCB mode. On the public-key side of things, Y.
> Zheng has been working on "signcryption" since 1998.
> ...
>
In the IETF, we discussed this on the IPSec mailing list as early as
August 1994. As best I can recall, I first presented Cipher Block
CheckSums (CBCS) at the December 1994 meeting, and wrote the first
formal draft in February 1995. The last internet-draft was July 1998.
The IBM scheme also has somewhat in common with various "enhancements"
to DES-XEX that were discussed. I'm not sure when the first draft
was written (this laptop only goes back to 1997), but the last
internet-draft (draft-simpson-ipsec-enhancement-01.txt) was May 1997.
Both efforts used a separate authentication key to generate a sequence
that was XOR'd with the plaintext and/or ciphertext.
> Unfortunately, IBM is patenting these modes of operation. This makes it
> even less likely that anyone will implement it, and very unlikely that NIST
> will make it a standard. We've lived under the RSA patents for long
> enough; no one will willingly submit themselves to another patent regime
> unless there is a clear and compelling advantage. It's just not worth it.
>
(roar of the crowd in agreement)
As far as I can tell, the only unique element is the mod 2^128 - 159
function. We just need to use another function.
Greg Rose points out that the function is flawed.
My own favorite (in CBCS) has been rotation by the population count
(of the number of 1 bits). Very non-linear. Some folks think that's
slow, but it's fast compared to MD5.... And that's what we used in the
old CDC, which had a machine instruction for population count.
Bram Cohen wrote:
>
> There's an improved version of the IBM mode at
> http://csrc.nist.gov/encryption/aes/modes/ in the 'OCB mode' paper.
>
> Clearly, it's a good idea to wait for new developments to stop happening
> to use the new modes.
>
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1
iQCVAwUBOjtqgdm/qMj6R+sxAQGbxgQArF2xcR7elH9GD71KqacgrIakskpnL1nE
7FCVE/kcYCMnc5QhZlr80gdVGFhvMZLgm7wOzRHAgaPM+U//ZWcdfazVuaHHC8kH
YYlabqeFpJ2SAP2MRIruJde1fFzatpjb87OimhxRC4NTlsc6UQEqBsqzAB5iEh5r
sDNlF5YD+GA=
=8Vry
-----END PGP SIGNATURE-----
