William Allen Simpson wrote: >As far as I can tell, the only unique element is the mod 2^128 - 159 >function. We just need to use another function. > >My own favorite (in CBCS) has been rotation by the population count [...] The uniquely valuable aspect of Jutla's scheme (and other related schemes, e.g. Gligor's or Rogaway's schemes) is that it comes with a proof of security. History shows that it is extremely easy to propose schemes for encryption-with-integrity that are plausible-looking yet nonetheless entirely broken. At this point, I don't think I would trust very much a proposal without a proof. And I think it would be fair to say that CBCS falls into the camp of plausible but unproven proposals. (Correct me if I'm wrong!)
- Re: IBM press release - encryption and authenti... Enzo Michelangeli
- Re: IBM press release - encryption and auth... Nikita Borisov
- Re: IBM press release - encryption and ... Bram Cohen
- Re: IBM press release - encryption and ... Enzo Michelangeli
- Re: IBM press release - encryption ... David Wagner
- Re: IBM press release - encryp... Enzo Michelangeli
- Re: IBM press release - encryp... Ben Laurie
- Re: Re: IBM press release - encryption and authentic... sao19677
- Re: IBM press release - encryption and authenticatio... Nikita Borisov
- Re: IBM press release - encryption and authenticatio... William Allen Simpson
- Re: IBM press release - encryption and authenti... David Wagner
- Re: IBM press release - encryption and auth... William Allen Simpson