Hi Wei,
first template parameter to DL_EncryptionAlgorithm_Xor.
Is another possible solution the following: Derive DL_EncryptionAlgorithm_Xor_NULL from DL_SymmetricEncryptionAlgorithm? Is ECIES using 'class MAC' for anything other than T in the (C,V,T) object? Jeff template <class MAC, bool DHAES_MODE> class DL_EncryptionAlgorithm_Xor : public DL_SymmetricEncryptionAlgorithm ... On 11/10/06, Wei Dai <[EMAIL PROTECTED]> wrote:
When you decrypt an invalid ciphertext with ECIES, the DecodingResult returned by Decrypt() should have isValidCoding == false. Is this not the case? V is a temporary public key created for the message, and is needed to decrypt. T can be omitted if you do not care about the security properties that it provides, but to do this you'll need to create a dummy MAC class with a 0 MAC tag size and use it as the first template parameter to DL_EncryptionAlgorithm_Xor. ----- Original Message ----- From: "Jeffrey Walton" <[EMAIL PROTECTED]> To: "Crypto" <[email protected]> Sent: Saturday, November 11, 2006 2:53 AM Subject: General Question on ECIES Operations > Hi All, > > When one uses ECIES, an ECIES ciphertext object (V, C, T) is created, > where: > > * V is EC public key > * C is encrypted message > * T is authentication tag generated from a message M > > If I tamper with the cipher text object (for example, change byte[ 0 > ]), and then decrypt, Crypto++ does not throw and error. I've gone as > far as changing every third byte. > > How does one detect this (I would expect it would be caught during > decryption using T)? On a side note, is it possible to pull out > encrypted message C if V and T are not required (to further reduce the > size of the encryption object)? > > Jeff >
