Re: [cryptopp-users] Provable secure Authenticated Encryption scheme

[Uri Blumenthal]

You *plan* to use a different key for each message. I prefer Moses that don't 
break even when plans fail, for whatever reason.

GCM = CTR + GMAC

GCM-SIV = CTR +POLYVAL + KeySched

Yes, to the best of my knowledge, GCM-SIV is free to use, commercial or 
otherwise. The RFC should state this, if I'm not mistaken.

If Crypto++ doesn't support SIV, it should and will.

I'm biased, so can't/won't comment on NIST.

> On Feb 25, 2021, at 17:34, Devharsh Trivedi  wrote:
> 
> Also, Is AES-GCM-SIV recommended by NIST?
> 
> I see a proposal over here - 
> https://csrc.nist.gov/CSRC/media/Projects/Block-Cipher-Techniques/documents/BCM/proposed-modes/aes-gcm-siv/aes-gcm-siv-may2019.pdf
> 
>> On Thursday, 25 February 2021 at 17:26:40 UTC-5 Devharsh Trivedi wrote:
>> Thank you for the prompt response. :)
>> 
>> Yes I am planning to use a new KEY for each message. (Keeping the IV/nonce 
>> same)
>> 
>> How about AES-GCM-GMAC? Is it same as AES-GCM?
>> 
>> Is AES-GCM-SIV patent free? Does cryptopp provide AES-GCM-SIV library?
>> 
 On Feb 25, 2021, at 5:04 PM, Uri Blumenthal  wrote:
 
>>> What is your threat model?
>>> 
>>> If you can guarantee that a combination of Key + Nonce will not repeat, 
>>> AES-GCM is a better choice.
>>> 
>>> AES-GCM is a yesterday's achievement. A smarter and a more secure 
>>> altogether choice today is AES-GCM-SIV.
>>> 
>>> CBC + HMAC is/was before yesterday.
>>> 
> On Feb 25, 2021, at 14:39, Devharsh Trivedi  wrote:
> 
 Which of the following is more secure?
 1. AES-GCM (AEAD)
 2. AES-CBC+HMAC (EtA)
 
 Ref.: https://www.cryptopp.com/wiki/Authenticated_Encryption
 
 
 -- 
 You received this message because you are subscribed to "Crypto++ Users". 
 More information about Crypto++ and this group is available at 
 http://www.cryptopp.com and 
 http://groups.google.com/forum/#!forum/cryptopp-users.
 --- 
 You received this message because you are subscribed to the Google Groups 
 "Crypto++ Users" group.
 To unsubscribe from this group and stop receiving emails from it, send an 
 email to cryptopp-user...@googlegroups.com.
 To view this discussion on the web visit 
 https://groups.google.com/d/msgid/cryptopp-users/52d33781-53bb-48e9-a895-c996c1254410n%40googlegroups.com.
>>> 
>>> 
>>> -- 
>>> You received this message because you are subscribed to "Crypto++ Users". 
>>> More information about Crypto++ and this group is available at 
>>> http://www.cryptopp.com and 
>>> http://groups.google.com/forum/#!forum/cryptopp-users.
>>> --- 
>> 
>>> You received this message because you are subscribed to a topic in the 
>>> Google Groups "Crypto++ Users" group.
>>> To unsubscribe from this topic, visit 
>>> https://groups.google.com/d/topic/cryptopp-users/YWPsZ0XmXiU/unsubscribe.
>>> To unsubscribe from this group and all its topics, send an email to 
>>> cryptopp-user...@googlegroups.com.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/cryptopp-users/5A177871-94E1-487F-ABFB-4F88ADA7424D%40gmail.com.
>> 
> 
> -- 
> You received this message because you are subscribed to "Crypto++ Users". 
> More information about Crypto++ and this group is available at 
> http://www.cryptopp.com and 
> http://groups.google.com/forum/#!forum/cryptopp-users.
> --- 
> You received this message because you are subscribed to the Google Groups 
> "Crypto++ Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cryptopp-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/cryptopp-users/45b38ffa-2191-4d32-b367-b40d1a9308a5n%40googlegroups.com.

-- 
You received this message because you are subscribed to "Crypto++ Users". More 
information about Crypto++ and this group is available at 
http://www.cryptopp.com and 
http://groups.google.com/forum/#!forum/cryptopp-users.
--- 
You received this message because you are subscribed to the Google Groups 
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cryptopp-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/cryptopp-users/F6AF66B3-A901-43D2-892C-E30CAE69957D%40gmail.com.


smime.p7s
Description: S/MIME cryptographic signature

Re: [cryptopp-users] Provable secure Authenticated Encryption scheme

[Jeffrey Walton]

On Thu, Feb 25, 2021 at 2:39 PM Devharsh Trivedi
 wrote:
>
> Which of the following is more secure?
> 1. AES-GCM (AEAD)
> 2. AES-CBC+HMAC (EtA)
>
> Ref.: https://www.cryptopp.com/wiki/Authenticated_Encryption

Also see https://www.cryptopp.com/wiki/Integrated_Encryption_Scheme.

Jeff

-- 
You received this message because you are subscribed to "Crypto++ Users". More 
information about Crypto++ and this group is available at 
http://www.cryptopp.com and 
http://groups.google.com/forum/#!forum/cryptopp-users.
--- 
You received this message because you are subscribed to the Google Groups 
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cryptopp-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/cryptopp-users/CAH8yC8%3DTpRiAFRVujgJnSX3nRhvbXOVAUW-JuiCcC82sjK6kzw%40mail.gmail.com.

Re: [cryptopp-users] Provable secure Authenticated Encryption scheme

[Devharsh Trivedi]

Also, Is AES-GCM-SIV recommended by NIST?

I see a proposal over here - 
https://csrc.nist.gov/CSRC/media/Projects/Block-Cipher-Techniques/documents/BCM/proposed-modes/aes-gcm-siv/aes-gcm-siv-may2019.pdf

On Thursday, 25 February 2021 at 17:26:40 UTC-5 Devharsh Trivedi wrote:

> Thank you for the prompt response. :)
>
> Yes I am planning to use a new KEY for each message. (Keeping the IV/nonce 
> same)
>
> How about AES-GCM-GMAC? Is it same as AES-GCM?
>
> Is AES-GCM-SIV patent free? Does cryptopp provide AES-GCM-SIV library?
>
> On Feb 25, 2021, at 5:04 PM, Uri Blumenthal  wrote:
>
> What is your threat model?
>
> If you can guarantee that a combination of Key + Nonce will not repeat, 
> AES-GCM is a better choice.
>
> AES-GCM is a yesterday's achievement. A smarter and a more secure 
> altogether choice today is AES-GCM-SIV.
>
> CBC + HMAC is/was before yesterday.
>
> On Feb 25, 2021, at 14:39, Devharsh Trivedi  wrote:
>
> Which of the following is more secure?
> 1. AES-GCM (AEAD)
> 2. AES-CBC+HMAC (EtA)
>
> Ref.: https://www.cryptopp.com/wiki/Authenticated_Encryption
>
>
> -- 
> You received this message because you are subscribed to "Crypto++ Users". 
> More information about Crypto++ and this group is available at 
> http://www.cryptopp.com and 
> http://groups.google.com/forum/#!forum/cryptopp-users.
> --- 
> You received this message because you are subscribed to the Google Groups 
> "Crypto++ Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cryptopp-user...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/cryptopp-users/52d33781-53bb-48e9-a895-c996c1254410n%40googlegroups.com
>  
> 
> .
>
>
> -- 
> You received this message because you are subscribed to "Crypto++ Users". 
> More information about Crypto++ and this group is available at 
> http://www.cryptopp.com and 
> http://groups.google.com/forum/#!forum/cryptopp-users.
> --- 
>
> You received this message because you are subscribed to a topic in the 
> Google Groups "Crypto++ Users" group.
> To unsubscribe from this topic, visit 
> https://groups.google.com/d/topic/cryptopp-users/YWPsZ0XmXiU/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to 
> cryptopp-user...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/cryptopp-users/5A177871-94E1-487F-ABFB-4F88ADA7424D%40gmail.com
>  
> 
> .
>
>
>

-- 
You received this message because you are subscribed to "Crypto++ Users". More 
information about Crypto++ and this group is available at 
http://www.cryptopp.com and 
http://groups.google.com/forum/#!forum/cryptopp-users.
--- 
You received this message because you are subscribed to the Google Groups 
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cryptopp-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/cryptopp-users/45b38ffa-2191-4d32-b367-b40d1a9308a5n%40googlegroups.com.

Re: [cryptopp-users] Provable secure Authenticated Encryption scheme

[Devharsh Trivedi]

Thank you for the prompt response. :)

Yes I am planning to use a new KEY for each message. (Keeping the IV/nonce same)

How about AES-GCM-GMAC? Is it same as AES-GCM?

Is AES-GCM-SIV patent free? Does cryptopp provide AES-GCM-SIV library?

> On Feb 25, 2021, at 5:04 PM, Uri Blumenthal  wrote:
> 
> What is your threat model?
> 
> If you can guarantee that a combination of Key + Nonce will not repeat, 
> AES-GCM is a better choice.
> 
> AES-GCM is a yesterday's achievement. A smarter and a more secure altogether 
> choice today is AES-GCM-SIV.
> 
> CBC + HMAC is/was before yesterday.
> 
>> On Feb 25, 2021, at 14:39, Devharsh Trivedi  wrote:
>> 
>> Which of the following is more secure?
>> 1. AES-GCM (AEAD)
>> 2. AES-CBC+HMAC (EtA)
>> 
>> Ref.: https://www.cryptopp.com/wiki/Authenticated_Encryption
>> 
>> 
>> -- 
>> You received this message because you are subscribed to "Crypto++ Users". 
>> More information about Crypto++ and this group is available at 
>> http://www.cryptopp.com  and 
>> http://groups.google.com/forum/#!forum/cryptopp-users 
>> .
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "Crypto++ Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cryptopp-users+unsubscr...@googlegroups.com 
>> .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/cryptopp-users/52d33781-53bb-48e9-a895-c996c1254410n%40googlegroups.com
>>  
>> .
> 
> 
> -- 
> You received this message because you are subscribed to "Crypto++ Users". 
> More information about Crypto++ and this group is available at 
> http://www.cryptopp.com  and 
> http://groups.google.com/forum/#!forum/cryptopp-users 
> .
> --- 
> You received this message because you are subscribed to a topic in the Google 
> Groups "Crypto++ Users" group.
> To unsubscribe from this topic, visit 
> https://groups.google.com/d/topic/cryptopp-users/YWPsZ0XmXiU/unsubscribe 
> .
> To unsubscribe from this group and all its topics, send an email to 
> cryptopp-users+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/cryptopp-users/5A177871-94E1-487F-ABFB-4F88ADA7424D%40gmail.com
>  
> .

-- 
You received this message because you are subscribed to "Crypto++ Users". More 
information about Crypto++ and this group is available at 
http://www.cryptopp.com and 
http://groups.google.com/forum/#!forum/cryptopp-users.
--- 
You received this message because you are subscribed to the Google Groups 
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cryptopp-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/cryptopp-users/77D6BD56-7A3C-4AAB-B727-7803BC79A47A%40gmail.com.

Re: [cryptopp-users] Provable secure Authenticated Encryption scheme

[Uri Blumenthal]

What is your threat model?

If you can guarantee that a combination of Key + Nonce will not repeat, AES-GCM 
is a better choice.

AES-GCM is a yesterday's achievement. A smarter and a more secure altogether 
choice today is AES-GCM-SIV.

CBC + HMAC is/was before yesterday.

> On Feb 25, 2021, at 14:39, Devharsh Trivedi  wrote:
> 
> Which of the following is more secure?
> 1. AES-GCM (AEAD)
> 2. AES-CBC+HMAC (EtA)
> 
> Ref.: https://www.cryptopp.com/wiki/Authenticated_Encryption
> 
> -- 
> You received this message because you are subscribed to "Crypto++ Users". 
> More information about Crypto++ and this group is available at 
> http://www.cryptopp.com and 
> http://groups.google.com/forum/#!forum/cryptopp-users.
> --- 
> You received this message because you are subscribed to the Google Groups 
> "Crypto++ Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cryptopp-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/cryptopp-users/52d33781-53bb-48e9-a895-c996c1254410n%40googlegroups.com.

-- 
You received this message because you are subscribed to "Crypto++ Users". More 
information about Crypto++ and this group is available at 
http://www.cryptopp.com and 
http://groups.google.com/forum/#!forum/cryptopp-users.
--- 
You received this message because you are subscribed to the Google Groups 
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cryptopp-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/cryptopp-users/5A177871-94E1-487F-ABFB-4F88ADA7424D%40gmail.com.


smime.p7s
Description: S/MIME cryptographic signature

[cryptopp-users] Provable secure Authenticated Encryption scheme

[Devharsh Trivedi]

Which of the following is more secure?
1. AES-GCM (AEAD)
2. AES-CBC+HMAC (EtA)

Ref.: https://www.cryptopp.com/wiki/Authenticated_Encryption

-- 
You received this message because you are subscribed to "Crypto++ Users". More 
information about Crypto++ and this group is available at 
http://www.cryptopp.com and 
http://groups.google.com/forum/#!forum/cryptopp-users.
--- 
You received this message because you are subscribed to the Google Groups 
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cryptopp-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/cryptopp-users/52d33781-53bb-48e9-a895-c996c1254410n%40googlegroups.com.