I would like to ask that suggestions for changes in this draft will be
accompanied by alternative text. That is, if you make a comment try to
write it as "drop that paragraph" or "replace that paragraph by these
three", instead of just "I don't agree with that paragraph".
-- Shai
Serge Plotkin wrote:
Enclosed is the latest draft of P1619 (D4).
There are many changes from D3.
In particular:
+ The ciphertext-stealing extension (plus new test vectors) was added to
deal with data length that is not 16-byte multiple.
+ An extra parameter was added to the key-scope element with the start
of the scope expressed in. (This parameter was needed in order to
facilitate the calculations of the tweak value)
+ The rationale appendix was added, describing the reasons for choosing
LRW-AES over other approaches and clarifying the security model.
I would like to thank Shai Halevi and Dalit Naor. Their contributions
were indispensable in getting the draft into its current shape.
-Serge Plotkin
