Laszlo, I don't understand your statement:
> Changing the ciphertext gives one bit information in the corresponding plaintext (equal / > not equal). It is fully predictable and easily exploitable. Changing the ciphertext always creates a "not equal" situation for the plaintext, does it not? I'm really not seeing what information leakage there is from the changed ciphertext. The assumption for AES is that changing 1 bit in the ciphertext will change the entire block (16 bytes) of plaintext. Since changing the ciphertext will always change the plaintext, and since the attacker can't read the plaintext, I don't see either how this is predictable or easily exploitable. Could you elaborate on what you're thinking? -------- ..Rob -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, May 24, 2006 1:26 PM To: [EMAIL PROTECTED] Subject: RE: Glossary term for 1619: shared media (wordsmithed) Rob/Garry, > The cryptographic transform must therefore provide protection against > meaningful ciphertext manipulation by an attacker. The problem I already mentioned still remains: the sentence could imply that LRW-AES does provide protection against meaningful ciphertext manipulations. Changing the ciphertext gives one bit information in the corresponding plaintext (equal / not equal). It is fully predictable and easily exploitable. Therefore, I should like to change the sentence to something like: The cryptographic transform must therefore provide *some* protection against ciphertext manipulation by an attacker. Or The cryptographic transform must not allow more than one bit information carried over to the deciphered plaintext from ciphertext manipulation by an attacker. Laszlo > -------- Original Message -------- > Subject: Glossary term for 1619: shared media (wordsmithed) > From: "Rob Ewan" <[EMAIL PROTECTED]> > Date: Wed, May 24, 2006 12:36 pm > To: <[EMAIL PROTECTED]> > Cc: "Rob Ewan" <[EMAIL PROTECTED]> > > Here are some wordsmithing changes to the definition, based on my > earlier message. > > "Shared storage media:storage media that could potentially be accessed > in plaintext by multiple mutually-untrusted agents with authorized > access to different zones of the media, and may be accessed in > ciphertext by an attacker. " > > This covers the idea that the attacker may be a legitimate co-user of > (different portions of) the media, but may have malicious intentions > towards other users. The word-smithing on the other section proposed > by Shai (to expand the definition of attacker, and to think beyond the > idea of simply Denial-Of-Service attacks) would be something like: > > "A shared media can potentially be accessed in plaintext by multiple > agents, one of whom may also have unrestricted ciphertext access, > thereby rasing the possibility that an attacker can usefully > manipulate the encrypted storage. The cryptographic transform must > therefore provide protection against meaningful ciphertext > manipulation by an attacker." > > > -------- > ..Rob/Garry