On Sun, Nov 29, 2015 at 7:06 PM, Tim Wilson-Brown - teor <teor2...@gmail.com> wrote: > > On 30 Nov 2015, at 09:13, Nick Mathewson <ni...@torproject.org> wrote: > ... > 2.2. New relay cell payload > ... > When encrypting a cell for a hop that was created using one of these > circuits, clients and relays encrypt them using the AEZ algorithm > with the following parameters: > > Let Chain denote chain_val_forward if this is a forward cell > or chain_forward_backward otherwise. > > > chain_val_backward?
Yes, whoops. > ... > > 3.3. Why _not_ AEZ? > > ... > > THIRD, it's really horrible to try to do it in hardware. > > > This may be considered an advantage against an adversary with the resources > to employ custom hardware to attempt to break AEZ-based encryption. Ooh. Interesting. > ... > > ... > 4.3. A forward-secure variant. > > > How is this different to what you've specified in the main body of the > proposal? > > > We might want the property that after every cell, we can forget > some secret that would enable us to decrypt that cell if we saw > it again. Whoops; it's leftover text from an earlier version of the proposal. -- Nick _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev