Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] [cryptography] New Anonymity Network for Short Messages

Eugen Leitl eugen at
Wed Jun 12 07:58:46 PDT 2013

----- Forwarded message from Wasa <wasabee18 at> -----

Date: Wed, 12 Jun 2013 15:32:02 +0100
From: Wasa <wasabee18 at>
To: cryptography at
Subject: Re: [cryptography] [liberationtech] New Anonymity Network for Short Messages
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130510 Thunderbird/17.0.6

On 12/06/13 07:27, Eugen Leitl wrote:
> Additionally to this, CTR allows bit-level maleability of the cleartext:
> a bit flipped in a CTR cipherstream translates into a bit flipped in
> the cleartext.

all encryption modes usually provide confidentiality BUT NOT
integrity. They have been designed to be CPA secure; not CCA secure.
That's why u usually use a MAC along with it... it has nothing to do
with CTR...
The mode that provides both is CGM

> In fact, if there are regions of known cleartext (such as zeroes) the
> adversary can do things like encode the originating IP in the cleartext
> simply by XORing it into the cipherstream.

in CBC if u select the IV incorrectly u also leak info. CBC is only
CPA secure IFF the IVs are unpredictable.

> This property can cause problems if you perform any operations before
> checking the MAC (like evaluating a weak CRC to decide to forward the
> message or not).

This is also irrelevant. it's got nothing to do with CTR or other
modes of encryption; this is all about how u perform authenticated
encryption: u should do encrypt-then-mac rather than something else.

if u want simple primitives to work with; u can have a look at : implemented by cryptographers.

cryptography mailing list
cryptography at

----- End forwarded message -----
Eugen* Leitl <a href="">leitl</a>
ICBM: 48.07100, 11.36820
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

More information about the liberationtech mailing list