1997-12-22 - Re: Question on CFB variant with c[i-N]

Header Data

From: Bruce Schneier <schneier@counterpane.com>
To: David Honig <cypherpunks@Algebra.COM>
Message Hash: 675edea9bfd7f5b26b9ded49f608cde7a22df5800228418f3644d4844a812294
Message ID: <v03007802b0c484261702@[209.98.15.173]>
Reply To: <c=US%a=_%p=Stortek%l=LSV-MSG06-971221014643Z-85371@lsv-bridge.stortek.com>
UTC Datetime: 1997-12-22 21:03:43 UTC
Raw Date: Tue, 23 Dec 1997 05:03:43 +0800

Raw message

From: Bruce Schneier <schneier@counterpane.com>
Date: Tue, 23 Dec 1997 05:03:43 +0800
To: David Honig <cypherpunks@Algebra.COM>
Subject: Re: Question on CFB variant with c[i-N]
In-Reply-To: <c=US%a=_%p=Stortek%l=LSV-MSG06-971221014643Z-85371@lsv-bridge.stortek.com>
Message-ID: <v03007802b0c484261702@[209.98.15.173]>
MIME-Version: 1.0
Content-Type: text/plain



At 11:10 AM -0600 12/22/97, David Honig wrote:
>At 06:46 PM 12/20/97 -0700, Johnson, Michael P (Mike) wrote:
>>
>>
>>>>              cfb    Ciphertext feeback mode
>>>>                     c[i] = f1(K, c[i-1]) ^ p[i]
>>>>                     p[i] = f1(K, c[i-1]) ^ c[i]
>>
>
>
>Suppose instead of c[i-1] you use c[i-N] where N is say 10.
>How would you prove that this has no security implications?
>That 10-way interleaved cfb streams are security-equivalent to
>a single cfb stream interleaved with the immediately previous block?
>
It's kind of obvious.  The encryption of a single plaintext stream
interleaved ten times is the same as the encryption of ten multiplexed
plaintexts.  If one is insecure, the other is insecure.

Bruce

**********************************************************************
Bruce Schneier, President, Counterpane Systems     Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis,MN  55419       Fax: 612-823-1590
                                            http://www.counterpane.com







Thread