Re: [tor-dev] RFC: AEZ for relay cryptography, v2

Subject: Re: [tor-dev] RFC: AEZ for relay cryptography, v2

From: Tim Wilson-Brown - teor <teor2345@xxxxxxxxx>

Date: Mon, 30 Nov 2015 11:06:42 +1100

Delivery-date: Sun, 29 Nov 2015 19:07:03 -0500

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:message-id :references:to; bh=7jiaAq/v4Fafve/a6rBM3Sk7kz2WhsopzfY9D/exMPo=; b=MbRXh8qi+56mSPmMedgR76kVhRRc5scT3JUxJVc5ygoSbhor6A9jpB84wuW95B07Ru fl8ACi246Cil1Jtl0PDeZVT8Yxt2qhJhcUm7WDdEPHzhnaDADU46SupCj8fHeNV9J7qH ZNEcRSY/fMc/V++BFmiT33x+gmxLnd9tUvWe/l5sj0uPvFDEVlZe5cac+2gmMZMG+msP RS3UcuSngEPM8fM5T+wpfw9D4IcllT22NNK5yO/3Naaz8RDvOyUDcc7aAB8MwgE4Prqg lOW113VO+tUnSxbEGbziSjWt2BGdKbHh1zF47fuC3bx9Ar3SNgAZVltdfO/EguZKUvi6 kH9A==

In-reply-to: <CAKDKvuzR3s-eSAS1csEvZDAc17S7WqkvGQ5udX=YCdk1wbhV1g@xxxxxxxxxxxxxx>

List-archive: <http://lists.torproject.org/pipermail/tor-dev/>

List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>

List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>

List-post: <mailto:tor-dev@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>

References: <CAKDKvuzR3s-eSAS1csEvZDAc17S7WqkvGQ5udX=YCdk1wbhV1g@xxxxxxxxxxxxxx>

Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

On 30 Nov 2015, at 09:13, Nick Mathewson <nickm@xxxxxxxxxxxxxx> wrote:
...
2.2. New relay cell payload
...
  When encrypting a cell for a hop that was created using one of these
  circuits, clients and relays encrypt them using the AEZ algorithm
  with the following parameters:

      Let Chain denote chain_val_forward if this is a forward cell
         or chain_forward_backward otherwise.

chain_val_backward?

...

3.3. Why _not_ AEZ?

...

THIRD, it's really horrible to try to do it in hardware.

This may be considered an advantage against an adversary with the resources to employ custom hardware to attempt to break AEZ-based encryption.

...

...
4.3. A forward-secure variant.

How is this different to what you've specified in the main body of the proposal?

  We might want the property that after every cell, we can forget
  some secret that would enable us to decrypt that cell if we saw
  it again.

â

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev