[tahoe-dev] “On the limits of the use cases for authenticated encryption”

Ben Laurie ben at links.org
Sun Jul 15 15:52:46 UTC 2012


On Wed, Jul 11, 2012 at 7:08 PM, Zooko Wilcox-O'Hearn <zooko at zooko.com> wrote:
> I've been thinking about this more, including re-reading BenL's post
> to tahoe-dev. I was inspired by hearing that Tahoe-LAFS's use case had
> been discussed at the recent "Directions in Authenticated Ciphers"
> workshop:
>
> http://hyperelliptic.org/DIAC/
>
> I've decided that I wasn't really on the right track to say
> "Authenticated Encryption is useless for Tahoe-LAFS use cases", and
> instead I should say "We need *public key* Authenticated Encryption
> instead of *symmetric key* Authenticated Encryption for Tahoe-LAFS use
> cases".
>
> • symmetric-key Authenticated Encryption = Message Authentication Code + cipher

Strictly, MAC + cipher is just one way to satisfy the requirements of AE.

> • "signcryption" = digital signature + public key encryption
>
> • Tahoe-LAFS mutable = digital signature + cipher
>
> • Tahoe-LAFS immutable = data identified by its secure hash + cipher

Cool. So, I think you'd have to define AE differently for a public key
version, but it seems totally doable. Maybe it is already defined? I
haven't seen it if so.



More information about the tahoe-dev mailing list