[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Encrypt then sign insecure?

To: Hal Finney <hal@xxxxxxxxxx>
Subject: Re: Encrypt then sign insecure?
From: Ben Laurie <ben@xxxxxxxxxxxxx>
Date: Tue, 16 Aug 2005 11:07:38 +0100
Cc: ietf-openpgp@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)

Hal Finney wrote:

Ben Laurie wrote:
Hal Finney wrote:
This paper doesn't apply to systems like OpenPGP which compose public
key signatures with public key encryption.  Rather, it investigates the
composition of symmetric encryption (e.g. AES) with MAC.
... This does not seem to me to be true. OpenPGP uses symmetric encryption under the hood, and signs the plaintext rather than the ciphertext. All that is needed is an oracle which will say whether the signature is correct or not.
Krawczyk's paper is about combining MAC and symmetric encryption.
That's not what OpenPGP does.  We don't do MACs.

Actually, the only point of the MAC is to tell whether decryption succeeded. Signatures do the same job.

Furthermore, OpenPGP does not use CBC, so the security proof from the paper doesn't help.
That's true, but the point is that the paper is not about systems like
OpenPGP at all.

Yes it is. The required properties are: a) encryption and b) the possibility to detect errors in the plaintext.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

References:
- Re: Encrypt then sign insecure?
  - From: "Hal Finney"

Prev by Date: Re: "The OpenPGP mail and news header" extenssion
Previous by thread: Re: Encrypt then sign insecure?
Next by thread: Calculating signature over private key
Index(es):
- Date
- Thread