Provable secure Authenticated Encryption scheme
36 views
Skip to first unread message
Devharsh Trivedi
Feb 25, 2021, 2:39:12 PM2/25/21
to Crypto++ Users
Which of the following is more secure?
1. AES-GCM (AEAD)
2. AES-CBC+HMAC (EtA)
Uri Blumenthal
Feb 25, 2021, 5:04:28 PM2/25/21
to cryptop...@googlegroups.com
What is your threat model?
If you can guarantee that a combination of Key + Nonce will not repeat, AES-GCM is a better choice.
AES-GCM is a yesterday's achievement. A smarter and a more secure altogether choice today is AES-GCM-SIV.
CBC + HMAC is/was before yesterday.
On Feb 25, 2021, at 14:39, Devharsh Trivedi <devhar...@gmail.com> wrote:
Which of the following is more secure?
--
You received this message because you are subscribed to "Crypto++ Users". More information about Crypto++ and this group is available at http://www.cryptopp.com and http://groups.google.com/forum/#!forum/cryptopp-users.
---
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cryptopp-users/52d33781-53bb-48e9-a895-c996c1254410n%40googlegroups.com.
Devharsh Trivedi
Feb 25, 2021, 5:26:40 PM2/25/21
to cryptop...@googlegroups.com
Thank you for the prompt response. :)
Yes I am planning to use a new KEY for each message. (Keeping the IV/nonce same)
How about AES-GCM-GMAC? Is it same as AES-GCM?
Is AES-GCM-SIV patent free? Does cryptopp provide AES-GCM-SIV library?
You received this message because you are subscribed to a topic in the Google Groups "Crypto++ Users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/cryptopp-users/YWPsZ0XmXiU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cryptopp-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cryptopp-users/5A177871-94E1-487F-ABFB-4F88ADA7424D%40gmail.com.
Devharsh Trivedi
Feb 25, 2021, 5:34:32 PM2/25/21
to Crypto++ Users
Also, Is AES-GCM-SIV recommended by NIST?
I see a proposal over here - https://csrc.nist.gov/CSRC/media/Projects/Block-Cipher-Techniques/documents/BCM/proposed-modes/aes-gcm-siv/aes-gcm-siv-may2019.pdf
Jeffrey Walton
Feb 25, 2021, 9:47:07 PM2/25/21
to Crypto++ Users List
Uri Blumenthal
Feb 25, 2021, 9:53:52 PM2/25/21
to cryptop...@googlegroups.com
You *plan* to use a different key for each message. I prefer Moses that don't break even when plans fail, for whatever reason.
GCM-SIV = CTR +POLYVAL + KeySched
Yes, to the best of my knowledge, GCM-SIV is free to use, commercial or otherwise. The RFC should state this, if I'm not mistaken.
If Crypto++ doesn't support SIV, it should and will.
I'm biased, so can't/won't comment on NIST.
On Feb 25, 2021, at 17:34, Devharsh Trivedi <devhar...@gmail.com> wrote:
Also, Is AES-GCM-SIV recommended by NIST?
To view this discussion on the web visit https://groups.google.com/d/msgid/cryptopp-users/45b38ffa-2191-4d32-b367-b40d1a9308a5n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages