[OTR-dev] Forward secrecy/deniability for long messages with low overhead
Sergio Lerner
sergiolerner at certimix.com
Fri Feb 22 12:47:14 EST 2013
A third option is :
IVK1 = Hash(SS | intialization-vector1)
IVK2 = Hash(SS | intialization-vector2)
EK=Hash(SS | encryption)
MK=Hash(SS | authentication)
Then we define the sequence:
BUFFER1[0]=IVK1
BUFFER1[i] =Hash(BUFFER1[i-1])
BUFFER2[0]=IVK2
BUFFER2[i] =Hash(BUFFER2[i-1])
Encryption: C = AES(EK,BUFFER1[i] XOR BUFFER2[i]) XOR P
Now the performance is approximately 33% of the original AES-CTR.
More information about the OTR-dev
mailing list