Ryan Anderson wrote:
Note that any of the 2^n plaintexts cna be reconstructed from the following sequence of triples. (Assuming no knowledge of the MAC. The attacker has no idea which of each pair of triples related to each sequence is correct, so he must search every possibility, which turns out to be each of the 2^n plaintexts.)
OK, but to be technically correct, you arent *transmitting* all 2^n possibilities. That would be like saying that when you blowfish encrypt a 64-bit block and send it, you are sending all 2^64 plaintext, because given all 2^128 possible keys you will cover the entire "plaintext-space". while it is crucial to make sure that you leave the possible decryptions exponential, you are not transmitting all possible plaintests. That would be .... uhhh... bad. -- o Mordy Ovits o Programmer / Cryptographer o SynData Technologies Inc. o Download A Free Copy Of Our Software At: o http://www.syncrypt.com