Question on CFB variant with c[i-N]
Bruce Schneier
schneier at counterpane.com
Mon Dec 22 13:03:43 PST 1997
At 11:10 AM -0600 12/22/97, David Honig wrote:
>At 06:46 PM 12/20/97 -0700, Johnson, Michael P (Mike) wrote:
>>
>>
>>>> cfb Ciphertext feeback mode
>>>> c[i] = f1(K, c[i-1]) ^ p[i]
>>>> p[i] = f1(K, c[i-1]) ^ c[i]
>>
>
>
>Suppose instead of c[i-1] you use c[i-N] where N is say 10.
>How would you prove that this has no security implications?
>That 10-way interleaved cfb streams are security-equivalent to
>a single cfb stream interleaved with the immediately previous block?
>
It's kind of obvious. The encryption of a single plaintext stream
interleaved ten times is the same as the encryption of ten multiplexed
plaintexts. If one is insecure, the other is insecure.
Bruce
**********************************************************************
Bruce Schneier, President, Counterpane Systems Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis,MN 55419 Fax: 612-823-1590
http://www.counterpane.com
More information about the cypherpunks-legacy
mailing list