If your original mode of operation is secure, then this should be
secure.
The reduction:
Consider algorithm A that tries to break the double encryption mode of
operation (DM) in the IND-CPA setting. We can construct an algorithm
B that tries to break the original mode of operation (OM)
Comments inline.
On Feb 3, 2008, at 5:56 PM, Eric Rescorla wrote:
- If you use DTLS with AES in CBC mode, you have the 4 byte DTLS
header, plus a 16 byte IV, plus 10 bytes of MAC (in truncated MAC
mode), plus 2 bytes of padding to bring you up to the AES block
boundary: DTLS adds 32 bytes of
