Jeff, Do you have a reference discussing why the EAX' changes destroyed the security properties of EAX? From a cursory reading I found the "optimizations" to be of rather dubious value (in particular the masking to limit inter-word carry) but nothing jumped out at me screaming "fail!"
Thanks, --Felix > -----Original Message----- > From: [email protected] [mailto:cryptography- > [email protected]] On Behalf Of Jeffrey Walton > Sent: Friday, March 30, 2012 20:14 > To: Randombit List > Subject: [cryptography] Crypto Fiddling? > > Hi Guys, > > I'm aware of two standards where folks fiddled with a scheme and destroyed > its security properties: > > * A5/3 based on Kasumi used in GSM networks > * EAX' (EAX Prime) based on EAX mode > > Are there any other spectacular failures that come to mind? > > Jeff > _______________________________________________ > cryptography mailing list > [email protected] > http://lists.randombit.net/mailman/listinfo/cryptography _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
