In message <[EMAIL PROTECTED]>, Greg Rose writes: >All of the early schemes were broken, as was the NSA's submission to the >AES Modes of Operation workshop. However, three schemes, all similar in >principal, have not only survived, but have proofs of correctness. The >first was Charanjit Jutla's IAPM mode, another is Rogaway's OCB, and the >third is from Gligor and Pompescu but I can't remember its name (I'm >passing through SFO as I write this, so forgive me for not having >references to hand). > >Phil Hawkes and I have extended IAPM (and I believe the method is >applicable to the other modes too) so that you can authenticate parts of >the message that are not encrypted, like IP headers for example. We sent >public comments to NIST about this, or I cam post more detail if you need. >
Rogaway's OCB is patent-pending -- see http://www.cs.ucdavis.edu/~rogaway/ocb/ocb-back.htm#patent:phil Gligor and Donescu's NIST submission said that they had filed patent applications, too: http://csrc.nist.gov/encryption/modes/workshop1/presentations/slides-gligor.pdf And http://csrc.nist.gov/encryption/modes/workshop1/workshop-report.pdf indicates that IBM has filed for patent applications on IAPM. --Steve Bellovin, http://www.research.att.com/~smb Full text of "Firewalls" book now at http://www.wilyhacker.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
