Hello, I've two basic symmetric crypto questions about the usage of symmetric crypto in the Sphinx mixnet format : http://freehaven.net/anonbib/cache/DBLP:conf/sp/DanezisG09.pdf
I suppose a stream cypher was used for the header to simplify padding the header, yes? And a stream cypher with a MAC is probably as good or better than a block cypher anyways. Amy I missing anything? I suppose the lioness block cypher selected for the body because : - We need a cypher that's secure when used in reverse for use with single-use reply blocks (SURBs), but.. - We could not use a stream cypher because we could not MAC the body when creating a SURB, but.. - A block cypher does not need the MAC to prevent message modification attacks. - There is no explicit argument in the lionness paper that it's equally secure in the forwards or backwards direction, but it's pretty obvious since lion and bear are both sub-cyphers of it. https://www.cl.cam.ac.uk/~rja14/Papers/bear-lion.pdf Is this all correct? In short, if one wants to implement Sphinx then one really much needs to implement Lionness too. Or find something with similar properties, but Lionness is pretty straight forward. Thanks, Jeff
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
