Questions tagged [eax]
An authenticated encryption mode of operation for a block cipher, based on the CTR mode and the OMAC/CMAC MAC algorithm.
19 questions
1
vote
1
answer
125
views
Can I use AES-EAX without the MAC?
AES-EAX provides a MAC for verification purposes. If I do not need verification, is it acceptable to just discard the MAC?
For example, if we are talking about data at rest, it is not neccesarily ...
- 245
12
votes
0
answers
245
views
Do CCM and EAX provide key commitment?
In an interesting paper called "Partitioning Oracle Attacks" by Julia Len, Paul Grubbs & Thomas Ristenpart an attack is presented on 1.5 pass AEAD schemes that utilize GMAC (GCM, AES-GCM,...
- 95.8k
1
vote
1
answer
466
views
EAX vs CTR vs XTS + cascade ciphers in disk encryption hell
Often when I stumble across something interesting, I lose myself in the most overkill ways of implementing it. Today it was full disk encryption: I'm about to move to QubesOS, and I want to secure my ...
user80551
1
vote
1
answer
674
views
How used nonce in CTR Mode of AES-EAX Encryption?
I want to encrypt a message with AES-EAX manually. Then, i confused how ctr mode in AES-EAX processing the nonce which came from omac process. How the counter be concatenate with the nonce in their ...
- 31
4
votes
1
answer
329
views
Why is EAX not a generic composition?
In the document http://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf (p. 7) Rogaway et. al. state that EAX is not a generic composition of an encryption and an authentication method.
The EAX algorithm ...
- 175
0
votes
1
answer
123
views
OMAC 0 in EAX cipher
I am reading Rogaway's original paper on EAC, page 7, where the MAC function is an OMAC with a 0.
Iwata´s web page only refers to versions 1 and 2 of the OMAC cipher. So which algorithm is used for ...
- 13
4
votes
1
answer
1k
views
Authenticated Encryption with smallest Overhead (Input and Output)
I'm searching for the authenticated encryption algorithm that produces/requires the least overhead in total. This includes the authentication tag that it produces and the additional input that has to ...
- 435
8
votes
2
answers
2k
views
Does EAX require padding to be secure?
I have been seeing code using "AES/EAX/NoPadding" but I'm also aware that padding schemes are supported for AES-EAX. I would like to know if choosing NoPadding as a padding scheme has security ...
- 83
4
votes
1
answer
882
views
Using scrypt to generate key + IV/nonce together
Is there any security issue in using scrypt for Key + IV/nonce generation? In other words, can I safely use only a salt for scrypt and derive the nonce along with the key?
For example:
I have data I ...
- 173
5
votes
1
answer
1k
views
EAX cipher mode with nonce equal header
I am using EAX AEAD with an 8-byte message header which carries a 32-bit sequence number, a message length, and some other bits that I don't mind exposing. Assuming the sequence number never repeats ...
- 167
4
votes
1
answer
171
views
Authenticating Very Short (Sub-Block) Data
If I'm encrypting very short/small data - like an int or a long (32 or 64 bits), does it make any sense to authenticate the ciphertext, when using an "online" mode of operation (like EAX)?
...
- 647
2
votes
1
answer
2k
views
EAX: OMAC and CMAC
OMAC is specified as the underlying algorithm to provide authentication within the EAX authenticated encryption (with associated data). Would that be OMAC1 or OMAC2?
If it is OMAC1, does that mean it ...
- 95.8k
2
votes
1
answer
161
views
Is this EAX extension weakening the (provable) security of EAX?
I would like to insert a key deriving function into EAX mode, in order to hamper brute-force attacks for a key-size restricted cipher (56 bits). The modification inserts an identical multi-block ...
- 21
4
votes
2
answers
136
views
Is it possible to insert a key derivation function when using EAX?
I am currently investigating use of EAX mode for a dedicated application and following useful clarifications received from my previous post , to consider according to my applicable input security ...
- 653
4
votes
1
answer
423
views
Does EAX use the same keys for encryption and authentication?
I am actually checking use of EAX AEAD mode, and following EAX spec review (scheme definition for my part), my question is: what about the derivation of the authentication and encryption keys? In the ...
- 653