[tor-dev] RFC: AEZ for relay cryptography, v2

Tim Wilson-Brown - teor teor2345 at gmail.com
Mon Nov 30 00:06:42 UTC 2015

> On 30 Nov 2015, at 09:13, Nick Mathewson <nickm at torproject.org> wrote:
> ...
> 2.2. New relay cell payload
> ...
>   When encrypting a cell for a hop that was created using one of these
>   circuits, clients and relays encrypt them using the AEZ algorithm
>   with the following parameters:
>       Let Chain denote chain_val_forward if this is a forward cell
>          or chain_forward_backward otherwise.


> ...
> 3.3. Why _not_ AEZ?
>   ...
>   THIRD, it's really horrible to try to do it in hardware.

This may be considered an advantage against an adversary with the resources to employ custom hardware to attempt to break AEZ-based encryption.

> ...
> ...
> 4.3. A forward-secure variant.

How is this different to what you've specified in the main body of the proposal?

>   We might want the property that after every cell, we can forget
>   some secret that would enable us to decrypt that cell if we saw
>   it again.

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20151130/57d3d18d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20151130/57d3d18d/attachment-0001.sig>

More information about the tor-dev mailing list