Non-destructive ChaCha20Poly1305 Decryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Martin,

Your ChaCha20Poly1305 implementation when decrypting calls chacha20
decryption before it verifies the auth tag. Not only does this waste
CPU cycles, but it makes it impossible to attempt decryption of cipher
texts using different keys (until one is right) without creating a
copy, which is unfortunate. (It also is one of the nice benefits of
EtM.) Would you consider reversing the order of these operations? That
is -- not performing the chacha20 step if the poly1305 tag does not
verify?

Thanks,
Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux