[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IV sizes for AES candidates

To: "James M. Polk" <jmpolk@cisco.com>
Subject: Re: IV sizes for AES candidates
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Mon, 07 Aug 2000 17:07:52 -0400
Cc: jeff@allegrosys.com, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

In message <4.1.20000807155937.01ada840@diablo.cisco.com>, "James M. Polk" writ
es:
>--=====================_1659831==_.ALT
>Content-Type: text/plain; charset="us-ascii"
>
>
>Steve
>
>16 bytes for 128bit ciphertext blocksize, right? It should be 24 and 32 for
>192bit and 256bit, correct? Or is it always 16 (which I don't believe is
>correct)?

No, it's always 16 bytes for AES.  The IV acts as a block of 
psuedo-ciphertext for purposes of the CBC calculation; it has nothing 
to do with key size.  AES candidates all support 128, 192, and 256-bit 
keys, but use with variable block sizes is not standard and isn't 
supported by some of the finalists.

To review:  in CBC, ciphertext block i is produced from plaintext block 
i and ciphertext block i-1:

	C_i = E(K, P_i ^ C_{i-1})

But how do you encrypt the first plaintext block P_i?  The answer is to 
use the IV:  C_0 = IV.

		--Steve Bellovin

Prev by Date: Re: IV sizes for AES candidates
Next by Date: Re: Heartbeats Straw Poll
Prev by thread: Re: IV sizes for AES candidates
Next by thread: Re: IV sizes for AES candidates
Index(es):
- Main
- Thread