Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some more thoughts on AES-CTR encryption for large message_2 #355

Closed
emanjon opened this issue Nov 5, 2022 · 1 comment
Closed

Some more thoughts on AES-CTR encryption for large message_2 #355

emanjon opened this issue Nov 5, 2022 · 1 comment

Comments

@emanjon
Copy link
Collaborator

emanjon commented Nov 5, 2022

EDHOC-17 uses HMAC and KMAC as stream ciphers for encryption of message_2.

KEYSTREAM_2 = EDHOC-KDF( PRK_2e, 0, TH_2, plaintext_length )
A reason for this is that COSE does not have IND-CPA encryption algorithms like AES-CTR and ChaCha20. It was also seen as hard to do remove the tag from an AEAD call such as AES-CCM(K_2, P_2, A, N). Something I think was missed in the discussion was to use the AEAD with a plaintext consisting of zeroes.

`KEYSTREAM_2 = AES-CCM(K_2, 0000000......, A, N) and then XOR PLAINTEXT_2 with the beginning of KEYSTREAM_2. This implements AES-CTR with AES-CCM.
@emanjon
Copy link
Collaborator Author

emanjon commented Nov 8, 2022

Discussed and decided not to do

@emanjon emanjon closed this as completed Nov 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@emanjon