Hi Nick,
The AEZ paper says:
"We impose a limit that AEZ be used for at most 2^48 bytes of data (about 280
TB); by that time, the user should rekey. This usage limit stems from the
existence of birthday attacks on AEZ, as well as the use of AES4 to create a
universal hash function."
http://we
On Sun, Nov 29, 2015 at 7:06 PM, Tim Wilson-Brown - teor
wrote:
>
> On 30 Nov 2015, at 09:13, Nick Mathewson wrote:
> ...
> 2.2. New relay cell payload
> ...
> When encrypting a cell for a hop that was created using one of these
> circuits, clients and relays encrypt them using the AEZ algori
> On 30 Nov 2015, at 09:13, Nick Mathewson wrote:
> ...
> 2.2. New relay cell payload
> ...
> When encrypting a cell for a hop that was created using one of these
> circuits, clients and relays encrypt them using the AEZ algorithm
> with the following parameters:
>
> Let Chain denote
[This is an improvement over my last draft in this area; it makes
concrete proposals about forward secrecy and chaining, and tries to
start getting performance numbers for some platforms. I still need to
compute plausible performance numbers on non-aesni platforms, but I
might not get to that immed
On Fri, Nov 20, 2015 at 01:38:56PM -0500, David Goulet wrote:
> Anyway, if you think this algorithm could be improved, please respond. If you
> think this algorithm is wrong, please respond. If you can reproduce the result
> on your own with this algo, omg please respond! :) The above could be tota