Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Address suggestions from Samuel's final proofreading #84

Merged
merged 30 commits into from
Jan 7, 2025
Merged

Address suggestions from Samuel's final proofreading #84

Changes from 1 commit
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
d14c156
Address suggestions from Samuel's final proofreading
jedisct1 Dec 31, 2024
c6aeb50
Test vectors: add an empty line after "After update:"
jedisct1 Jan 5, 2025
5d2cb50
ENP19 -> ENP20
jedisct1 Jan 5, 2025
6587ee3
JLD21 -> JLD22
jedisct1 Jan 5, 2025
758e990
Clarify that ZeroPad() adds 0 while len(x) mod n != 0
jedisct1 Jan 5, 2025
422e7a4
Remove comma, capitalize Section
jedisct1 Jan 5, 2025
4dc3a41
Mention that the hash function must also be collision resistant
jedisct1 Jan 5, 2025
8133e48
Add "at the time of writing"
jedisct1 Jan 5, 2025
260f2cf
Remove "also"
jedisct1 Jan 5, 2025
4241d0d
Comma
jedisct1 Jan 5, 2025
b51a8c6
Fix wrong copy&paste in AEGISMAC-256
jedisct1 Jan 5, 2025
e0e7630
remove padding operation/truncation operation/etc
jedisct1 Jan 5, 2025
d88adec
Put the verb first in ZeroPad and Split
jedisct1 Jan 5, 2025
00b04d7
Recommend to erase expected_tag in addition to the message
jedisct1 Jan 5, 2025
9aec020
~ 2^33 -> ~2^33
jedisct1 Jan 5, 2025
1017f0d
Remove "would"
jedisct1 Jan 5, 2025
c6e61d6
Mention more block sizes
jedisct1 Jan 5, 2025
bf7f796
Move comments to the left
jedisct1 Jan 5, 2025
dca9f1c
Add missing "return tag"
jedisct1 Jan 5, 2025
9cae010
MAC -> Message Authentication Code (MAC)
jedisct1 Jan 6, 2025
90b8f1d
Add Soatok Dreamseeker to the acknowledgments
jedisct1 Jan 6, 2025
4d8c7f9
Change date: 2021 to date: 2022
jedisct1 Jan 7, 2025
8b5d7d8
len = 0 -> len == 0
jedisct1 Jan 7, 2025
3588c74
Remove "For AEGIS-128L and AEGIS-128X"
jedisct1 Jan 7, 2025
d1d3242
Capitalize AEAD expansion
jedisct1 Jan 7, 2025
9b79165
`msg`: the 128-bit block to be absorbed.
jedisct1 Jan 7, 2025
f6bdbeb
Remove `input`
jedisct1 Jan 7, 2025
a5ad29f
Start the ZeroPad definition with "returns"
jedisct1 Jan 7, 2025
3a70aeb
typo
jedisct1 Jan 7, 2025
33680f1
typo
jedisct1 Jan 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions draft-irtf-cfrg-aegis-aead.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,7 @@ informative:
org: University of Hyogo
date: 2023

JLD21:
JLD22:
title: "Guess-and-Determine Attacks on AEGIS"
rc: "The Computer Journal, vol 65, 2022(8), pp. 2221–2230"
seriesinfo:
jedisct1 marked this conversation as resolved.
Show resolved Hide resolved
Expand Down Expand Up @@ -305,7 +305,7 @@ The document is a product of the Crypto Forum Research Group (CFRG). It is not a

This document describes the AEGIS family of authenticated encryption with associated data (AEAD) algorithms {{AEGIS}}, which were chosen for high-performance applications in the CAESAR (Competition for Authenticated Encryption: Security, Applicability, and Robustness) competition.

Among the finalists, AEGIS-128 was chosen as the winner for this category. However, AEGIS-128L, another finalist, offers enhanced performance and a stronger security margin {{ENP20}} {{JLD21}} {{LIMS21}} {{STSI23}}.
Among the finalists, AEGIS-128 was chosen as the winner for this category. However, AEGIS-128L, another finalist, offers enhanced performance and a stronger security margin {{ENP20}} {{JLD22}} {{LIMS21}} {{STSI23}}.
Additionally, AEGIS-256, which also reached the final round, provides 256-bit security and supports higher usage limits.

Therefore, this document specifies the following variants:
Expand Down Expand Up @@ -1878,7 +1878,7 @@ This resilience extends to quantum adversaries operating within the Q1 model, wh
This document extends the original specification by introducing optional support for 256-bit authentication tags, which are constructed similarly to the 128-bit tags.
As shown in {{SSI24}}, with 256-bit tags, all AEGIS variants achieve more than 128-bit security against forgery by differential attacks.

Security analyses of AEGIS can be found in {{AEGIS}}, {{M14}}, {{FLLW17}}, {{ENP20}}, {{LIMS21}}, {{JLD21}}, {{STSI23}}, {{IR23}}, {{BS23}}, {{AIKRS24}}, and {{SSI24}}.
Security analyses of AEGIS can be found in {{AEGIS}}, {{M14}}, {{FLLW17}}, {{ENP20}}, {{LIMS21}}, {{JLD22}}, {{STSI23}}, {{IR23}}, {{BS23}}, {{AIKRS24}}, and {{SSI24}}.

# IANA Considerations

Expand Down
Loading