Throw Away Galois/Counter Mode as Committing Encryption about nocoiner HOT 4 CLOSED

The paper also states that the encryption key, HMAC secret and input vector must be generated/derived from a good KDF for the Encrypt-then-MAC authenticated encryption be a committing encryption as well.

from nocoiner.

BUMP:

The nocoiner encryption algorithm resembles the recommended algorithm from the paper/article (snapshot/print-screen below):

We have a master key, and from that we derive an encryption key and a MAC key. The input vector is randomly generated and appended on the final commitment/cipher. Our header is the hashed process/context fingerprint. This fingerprint could not be used to associate/detect the commitment issuer 'cause these fingerprints are public, it is only used to provide a randomization context which reduces the probabilities of the distributed commitment collision. They must not be used for any kind of authentication, proof, identification, whatever...

This patch is tracked on the branch patch/throw-away-gcm.

from nocoiner.

Future plans might include to split this AEAD (Authenticated Encryption with Associated Data) module in a separate library. The benefits are clear, the community can use an AEAD encryption directly without relying on this library for commitment schemes and accessing the internals here.

This issue will be closed once the PR on OPAM repository is approved and merged.

from nocoiner.

The PR on OPAM repository was already closed.

from nocoiner.