new | ask | show | jobs
201984 2 hours ago  [ - ]

>EDIT: What I mean is you can do cypher = truncate(plain ^ AES(zero_extend(plain))).

How would you decrypt that though? You truncated 3/4ths of the AES output needed to decrypt it.

I thought you were suggesting this:

  ciphertext = truncate(AES(key) ^ plaintext)
And in this case, since AES(key) does not depend on the plaintext, it would just be XOR by a constant.
fluoridation 2 hours ago  [ - ]

You're right, my bad. I guess if you have strict size requirements it does make sense to use small block sizes.