Ben Laurie blathering

IGE Isn’t Good for Authentication

A while back I posted about IGE mode in OpenSSL.

Adam Back informs me that IGE mode is broken for authentication. This is interesting news, and the discussion is well worth reading if you’re keen on crypto theory.

Luckily I don’t care about IGE mode, or authentication – the property I’m after is total corruption of the plaintext on any corruption of the ciphertext. This property is available in biIGE, and there’s a proof of it in the IGE paper – at least, I think there is!

But if you care, you need to know this.


  1. The question I was not able to answer from reading your brief paper was why you needed “total corruption of the plaintext on any corruption of the ciphertext.” Any clues?

    Comment by Iang — 11 Sep 2006 @ 13:41

  2. You need to read the Minx paper for that.

    Comment by Ben — 12 Sep 2006 @ 9:29

  3. Ah yes, sorry, I was confused about “brief paper.” I read the paper “Minx: A simple and Efficient Anonymous Packet Format” and was not able to trace the reason for the requirement.

    Comment by Iang — 14 Sep 2006 @ 7:59

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress