top | item 47055040

(no title)

201984 | 12 days ago

>EDIT: What I mean is you can do cypher = truncate(plain ^ AES(zero_extend(plain))).

How would you decrypt that though? You truncated 3/4ths of the AES output needed to decrypt it.

I thought you were suggesting this:

  ciphertext = truncate(AES(key) ^ plaintext)

And in this case, since AES(key) does not depend on the plaintext, it would just be XOR by a constant.

discuss

adrian_b|12 days ago

The first examples in the parent article do not require decryption. They only require unpredictable random numbers that are unique.

If uniqueness is needed for a 32-bit number or a 64-bit number, then in AES-128 the byte permutation can be modified, to reduce the block size accordingly.

For the other examples with record identifiers, I am not sure whether the author meant for them to ever be decrypted. If decryption was intended, I disagree that this is the right solution. If an opaque record identifier is desired, it should be an unpredictable random number, which can be generated at maximum speed with AES. There is no need to ever decrypt such an identifier.

If other private information is needed, like a record counter, it should be put in separate fields, that are not provided to external entities, instead of encrypting it inside the identifier. Encrypting such private information would prevent its use in indexing anyway.

fluoridation|12 days ago

You're right, my bad. I guess if you have strict size requirements it does make sense to use small block sizes.