Security Scol plugin
|
Discrete Log Integrated Encryption Scheme. More...
#include <gfpcrypt.h>
Static Public Member Functions | |
static std::string CRYPTOPP_API | StaticAlgorithmName () |
Additional Inherited Members | |
Public Types inherited from DL_ES< KEYS, AA, DA, EA, ALG_INFO > | |
typedef PK_FinalTemplate< DL_DecryptorImpl< SchemeOptions > > | Decryptor |
implements PK_Decryptor interface | |
typedef PK_FinalTemplate< DL_EncryptorImpl< SchemeOptions > > | Encryptor |
implements PK_Encryptor interface | |
Discrete Log Integrated Encryption Scheme.
COFACTOR_OPTION | cofactor multiplication option |
HASH | HashTransformation derived class used for key drivation and MAC computation |
DHAES_MODE | flag indicating if the MAC includes addition context parameters such as the label |
LABEL_OCTETS | flag indicating if the label size is specified in octets or bits |
DLIES is an Integer based Integrated Encryption Scheme (IES). The scheme combines a Key Encapsulation Method (KEM) with a Data Encapsulation Method (DEM) and a MAC tag. The scheme is IND-CCA2, which is a strong notion of security. You should prefer an Integrated Encryption Scheme over homegrown schemes.
The library's original implementation is based on an early P1363 draft, which itself appears to be based on an early Certicom SEC-1 draft (or an early SEC-1 draft was based on a P1363 draft). Crypto++ 4.2 used the early draft in its Integrated Ecryption Schemes with NoCofactorMultiplication
, DHAES_MODE=false
and LABEL_OCTETS=true
.
If you desire an Integrated Encryption Scheme with Crypto++ 4.2 compatibility, then use the DLIES template class with NoCofactorMultiplication
, DHAES_MODE=false
and LABEL_OCTETS=true
.
If you desire an Integrated Encryption Scheme with Bouncy Castle 1.54 and Botan 1.11 compatibility, then use the DLIES template class with NoCofactorMultiplication
, DHAES_MODE=true
and LABEL_OCTETS=false
.
The default template parameters ensure compatibility with Bouncy Castle 1.54 and Botan 1.11. The combination of IncompatibleCofactorMultiplication
and DHAES_MODE=true
is recommended for best efficiency and security. SHA1 is used for compatibility reasons, but it can be changed if desired. SHA-256 or another hash will likely improve the security provided by the MAC. The hash is also used in the key derivation function as a PRF.
Below is an example of constructing a Crypto++ 4.2 compatible DLIES encryptor and decryptor.
AutoSeededRandomPool prng; DL_PrivateKey_GFP<DL_GroupParameters_GFP> key; key.Initialize(prng, 2048); DLIES<SHA1,NoCofactorMultiplication,true,true>::Decryptor decryptor(key); DLIES<SHA1,NoCofactorMultiplication,true,true>::Encryptor encryptor(decryptor);
Definition at line 1019 of file gfpcrypt.h.
|
inlinestatic |
Definition at line 1027 of file gfpcrypt.h.