With a sponge construction the AEAD is a one-pass operation. You feed plaintext ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		remcob on May 31, 2017 \| parent \| context \| favorite \| on: Maybe Skip SHA-3 With a sponge construction the AEAD is a one-pass operation. You feed plaintext in, out comes ciphertext. In the end you crank it one more time and out comes the MAC/tag. This is unlike other constructions, where you need to go over the data twice, with two different crypto algorithms (encryption + mac) that may or may not share a core component.

tptacek on May 31, 2017 | [–]

OCB does the same thing, without a sponge construction.

baby on May 31, 2017 | [–]

This is interesting, I've always seen it as bad because you had to decrypt first, and then you could verify the tag. But now I understand that this also allows you to have a one-pass operation.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact