Return-Path: <ondrej.vejpustek@satoshilabs.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 980D61014
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Mon, 22 Jan 2018 15:01:34 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail.sldev.cz (mail.sldev.cz [51.254.7.247])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id E1007284
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Mon, 22 Jan 2018 15:01:33 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.sldev.cz (Postfix) with ESMTP id 7F89AEBA0;
	Mon, 22 Jan 2018 15:27:19 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at mail.sldev.cz
Received: from mail.sldev.cz ([127.0.0.1])
	by localhost (mail.sl [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id o9X0rk-1T752; Mon, 22 Jan 2018 15:27:19 +0000 (UTC)
Received: from localhost.localdomain (unknown [10.8.8.156])
	by mail.sldev.cz (Postfix) with ESMTPSA id 26239EB9F;
	Mon, 22 Jan 2018 15:27:19 +0000 (UTC)
From: =?UTF-8?Q?Ond=c5=99ej_Vejpustek?= <ondrej.vejpustek@satoshilabs.com>
To: Gregory Maxwell <greg@xiph.org>
References: <51280a45-f86b-3191-d55e-f34e880c1da8@satoshilabs.com>
	<CAAS2fgRQk4EUp6FO2f+RkJpDTyZX0N4=uGp7ZF=0aUchZX8hSA@mail.gmail.com>
	<4003eed1-584f-9773-8cf9-6300ebd1eac6@satoshilabs.com>
	<CAAS2fgSw0mAQPJ-ai-3kFr7pWXd7pjbrEoXN4r6Ak3o4c8_vjw@mail.gmail.com>
	<d6eb0fc3-d729-30cb-986b-b1d7b8aacbd6@satoshilabs.com>
	<CAAS2fgQtf_LDDcWDmvM+kjPCSqaQVwVd2rKWVtho4-XSAHpJZQ@mail.gmail.com>
Message-ID: <eacc2887-196d-6ed3-dafa-6f67181eb27f@satoshilabs.com>
Date: Mon, 22 Jan 2018 16:00:25 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
	Thunderbird/52.5.2
MIME-Version: 1.0
In-Reply-To: <CAAS2fgQtf_LDDcWDmvM+kjPCSqaQVwVd2rKWVtho4-XSAHpJZQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Mailman-Approved-At: Mon, 22 Jan 2018 15:02:19 +0000
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Satoshilabs secret shared private key scheme
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jan 2018 15:01:34 -0000

> 
> My post provided a concrete example. I'd be happy to answer any
> questions about it, but otherwise I'm not sure how to make it more
> clear.

My apologies, I didn't read it carefully. You are absolutely right. Our
scheme doesn't protect against the scenario.

> Quite the opposite-- a large block cipher is a standard
> construction

I'm happy to hear it. Nevertheless, I didn't find any standartisation or
implementation of the CMC mode (excluding the paper).

Do you have some experience with other modes (such as HCTR, HEH)?