2DEM mode

Posted Dec 29, 2007 5:51 UTC (Sat) by zooko (guest, #2589)
In reply to: GnuPG Celebrates 10 Years by jd
Parent article: GnuPG Celebrates 10 Years

I just went and had a look at the 2DEM docs that they submitted to NIST.

As far as I could tell from a quick reading of the first couple of sections of their paper, they pointed out that ECB is very weak at confidentiality, and that CBC isn't parallelizable, and then proposed 2DEM mode. These two facts (ECB doesn't offer good confidentiality and CBC isn't parallelizable) were already well understood by other cryptographers. All of modes of operation described in SP 800-38 A (except of course ECB, which shouldn't have been included) offer good confidentiality, and CTR mode offers excellent parallelism. Some of the newfangled modes like OCB and GCM are also parallelizable.

So as far as I can tell, 2DEM mode doesn't offer anything over CTR mode.

Regards,

Zooko