On 9 March 2016 at 09:16, aluykx <atul.lu...@esat.kuleuven.be> wrote: > Kenny Paterson and I prepared a document providing an overview of how much > data ChaCha20+Poly1305 and AES-GCM can process with a single key. Besides > summarizing the results, the document also gives an explanation of why the > limits are there. The document confirms the analysis done by Watson and > others in the thread on "Data Volume Limits", but goes into more detail.
Hi Atul, Just to confirm, but this analysis is for all variants of AES-GCM regardless of key size? From formula (7) it shows that attack probability is directly a function of block size and the number of blocks. --Martin _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
