From rshea@radium.ncsc.mil Thu Aug 9 07:22:21 2001
Date: Thu, 09 Aug 2001 07:25:34 -0400
From: Robert Shea <rshea@radium.ncsc.mil>
X-Accept-Language: en
MIME-Version: 1.0
To: william.burr@nist.gov, elaine.barker@nist.gov, roback@nist.gov,
dworkin@nist.gov
CC: B.Snow@radium.ncsc.mil, gligor@eng.umd.edu, pompiliu@eng.umd.edu,
rogaway@cs.ucdavis.edu, daw@cs.berkeley.edu
Subject: Dual Counter Mode (DCM)
Content-Transfer-Encoding: 7bit

On behalf of Brian Snow, Technical Director, Information Assurance, NSA,     

the following message is forwarded to the AES Team at NIST:

 

NSA believes that a license-free high-speed integrity-preserving

mode of operation is needed for the Advanced Encryption Standard, and was

pleased to submit the “Dual Counter Mode” (DCM) as a participant in the

series of AES Modes Workshops sponsored by NIST.

 

Recently Virgil Gligor and Pompiliu Donescu of the University of

Maryland, Phillip Rogaway of the UC Davis and Chiang Mai University,

David Wagner of Berkeley, and possibly others, have produced results

concerning the secrecy and integrity claims made for DCM. We commend

them for their work.

 

We withdraw the Dual Counter Mode for consideration as a mode of

operation for AES at this time, while we consider the observations and

their ramifications. We believe a license-free high-speed integrity-preserving

mode of operation is still needed for AES, and will continue to work on this

problem as well as encourage others to do so.

 

Brian D. Snow

Technical Director

Information Assurance Directorate

National Security Agency