Script updating gh-pages from 750351f. [ci skip]

cfrg · Oct 9, 2024 · 22a445e · 22a445e
1 parent 4f4d825
commit 22a445e
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/draft-irtf-cfrg-aegis-aead.html b/draft-irtf-cfrg-aegis-aead.html
@@ -3337,7 +3337,9 @@ <h3 id="name-security-guarantees">
 <p id="section-9.3-5">AEGIS-128X and AEGIS-256X share the same security properties and requirements as AEGIS-128L and AEGIS-256 respectively. In particular, the security level and usage limits remain the same <span>[<a href="#D23" class="cite xref">D23</a>]</span>.<a href="#section-9.3-5" class="pilcrow">¶</a></p>
 <p id="section-9.3-6">AEGIS is considered secure against guess-and-determine attacks aimed at recovering the state from observed ciphertexts.<a href="#section-9.3-6" class="pilcrow">¶</a></p>
 <p id="section-9.3-7">This resilience extends to quantum adversaries operating within the Q1 model, where the attacker has access to a quantum computer but is restricted to classical (non-quantum) communications with the systems under attack. In this model, quantum attacks offer no practical advantage in decrypting previously recorded ciphertexts or in recovering the encryption key.<a href="#section-9.3-7" class="pilcrow">¶</a></p>
-<p id="section-9.3-8">Security analyses of AEGIS can be found in <span>[<a href="#AEGIS" class="cite xref">AEGIS</a>]</span>, <span>[<a href="#M14" class="cite xref">M14</a>]</span>, <span>[<a href="#FLLW17" class="cite xref">FLLW17</a>]</span>, <span>[<a href="#ENP19" class="cite xref">ENP19</a>]</span>, <span>[<a href="#LIMS21" class="cite xref">LIMS21</a>]</span>, <span>[<a href="#JLD21" class="cite xref">JLD21</a>]</span>, <span>[<a href="#STSI23" class="cite xref">STSI23</a>]</span>, <span>[<a href="#IR23" class="cite xref">IR23</a>]</span>, <span>[<a href="#BS23" class="cite xref">BS23</a>]</span>, <span>[<a href="#AIKRS24" class="cite xref">AIKRS24</a>]</span>, and <span>[<a href="#SSI24" class="cite xref">SSI24</a>]</span>.<a href="#section-9.3-8" class="pilcrow">¶</a></p>
+<p id="section-9.3-8">This document extends the original specification by introducing optional support for 256-bit authentication tags, which are constructed similarly to the 128-bit tags.
+As shown in <span>[<a href="#SSI24" class="cite xref">SSI24</a>]</span>, with 256-bit tags, all AEGIS variants achieve more than 128-bit security against forgery by differential attacks.<a href="#section-9.3-8" class="pilcrow">¶</a></p>
+<p id="section-9.3-9">Security analyses of AEGIS can be found in <span>[<a href="#AEGIS" class="cite xref">AEGIS</a>]</span>, <span>[<a href="#M14" class="cite xref">M14</a>]</span>, <span>[<a href="#FLLW17" class="cite xref">FLLW17</a>]</span>, <span>[<a href="#ENP19" class="cite xref">ENP19</a>]</span>, <span>[<a href="#LIMS21" class="cite xref">LIMS21</a>]</span>, <span>[<a href="#JLD21" class="cite xref">JLD21</a>]</span>, <span>[<a href="#STSI23" class="cite xref">STSI23</a>]</span>, <span>[<a href="#IR23" class="cite xref">IR23</a>]</span>, <span>[<a href="#BS23" class="cite xref">BS23</a>]</span>, <span>[<a href="#AIKRS24" class="cite xref">AIKRS24</a>]</span>, and <span>[<a href="#SSI24" class="cite xref">SSI24</a>]</span>.<a href="#section-9.3-9" class="pilcrow">¶</a></p>
 </section>
 </div>
 </section>

diff --git a/draft-irtf-cfrg-aegis-aead.txt b/draft-irtf-cfrg-aegis-aead.txt
@@ -1747,6 +1747,12 @@ return tag
    advantage in decrypting previously recorded ciphertexts or in
    recovering the encryption key.
 
+   This document extends the original specification by introducing
+   optional support for 256-bit authentication tags, which are
+   constructed similarly to the 128-bit tags.  As shown in [SSI24], with
+   256-bit tags, all AEGIS variants achieve more than 128-bit security
+   against forgery by differential attacks.
+
    Security analyses of AEGIS can be found in [AEGIS], [M14], [FLLW17],
    [ENP19], [LIMS21], [JLD21], [STSI23], [IR23], [BS23], [AIKRS24], and
    [SSI24].