Re: [Cfrg] Encrypt in place guidance

Leo Perrin <leo.perrin@inria.fr> Wed, 01 April 2020 08:07 UTC

Return-Path: <leo.perrin@inria.fr>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A82C3A0F89 for <cfrg@ietfa.amsl.com>; Wed, 1 Apr 2020 01:07:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 17t3XKmmr9Ff for <cfrg@ietfa.amsl.com>; Wed, 1 Apr 2020 01:07:11 -0700 (PDT)
Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 808F13A0F86 for <cfrg@ietf.org>; Wed, 1 Apr 2020 01:07:10 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.72,330,1580770800"; d="scan'208";a="344547135"
X-MGA-submission: =?us-ascii?q?MDGICTNm4dX0FRSozH5ba3dRGePyDwgC8qW8F7?= =?us-ascii?q?9IKZaMl3DsVN+sSVm+ZliiicmluoNXysxtTY7/zBVAC5heX6FGeIIpMI?= =?us-ascii?q?Jhoccpsh0duRBRKDNplYmAjG2nmoTfXLX6DEsurawJAI303n2XmLGSHA?= =?us-ascii?q?Ui31jiCPCWfu1phkQu0bG1fg=3D=3D?=
Received: from zcs-store2.inria.fr ([128.93.142.29]) by mail3-relais-sop.national.inria.fr with ESMTP; 01 Apr 2020 10:07:08 +0200
Date: Wed, 1 Apr 2020 10:07:07 +0200 (CEST)
From: Leo Perrin <leo.perrin@inria.fr>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Robert Moskowitz <rgm-sec@htt-consult.com>, "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>, Dan Brown <danibrown@blackberry.com>, cfrg@ietf.org
Message-ID: <1938299699.23565911.1585728427697.JavaMail.zimbra@inria.fr>
In-Reply-To: <4d64bcce-7f9e-9ec4-e73b-45e2c57d5de6@cs.tcd.ie>
References: <83571efb-a32f-6a59-a496-de56716f07da@htt-consult.com> <a16dcbe63aa745e482a3f435aa8e0470@blackberry.com> <f5e4c7a3-e039-ec7d-59b7-0c581d9022e6@htt-consult.com> <9ACD4ECA-CFBF-40DC-8CB8-BB7DAEFBB42D@ll.mit.edu> <d4383234-d452-dad8-52dc-dd35dbecbb8a@htt-consult.com> <4d64bcce-7f9e-9ec4-e73b-45e2c57d5de6@cs.tcd.ie>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Originating-IP: [86.247.178.125]
X-Mailer: Zimbra 8.7.11_GA_3800 (ZimbraWebClient - FF74 (Linux)/8.7.11_GA_3800)
Thread-Topic: Encrypt in place guidance
Thread-Index: BHmz/sfQfsFtZJSQJ59Z4DgolUxqLg==
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/2Bk2wMqx-r4ZVkiI6eKJEqp0B-o>
Subject: Re: [Cfrg] Encrypt in place guidance
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2020 08:07:12 -0000

Hi,

>> Speck
> 
> Hmm. Were the design criteria for that algorithm
> ever published in the end? (I've not followed it,
> so they may have been.)

The authors of SPECK put something on eprint [1] but it merely lists public results and claims they already knew about the corresponding attacks. I personally don't find this document convincing at all since it came *after* a public analysis. In my opinion (and it is not a controversial one in the academic symmetric crypto community), if the designers of a cipher did not publish their security analysis along with its specification then you should not even consider using the corresponding cipher. Of course, there is also the elephant in the room: SPECK was designed by the same entity as the backdoored DUAL_EC.

By the way, there are many (many!) 64-bit block ciphers in the literature---see Table 6 of [2]. Full disclosure: I am a co-author of this survey. If you have questions about it, feel free to ask!

[1] https://eprint.iacr.org/2017/560
[2] https://eprint.iacr.org/2017/511

Cheers,

/Léo