Re: [Cfrg] Encrypt in place guidance

Leo Perrin <> Wed, 01 April 2020 08:07 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6A82C3A0F89 for <>; Wed, 1 Apr 2020 01:07:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 17t3XKmmr9Ff for <>; Wed, 1 Apr 2020 01:07:11 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 808F13A0F86 for <>; Wed, 1 Apr 2020 01:07:10 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.72,330,1580770800"; d="scan'208";a="344547135"
X-MGA-submission: =?us-ascii?q?MDGICTNm4dX0FRSozH5ba3dRGePyDwgC8qW8F7?= =?us-ascii?q?9IKZaMl3DsVN+sSVm+ZliiicmluoNXysxtTY7/zBVAC5heX6FGeIIpMI?= =?us-ascii?q?Jhoccpsh0duRBRKDNplYmAjG2nmoTfXLX6DEsurawJAI303n2XmLGSHA?= =?us-ascii?q?Ui31jiCPCWfu1phkQu0bG1fg=3D=3D?=
Received: from ([]) by with ESMTP; 01 Apr 2020 10:07:08 +0200
Date: Wed, 1 Apr 2020 10:07:07 +0200 (CEST)
From: Leo Perrin <>
To: Stephen Farrell <>
Cc: Robert Moskowitz <>, "Blumenthal, Uri - 0553 - MITLL" <>, Dan Brown <>,
Message-ID: <>
In-Reply-To: <>
References: <> <> <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Originating-IP: []
X-Mailer: Zimbra 8.7.11_GA_3800 (ZimbraWebClient - FF74 (Linux)/8.7.11_GA_3800)
Thread-Topic: Encrypt in place guidance
Thread-Index: BHmz/sfQfsFtZJSQJ59Z4DgolUxqLg==
Archived-At: <>
Subject: Re: [Cfrg] Encrypt in place guidance
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 01 Apr 2020 08:07:12 -0000


>> Speck
> Hmm. Were the design criteria for that algorithm
> ever published in the end? (I've not followed it,
> so they may have been.)

The authors of SPECK put something on eprint [1] but it merely lists public results and claims they already knew about the corresponding attacks. I personally don't find this document convincing at all since it came *after* a public analysis. In my opinion (and it is not a controversial one in the academic symmetric crypto community), if the designers of a cipher did not publish their security analysis along with its specification then you should not even consider using the corresponding cipher. Of course, there is also the elephant in the room: SPECK was designed by the same entity as the backdoored DUAL_EC.

By the way, there are many (many!) 64-bit block ciphers in the literature---see Table 6 of [2]. Full disclosure: I am a co-author of this survey. If you have questions about it, feel free to ask!