Re: [CFRG] NIST Leightweight Crypto report

Matt Sicker <boards@gmail.com> Tue, 27 July 2021 16:12 UTC

Return-Path: <boards@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 245C83A02BB for <cfrg@ietfa.amsl.com>; Tue, 27 Jul 2021 09:12:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DbijvhKaGrSZ for <cfrg@ietfa.amsl.com>; Tue, 27 Jul 2021 09:12:39 -0700 (PDT)
Received: from mail-wr1-x430.google.com (mail-wr1-x430.google.com [IPv6:2a00:1450:4864:20::430]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5ECC03A02BD for <cfrg@irtf.org>; Tue, 27 Jul 2021 09:12:39 -0700 (PDT)
Received: by mail-wr1-x430.google.com with SMTP id c16so5999527wrp.13 for <cfrg@irtf.org>; Tue, 27 Jul 2021 09:12:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=V7JOXnGAAuHANmbJVDbmgOjov5CoFlgI1Dio7Iotq/M=; b=YGqj0ceJqmIuEwUPd6TIThLzLfG+dRIGvLyX4UgEqNV+Rqn0psohE/tbbn59A1DQpv tlpePCp0n2F0KJ2aVLm6QFkeIlAbdjPYxLv5e0fHg73Utq32ZQGBOChOQVfy6trVF8+l 1WJ7Ata2/cxClrdFG7vvAr+x18dJZahdeFiNLOeKi/kgzow/OcstNRFqg/5pA62FxoZj t8x1Hy2hgZWC/Qc0wJZ2nN0vyIBok/id94+1ubXgCxS20Bgl19ujnKymDizFNXr/TMNV 64KoUeSRTe0R+SQ2ouxD8aomhuvFVJD1kCNEvVx/r6zJk8CyFz+RJUOpV213bCkKQrBd CL+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=V7JOXnGAAuHANmbJVDbmgOjov5CoFlgI1Dio7Iotq/M=; b=W3LXaNXYfRCjitBWfCUdLx/0L+MJYVph0+Cd3AqF7ef/Wv1I5ej5jelW3ob/Bmaiit hbT9cDQQchaujNq5nrPafII3+6I9vvS7dVXopcqeGAIMtWZfu2HFloDFBKbNFxG1NZB6 LmfqchK0843jLbiAF/HYnT+96ibhN3RYY1iZ45N/mAGjQRyyaYgAZuSoiZn5DEFkVVRD 0XzmvgwDFwEandIVghYdRgNraeM+wewZXJ46xYRelGH0yvz1wwr4OT9d8/6sbcDss3PL XaBNM5ICj7zvVzIPi4VTFXglLofKfxX0YJRxjOukmesq/g0+r5SgNalgQe3YoQvxHY2u G4gQ==
X-Gm-Message-State: AOAM533D1dZROxeP7u+EQ48o0dZ9JvA7OiyrOk9wyZgm57Fgc90DLB9D OTPwolbcWfvkmH/HBFVxvAVPV7U0zz9xOzXxMs8Lb2hU
X-Google-Smtp-Source: ABdhPJyhmcWDON20s29U+N2iNRNHQOcFoMjj9mPqNUV2P/qQ6RogFVUFCgW6Bn9IMtj4foRciUhf2XlDw9mgVVo79cs=
X-Received: by 2002:a5d:51d2:: with SMTP id n18mr25876132wrv.72.1627402355850; Tue, 27 Jul 2021 09:12:35 -0700 (PDT)
MIME-Version: 1.0
References: <bf72532c-d0dc-f76e-17a1-e3a2c3c47953@htt-consult.com> <7ABA9FFF-0C44-4010-940E-2C31C0B345D5@ll.mit.edu>
In-Reply-To: <7ABA9FFF-0C44-4010-940E-2C31C0B345D5@ll.mit.edu>
From: Matt Sicker <boards@gmail.com>
Date: Tue, 27 Jul 2021 11:12:24 -0500
Message-ID: <CACmp6kqTUF4BuVzsAWpVZO91D26=N+UZwEZ4Rv6cjy35n7ixuA@mail.gmail.com>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
Cc: Robert Moskowitz <rgm-sec@htt-consult.com>, "cfrg@irtf.org" <cfrg@irtf.org>, "saag@ietf.org" <saag@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/CDWiheZqBjIICGcbYFvZGekUUMs>
Subject: Re: [CFRG] NIST Leightweight Crypto report
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jul 2021 16:12:44 -0000

Also a fan of Xoodyak here. I ported some of the LWC algorithms to
Java as an experiment back during the first or second round, and my
top choices were Xoodyak for its super useful Cyclist mode along with
Ascon for speed and simplicity (and ISAP looked promising, but it's
essentially a different mode of operation on Keccak or Ascon
permutations). Really, all the sponge function algorithms have a ton
of promise for improving the developer experience of actually using
cryptography in practice.

On Tue, Jul 27, 2021 at 10:22 AM Blumenthal, Uri - 0553 - MITLL
<uri@ll.mit.edu> wrote:
>
> I have no comment, but one question: which of the NIST Lightweight Crypto candidates provide nonce misuse resistance, at least at the level comparable with SIV mode?
>
> --
> Regards,
> Uri
>
> There are two ways to design a system. One is to make is so simple there are obviously no deficiencies.
> The other is to make it so complex there are no obvious deficiencies.
>                                                                                                                                      -  C. A. R. Hoare
>
>
> ´╗┐On 7/27/21, 11:06, "CFRG on behalf of Robert Moskowitz" <cfrg-bounces@irtf.org on behalf of rgm-sec@htt-consult.com> wrote:
>
>     NIST just came out with:  NISTIR 8369
>
>
>     "Status Report on the Second Round of the NIST Lightweight Cryptography
>     Standardization Process"
>
>     https://csrc.nist.gov/publications/detail/nistir/8369/final
>
>     I have been working with Xoodyak which is one of the 4 AEAD/hashing
>     finalists.  You can see how I am using it in:
>
>     https://datatracker.ietf.org/doc/draft-moskowitz-hip-new-crypto/
>
>     I "like" Xoodyak, as I am able to use it much like Keccak/SHA3/SHAKE.
>     It does not come with the nice standardized calls as in SP800-185, but I
>     think I have duplicated SHAKE/cSHAKE/KMAC with Xoodyak in my draft.
>     Comments welcome!
>
>     It has been implemented in openHIP.
>
>     Bob
>
>     _______________________________________________
>     CFRG mailing list
>     CFRG@irtf.org
>     https://www.irtf.org/mailman/listinfo/cfrg
> _______________________________________________
> CFRG mailing list
> CFRG@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg