IETF Logo Mail Archive

Re: [Cfrg] Can ChaCha20 be recommended for deployments?

Peter Schwabe <peter@cryptojedi.org> Tue, 15 September 2015 08:11 UTC

Return-Path: <peter@cryptojedi.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BF2D1B4245 for <cfrg@ietfa.amsl.com>; Tue, 15 Sep 2015 01:11:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.351
X-Spam-Level:
X-Spam-Status: No, score=-0.351 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b3MOTVRo-s4X for <cfrg@ietfa.amsl.com>; Tue, 15 Sep 2015 01:11:17 -0700 (PDT)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.13]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B341E1B3D5E for <cfrg@irtf.org>; Tue, 15 Sep 2015 01:11:16 -0700 (PDT)
Received: from tyrion ([89.234.151.175]) by mrelayeu.kundenserver.de (mreue102) with ESMTPSA (Nemesis) id 0LmLZq-1Z1sHV0HoY-00ZvoZ; Tue, 15 Sep 2015 10:11:14 +0200
Date: Tue, 15 Sep 2015 10:09:38 +0200
From: Peter Schwabe <peter@cryptojedi.org>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Message-ID: <20150915080938.GB11330@tyrion>
References: <55AE1C08.6070002@gmx.net> <55AF6E6E.6040101@gmx.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="i9LlY+UWpKt15+FH"
Content-Disposition: inline
In-Reply-To: <55AF6E6E.6040101@gmx.net>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Provags-ID: V03:K0:v6v0FCZXOwYD0KJZwXPeYcV1yvNQGU4oBPgry1AxNCE881aBhpm NairYX2uq686PFZsSdZK6RTpVXEM3ILLB5hgEaHCDVKhtMkqsIwxw+7cYHa+Ve699FYGCiR MHISUyPk8W/cEAJ+0zBHz7lpjEHj/88it3k58nQHI0awtCTMw/CD/OMVtb2dRFxjFICIrp+ POBE5/mUPA20cyQwTDsIQ==
X-UI-Out-Filterresults: notjunk:1;V01:K0:afSVLso5Qz4=:4yIxYtWCV6p/vKk7gRRKmU JOejFRkTzM1RomrAjduYls7gHDHu0K2yzyk9yawOEtmoX3VabcEy4ruDYY+8UxKnaNGu6buLn x1gSh07AU165GhiBisGkO/xuFvWU0L7ubPVtBXycx0mLKv7VzomfZTSJSzvE1en4CuG3jKAaY /SlX/79qNXyNUlq1Uu8fQg64Ae6z//flINd/HYFL4Hr4IkQhrLq+circMC7f0lUXt4O2Bb+3E 9pAtjvGtEQxomARKp6jPgd70KMMpUXQFFY/jLx7/x4eKCEm/oDNHxWodt3MM8B+spd7H5iJ75 NkPf9ldBJ39fXVhAarM8a/TngPX1UwYjniSTJKoDQIDFg2pRvsw+N0bCqhIabClO2d0FvpJXQ xZVQSLd8OgY1Exu50f23ZRtIatX8b+I5bFWvKOLed9xa6ZNBrcvOF7uzGTDoSDwgpqxiuAmfL tbPnkd9+HQlEPA/yWkQHTGFR3nnFOCWACBDk/hajh6YsvxNtjwa+DJxd/szZItkXphBUOUtIu 1fS6HPyqe9Rc1ap7KcxwucMfzJ8zclPwTDf4EiClXcLbeHKEFhIZH05+oVonOwPVFgYidgOlN PzyIQ6wpA9BbVgGbG0IWVzWmkqkolq3nTKAgLUXFOTZnbagzR1T5cGzFjfpJYG6fJsng5210y rtJQd+DuUD5N7s1DFxPyChpywvZo4MQT/8AAurOLx87iqD9xODfD9uonO80uQFF+DZS8=
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/IOKmPveD7G-ndvtIVY3OsEH1odI>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Can ChaCha20 be recommended for deployments?
X-BeenThere: cfrg@mail.ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.mail.ietf.org>
List-Unsubscribe: <https://mail.ietf.org/mailman/options/cfrg>, <mailto:cfrg-request@mail.ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@mail.ietf.org>
List-Help: <mailto:cfrg-request@mail.ietf.org?subject=help>
List-Subscribe: <https://mail.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@mail.ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Sep 2015 08:11:19 -0000

Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:
> Hi all,

Hi Hannes, hi all,

> Today, there are very few software-based ChaCha20 implementations
> available for IoT devices (such as the Apple Homekit) and I haven't seen
> any hardware implementations yet.
> 
> Overall, I am not sure whether ChaCha20 and Poly1305 are useful
> recommendations for IoT systems.

Yesterday Michael Hutter presented joint work with Jürgen Schilling,
Wolfgang Wieser and me at CHES. The title of the paper is "NaCl's
crypto_box in hardware" and we're aiming exactly at IoT devices. This
implementation is using Salsa20+Poly1305 instead of ChaCha20+Poly1305,
but performance numbers wouldn't change drastically for ChaCha20. If
you're interested, the paper is online at
https://cryptojedi.org/papers/#naclhw; the VHDL source code is in the
public domain and online at https://cryptojedi.org/crypto/#naclhw.

Best regards,

Peter

v2.23.0 | Report a Bug | By Email