Re: [Cfrg] Can ChaCha20 be recommended for deployments?
Paul Lambert <paul@marvell.com> Wed, 16 September 2015 01:08 UTC
Return-Path: <paul@marvell.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9EA221B3035 for <cfrg@ietfa.amsl.com>; Tue, 15 Sep 2015 18:08:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.232
X-Spam-Level:
X-Spam-Status: No, score=0.232 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, IP_NOT_FRIENDLY=0.334, J_CHICKENPOX_34=0.6, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5BTyuc5qO8C6 for <cfrg@ietfa.amsl.com>; Tue, 15 Sep 2015 18:08:11 -0700 (PDT)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 669921B3043 for <cfrg@irtf.org>; Tue, 15 Sep 2015 18:08:11 -0700 (PDT)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.15.0.59/8.15.0.59) with SMTP id t8G14awZ018512; Tue, 15 Sep 2015 18:08:00 -0700
Received: from sc-exch01.marvell.com ([199.233.58.181]) by mx0b-0016f401.pphosted.com with ESMTP id 1wvkjdswnt-1 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 15 Sep 2015 18:08:00 -0700
Received: from SC-EXCH03.marvell.com (10.93.176.83) by SC-EXCH01.marvell.com (10.93.176.81) with Microsoft SMTP Server (TLS) id 15.0.1044.25; Tue, 15 Sep 2015 18:07:57 -0700
Received: from SC-EXCH03.marvell.com ([fe80::6cb0:4dfa:f3f3:b8b6]) by SC-EXCH03.marvell.com ([fe80::6cb0:4dfa:f3f3:b8b6%21]) with mapi id 15.00.1044.021; Tue, 15 Sep 2015 18:07:57 -0700
From: Paul Lambert <paul@marvell.com>
To: Derek Atkins <derek@ihtfp.com>, Yoav Nir <ynir.ietf@gmail.com>
Thread-Topic: [Cfrg] Can ChaCha20 be recommended for deployments?
Thread-Index: AQHQxGgT2tIZ9UiYb0KpF6su2sl1Np3xW5H1gAB+QwCAAlOE2oBKghUA
Date: Wed, 16 Sep 2015 01:07:57 +0000
Message-ID: <D21E0DE7.7918D%paul@marvell.com>
References: <55AE1C08.6070002@gmx.net> <55AF6E6E.6040101@gmx.net> <87si88vy1p.fsf@latte.josefsson.org> <0A4E9222-5DFB-42FF-9BED-056E1124CD1B@gmail.com> <sjmegjp3c80.fsf@securerf.ihtfp.org>
In-Reply-To: <sjmegjp3c80.fsf@securerf.ihtfp.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.3.150624
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.94.250.30]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <E0E7107B31CA10428E0A6B7814F2DD16@marvell.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2015-09-16_01:, , signatures=0
X-Proofpoint-Spam-Details: rule=inbound_notspam policy=inbound score=0 kscore.is_bulkscore=0 kscore.compositescore=1 compositescore=0.9 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 kscore.is_spamscore=0 rbsscore=0.9 spamscore=0 urlsuspectscore=0.9 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1507310000 definitions=main-1509160015
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/Q71AjBUAda3iGnyWq0Qs7PnjimI>
Cc: Simon Josefsson <simon@josefsson.org>, "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Can ChaCha20 be recommended for deployments?
X-BeenThere: cfrg@mail.ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.mail.ietf.org>
List-Unsubscribe: <https://mail.ietf.org/mailman/options/cfrg>, <mailto:cfrg-request@mail.ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@mail.ietf.org>
List-Help: <mailto:cfrg-request@mail.ietf.org?subject=help>
List-Subscribe: <https://mail.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@mail.ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Sep 2015 01:08:12 -0000
On 7/30/15, 8:18 AM, "Cfrg on behalf of Derek Atkins" <cfrg-bounces@irtf.org on behalf of derek@ihtfp.com> wrote: >Yoav Nir <ynir.ietf@gmail.com> writes: > >> On Jul 28, 2015, at 11:15 PM, Simon Josefsson <simon@josefsson.org> >>wrote: >> >>> Counter-question: what alternative to AES-GCM would be better suited? >>> Or even nearly as well suited as ChaCha20-Poly1305? I can only think >>>of >>> AES in some other AEAD mode, or more slower/exotic/older alternatives >>> like Camellia, but none rank as high in the trust/speed matrix as >>> ChaCha20-Poly1305 to me. >> >> Hi, Simon >> >> In IoT applications the go-to cipher has been AES-CCM. It¹s slower >> than AES-GCM, but it has the advantage that you only need the AES >> encrypt function. > >Actually, in our implementation and testing (where we have AES-ECB in >hardware for assistance), GCM is orders of magnitude slower than CCM >because we can't easily implement the GF field math in our environment. >So I would not agree with your characterization that CCM is slower than >GCM. Comparing full custom hardware implementations of CCM or GCM, the structure of GCM allows it to considerable faster. In link layer protocols (e.g. IEEE 802.3,.11,.15) the implementations are moving slowing to GCM where higher performance is required (e.g. 60GHz applications). Paul > >(Technically we've implemented CTR+CMAC, not CCM, but I think my >argument remains the same and is still correct) > >-derek >-- > Derek Atkins 617-623-3745 > derek@ihtfp.com www.ihtfp.com > Computer and Internet Security Consultant > >_______________________________________________ >Cfrg mailing list >Cfrg@irtf.org >http://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] Can ChaCha20 be recommended for deployment… Hannes Tschofenig
- Re: [Cfrg] Can ChaCha20 be recommended for deploy… Simon Josefsson
- Re: [Cfrg] Can ChaCha20 be recommended for deploy… Yoav Nir
- Re: [Cfrg] Can ChaCha20 be recommended for deploy… Mike Hamburg
- Re: [Cfrg] Can ChaCha20 be recommended for deploy… Derek Atkins
- Re: [Cfrg] Can ChaCha20 be recommended for deploy… Yoav Nir
- Re: [Cfrg] Can ChaCha20 be recommended for deploy… Peter Schwabe
- Re: [Cfrg] Can ChaCha20 be recommended for deploy… Hannes Tschofenig
- Re: [Cfrg] Can ChaCha20 be recommended for deploy… Joachim Strömbergson
- Re: [Cfrg] Can ChaCha20 be recommended for deploy… Peter Schwabe
- Re: [Cfrg] Can ChaCha20 be recommended for deploy… Paul Lambert