IETF Logo Mail Archive

Re: [Cfrg] Can ChaCha20 be recommended for deployments?

Paul Lambert <paul@marvell.com> Wed, 16 September 2015 01:08 UTC

Return-Path: <paul@marvell.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9EA221B3035 for <cfrg@ietfa.amsl.com>; Tue, 15 Sep 2015 18:08:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.232
X-Spam-Level:
X-Spam-Status: No, score=0.232 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, IP_NOT_FRIENDLY=0.334, J_CHICKENPOX_34=0.6, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5BTyuc5qO8C6 for <cfrg@ietfa.amsl.com>; Tue, 15 Sep 2015 18:08:11 -0700 (PDT)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 669921B3043 for <cfrg@irtf.org>; Tue, 15 Sep 2015 18:08:11 -0700 (PDT)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.15.0.59/8.15.0.59) with SMTP id t8G14awZ018512; Tue, 15 Sep 2015 18:08:00 -0700
Received: from sc-exch01.marvell.com ([199.233.58.181]) by mx0b-0016f401.pphosted.com with ESMTP id 1wvkjdswnt-1 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 15 Sep 2015 18:08:00 -0700
Received: from SC-EXCH03.marvell.com (10.93.176.83) by SC-EXCH01.marvell.com (10.93.176.81) with Microsoft SMTP Server (TLS) id 15.0.1044.25; Tue, 15 Sep 2015 18:07:57 -0700
Received: from SC-EXCH03.marvell.com ([fe80::6cb0:4dfa:f3f3:b8b6]) by SC-EXCH03.marvell.com ([fe80::6cb0:4dfa:f3f3:b8b6%21]) with mapi id 15.00.1044.021; Tue, 15 Sep 2015 18:07:57 -0700
From: Paul Lambert <paul@marvell.com>
To: Derek Atkins <derek@ihtfp.com>, Yoav Nir <ynir.ietf@gmail.com>
Thread-Topic: [Cfrg] Can ChaCha20 be recommended for deployments?
Thread-Index: AQHQxGgT2tIZ9UiYb0KpF6su2sl1Np3xW5H1gAB+QwCAAlOE2oBKghUA
Date: Wed, 16 Sep 2015 01:07:57 +0000
Message-ID: <D21E0DE7.7918D%paul@marvell.com>
References: <55AE1C08.6070002@gmx.net> <55AF6E6E.6040101@gmx.net> <87si88vy1p.fsf@latte.josefsson.org> <0A4E9222-5DFB-42FF-9BED-056E1124CD1B@gmail.com> <sjmegjp3c80.fsf@securerf.ihtfp.org>
In-Reply-To: <sjmegjp3c80.fsf@securerf.ihtfp.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.3.150624
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.94.250.30]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <E0E7107B31CA10428E0A6B7814F2DD16@marvell.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2015-09-16_01:, , signatures=0
X-Proofpoint-Spam-Details: rule=inbound_notspam policy=inbound score=0 kscore.is_bulkscore=0 kscore.compositescore=1 compositescore=0.9 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 kscore.is_spamscore=0 rbsscore=0.9 spamscore=0 urlsuspectscore=0.9 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1507310000 definitions=main-1509160015
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/Q71AjBUAda3iGnyWq0Qs7PnjimI>
Cc: Simon Josefsson <simon@josefsson.org>, "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Can ChaCha20 be recommended for deployments?
X-BeenThere: cfrg@mail.ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.mail.ietf.org>
List-Unsubscribe: <https://mail.ietf.org/mailman/options/cfrg>, <mailto:cfrg-request@mail.ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@mail.ietf.org>
List-Help: <mailto:cfrg-request@mail.ietf.org?subject=help>
List-Subscribe: <https://mail.ietf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@mail.ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Sep 2015 01:08:12 -0000


On 7/30/15, 8:18 AM, "Cfrg on behalf of Derek Atkins"
<cfrg-bounces@irtf.org on behalf of derek@ihtfp.com> wrote:

>Yoav Nir <ynir.ietf@gmail.com> writes:
>
>> On Jul 28, 2015, at 11:15 PM, Simon Josefsson <simon@josefsson.org>
>>wrote:
>>
>>> Counter-question: what alternative to AES-GCM would be better suited?
>>> Or even nearly as well suited as ChaCha20-Poly1305?  I can only think
>>>of
>>> AES in some other AEAD mode, or more slower/exotic/older alternatives
>>> like Camellia, but none rank as high in the trust/speed matrix as
>>> ChaCha20-Poly1305 to me.
>>
>> Hi, Simon
>>
>> In IoT applications the go-to cipher has been AES-CCM. It¹s slower
>> than AES-GCM, but it has the advantage that you only need the AES
>> encrypt function.
>
>Actually, in our implementation and testing (where we have AES-ECB in
>hardware for assistance), GCM is orders of magnitude slower than CCM
>because we can't easily implement the GF field math in our environment.
>So I would not agree with your characterization that CCM is slower than
>GCM.

Comparing full custom hardware implementations of CCM or GCM, the
structure of GCM allows it to considerable faster.

In link layer protocols (e.g. IEEE 802.3,.11,.15) the implementations are
moving slowing to GCM where higher performance is required (e.g. 60GHz
applications).  

Paul


>
>(Technically we've implemented CTR+CMAC, not CCM, but I think my
>argument remains the same and is still correct)
>
>-derek
>-- 
>       Derek Atkins                 617-623-3745
>       derek@ihtfp.com             www.ihtfp.com
>       Computer and Internet Security Consultant
>
>_______________________________________________
>Cfrg mailing list
>Cfrg@irtf.org
>http://www.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email