IETF Logo Mail Archive

Re: [Cfrg] The new submission "AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption"

Björn Edström <be@bjrn.se> Mon, 07 March 2016 22:40 UTC

Return-Path: <bjorn.edstrom@gmail.com>
X-Original-To: cfrg@ietfc.amsl.com
Delivered-To: cfrg@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id C46451CDCAE for <cfrg@ietfc.amsl.com>; Mon, 7 Mar 2016 14:40:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.35
X-Spam-Level:
X-Spam-Status: No, score=-2.35 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfc.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.41]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zp329yuet-bM for <cfrg@ietfc.amsl.com>; Mon, 7 Mar 2016 14:40:34 -0800 (PST)
Received: from mail-pf0-x22f.google.com (mail-pf0-x22f.google.com [IPv6:2607:f8b0:400e:c00::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfc.amsl.com (Postfix) with ESMTPS id 530B81CD9B9 for <cfrg@irtf.org>; Mon, 7 Mar 2016 14:40:34 -0800 (PST)
Received: by mail-pf0-x22f.google.com with SMTP id 124so88358245pfg.0 for <cfrg@irtf.org>; Mon, 07 Mar 2016 14:40:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-transfer-encoding; bh=2Ki9PeY/ouamhVOe5kvWNkgd+mplAZ2k6NU7ntYCmrA=; b=JrBKSD2w9BAwfEczAIvbTXtqAYumyyx5NWc+FEjEdVCaoH4/VTZry5zj/yap5Jmxpe 1qpuYtmTIUWeyqtujM1/e/aOeC821ud+DhwHHLUt2D41v+VHIgWVJK9qE6P0mgmYpvsG SQB7zlyue4ZaVo0JvmZ6JGrjYNnugUH2NlWuDzzEMR9B1nuy2o0BNo299cnI7/N3978e 0u69kvpYZbETEh8w8KkghJ1vE307HhleSZikwYsmBKRftRoIZpNZE3U+b3NnKY3fG6Sv hielwFNvaW3cJ+Jf6PddsFpo4JPNVpfLsTXC9N5zTNnqDXjoEyzsP2Vp08PnRSuhpCTq mKbA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc:content-transfer-encoding; bh=2Ki9PeY/ouamhVOe5kvWNkgd+mplAZ2k6NU7ntYCmrA=; b=cAO1asWVSN5ndMEa5+3SJ76j5yBVSiOETg7E/lq53wNjdA10B5EAwv84YX7d2rKDkS dmZqSd5a/elL63KseESWiddmu/8BwC4whVR5DEaZmj78kJGgOFf7guHj6I/kXoZoJaaK SQnOdp0apVoDhbWbZ28gpe+QEGMXN67LfnulSbKwbQLmvt155D7+UyUAMRYT+yQBEsHE jr9VQu5FqP2Wp4vm67PupA2URqr+tcQxbC+N5CYj9WkgQF5LbaVke0aRJu/0/1VPFbFw SiYc1xGn2fGzufMP7miHgNaskupJXe/ELToSHjJZEiG1KaGqVocAQbO5jhxo+YUC7NuU oKvQ==
X-Gm-Message-State: AD7BkJK+WD8ia059SuJx2MEL1g3/eYyaez5gemclIHjy8oQ4j+Pswb9LjBbMtB/gnYqqFSZBaS/XsemnAYGgeA==
MIME-Version: 1.0
X-Received: by 10.98.75.10 with SMTP id y10mr36983638pfa.32.1457390433958; Mon, 07 Mar 2016 14:40:33 -0800 (PST)
Sender: bjorn.edstrom@gmail.com
Received: by 10.66.157.197 with HTTP; Mon, 7 Mar 2016 14:40:33 -0800 (PST)
In-Reply-To: <CAHP81y_d97vxRad0JwYksLqjY5rmayNEGBEPEL1tfy-EntU-VA@mail.gmail.com>
References: <CAHP81y_d97vxRad0JwYksLqjY5rmayNEGBEPEL1tfy-EntU-VA@mail.gmail.com>
Date: Mon, 07 Mar 2016 23:40:33 +0100
X-Google-Sender-Auth: qENE_nvgtUW5HuhcTEWutZGhgGk
Message-ID: <CAA4PzX3jAmvoHq-R_6=8U3DDDmcs_-XHDSAgsXdawti2rdXnNw@mail.gmail.com>
From: Björn Edström <be@bjrn.se>
To: Shay Gueron <shay.gueron@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/T06yUezb1JTUen8ZzI4pwchnP-8>
Cc: Yehuda Lindell <Yehuda.Lindell@biu.ac.il>, "cfrg@irtf.org" <cfrg@irtf.org>, Adam Langley <agl@google.com>
Subject: Re: [Cfrg] The new submission "AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption"
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Mar 2016 22:40:35 -0000

" We note that POLYVAL(H, X_1, X_2, ...) is equal to

   ByteSwap(GHASH(x*H, ByteSwap(X_1), ByteSwap(X_2), ...)), where
   ByteSwap is a function that converts a field element to a 128-bit
   string, reverses the order of the bytes, and interprets the result as
   a field element again."

Well done! That's a nice property to help adaption.

Any similar submissions in the CAESAR competition that are worth
considering by the CFRG?

Cheers
Björn



On Sun, Mar 6, 2016 at 4:50 AM, Shay Gueron <shay.gueron@gmail.com> wrote:
> Hello CFRG,
>
>
>
> We would like to draw your attention to our new submission draft entitled
> “AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption”. Posted on
> https://www.ietf.org/internet-drafts/draft-gueron-gcmsiv-00.txt
>
>
>
> The submission specifies two authenticated encryption algorithms that are
> nonce misuse-resistant. Their performance is expected to be roughly on par
> with AES-GCM, when run on modern processors that have AES instructions.
>
>
>
> Security and performance analysis can be found in S. Gueron and Y. Lindell.
> GCM-SIV: Full Nonce Misuse-Resistant Authenticated Encryption at Under One
> Cycle per Byte. In 22nd ACM CCS, pages 109-119, 2015.
>
>
>
> We hope that the CFRG will take this up as a working-group item.
>
>
>
> Thank you,
>
>
>
> Shay Gueron, Adam Langley, Yehuda Lindell
>
>
>
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>

v2.46.0 | Report a Bug | By Email | System Status