Re: [Cfrg] I-D Action: draft-irtf-cfrg-xchacha-00.txt
Ted Krovetz <ted@krovetz.net> Wed, 12 June 2019 17:19 UTC
Return-Path: <ted@krovetz.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF93E1201D3 for <cfrg@ietfa.amsl.com>; Wed, 12 Jun 2019 10:19:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.12
X-Spam-Level:
X-Spam-Status: No, score=-1.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=krovetz-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i8o42IEW2d-d for <cfrg@ietfa.amsl.com>; Wed, 12 Jun 2019 10:19:16 -0700 (PDT)
Received: from mail-pg1-x536.google.com (mail-pg1-x536.google.com [IPv6:2607:f8b0:4864:20::536]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 933C612016D for <cfrg@ietf.org>; Wed, 12 Jun 2019 10:19:16 -0700 (PDT)
Received: by mail-pg1-x536.google.com with SMTP id 196so9280763pgc.6 for <cfrg@ietf.org>; Wed, 12 Jun 2019 10:19:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krovetz-net.20150623.gappssmtp.com; s=20150623; h=from:content-transfer-encoding:mime-version:subject:date:references :to:in-reply-to:message-id; bh=ya1q+/7SVZRktX1WOO0t7GDDKFjI+2NjXPZIPRCQ5YI=; b=fAg93KvlT08eeVBinVCH1l7XyI4BKdwgGk9TFdC0ItcWbgcNGeM913bFpEm2dueUoM I7bt/LAGhR/fWc2cg5SWafREQhJEXKJAEcNINiUTkerEYvMzW3RZf1Gh/vEWBDGK2S42 deW01i39VaLCiZwvN18StcXlfCyI2vUFDYWGBkGlmyqxvKnclCG71S2gJeedpMIWt7pq TmbRlFqME7N5UvYlP9se6B7VnElsOqWhMfZ4jstnlrdcGI1SMHitR8dd7TIdQhA6DcDX T9yh1gyoiHanChQ9O4VD7KhrTVQ1AZTpmZwlP1yVwaAhwiMx4cIBr/8LY6VgO6zLM7zg t6jw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:date:references:to:in-reply-to:message-id; bh=ya1q+/7SVZRktX1WOO0t7GDDKFjI+2NjXPZIPRCQ5YI=; b=PF+uYSEtn5rbbMRU1BZiOCpdvOABdmI2dfRf2NYkTwu1mEmlpMPzGnw56h4dSFxqLC R7Ag0/kPXhW5o01we4+G3SyFd6Wg8WAwfkhO/pmN5TAhTerOWA43U2k9oq1xVMgNatOI VxGj+vMrN+1foDd6cgo5t2JLGeqMZOyUeRQMWFjt33VfXshyTn0/+evjx1Z9ZZkJKAHE CdQhw4dtyussj6YRlGcEFWOD2+D2AM4xAnsVckCY6cafzI0BIDrkTeyseLqPsyIqED3r vse7rYRWNe04HtizjwXX3zvw0L1SMZqq/Yfcg6GTEt2qrAQbqpzIzIVebyPIetOnJerH N1hg==
X-Gm-Message-State: APjAAAWmFvf4YQtal9fWl7BeY3s4Csx2waGsloy+bnBlU7TgiGpbSOs2 t50ym7MC1zDpibYF8+y+59ZRTghSSsTwyw==
X-Google-Smtp-Source: APXvYqzqOv+9tR7v/ZI4RxgcaNjcRmOJ3JaLHvHpQfWSDnB7DnKNnGuol5kHSKJWyYfIL6S6dNZ8nQ==
X-Received: by 2002:a63:4c14:: with SMTP id z20mr25981654pga.360.1560359955345; Wed, 12 Jun 2019 10:19:15 -0700 (PDT)
Received: from ?IPv6:2600:1700:7c70:16a0:6410:e7ca:60cb:db25? ([2600:1700:7c70:16a0:6410:e7ca:60cb:db25]) by smtp.gmail.com with ESMTPSA id w36sm95692pgl.62.2019.06.12.10.19.14 for <cfrg@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 Jun 2019 10:19:14 -0700 (PDT)
From: Ted Krovetz <ted@krovetz.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Wed, 12 Jun 2019 10:19:13 -0700
References: <156035585695.14108.5708789226448967402@ietfa.amsl.com>
To: cfrg@ietf.org
In-Reply-To: <156035585695.14108.5708789226448967402@ietfa.amsl.com>
Message-Id: <3195111E-910A-460A-86B3-A41F89F571E1@krovetz.net>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/TJSlZe0DeH4OjOkAW69lZEBk07U>
Subject: Re: [Cfrg] I-D Action: draft-irtf-cfrg-xchacha-00.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jun 2019 17:19:25 -0000
Is an extended nonce processor necessary? It seems that if we think of the Salsa/Chacha core as the primitive rather than Salsa/Chacha itself, then one could achieve the same goals without the addition of the nonce preprocessing. If you view the Salsa/Chacha core as a PRF from 384 bit inputs to 512 bit outputs -- which is essentially what the Rhumba hash function does -- then you could allocate 192 bits of the input for a key, 128 bits for nonce, and 64 bits for counter. Assuming the Salsa/Chacha core is a PRF, then you could go farther by XORing the nonce into the key, allowing up to 320 bits of nonce and 64 bits of counter. It would be nice if some cryptanalysts looked at this hypothesis. Since high quality implementations of Chacha are making their way into crypto libraries, it would be nice to know that the Chacha core could be co-opted as a PRF. > On Jun 12, 2019, at 9:10 AM, internet-drafts@ietf.org wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Crypto Forum RG of the IRTF. > > Title : XChaCha: eXtended-nonce ChaCha and AEAD_XChaCha20_Poly1305
- [Cfrg] I-D Action: draft-irtf-cfrg-xchacha-00.txt internet-drafts
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-xchacha-00… Ted Krovetz