Re: [Cfrg] Task for the CFRG
David McGrew <mcgrew@cisco.com> Mon, 12 August 2013 13:31 UTC
Return-Path: <mcgrew@cisco.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8AD921F8F29 for <cfrg@ietfa.amsl.com>; Mon, 12 Aug 2013 06:31:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level:
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JfWpdzAvU5op for <cfrg@ietfa.amsl.com>; Mon, 12 Aug 2013 06:31:49 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) by ietfa.amsl.com (Postfix) with ESMTP id 5037221F9CC3 for <cfrg@irtf.org>; Mon, 12 Aug 2013 06:23:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2326; q=dns/txt; s=iport; t=1376313800; x=1377523400; h=message-id:subject:from:to:cc:date:in-reply-to: references:mime-version:content-transfer-encoding; bh=9ntUdDPCj+Q/Xu/+hmPP6kaPwoLDJ+pBeT2EZHj5gRU=; b=PAo9/jUZ/G1HiyGBbmc98otgzyIRTudRbiY+vw2VjJ4S3TbHsaspuovm 2f2giyd0X6N0Njunq3WsI4uGfBTl7C1WT5+nTscG2MzS/aYzJtPVZ1bXv iX25KLn6tvEHxgYs0SsLNVevzyar2VcNQePXIW4E1Sfgl0RghKRG8itgB M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgMFAJfgCFKtJXHA/2dsb2JhbABagwY1g2O7QYEZFnSCJAEBAQIBAQEBASAECwE7CxALGAICJgICJzAGEwmIAQYMpQKRIoEpjBOBLoFRB4JogSkDngyGBYUkgzcg
X-IronPort-AV: E=Sophos;i="4.89,862,1367971200"; d="scan'208";a="246323855"
Received: from rcdn-core2-5.cisco.com ([173.37.113.192]) by rcdn-iport-4.cisco.com with ESMTP; 12 Aug 2013 13:23:19 +0000
Received: from [10.0.2.15] (rtp-mcgrew-8913.cisco.com [10.117.10.228]) by rcdn-core2-5.cisco.com (8.14.5/8.14.5) with ESMTP id r7CDNIdt019034; Mon, 12 Aug 2013 13:23:18 GMT
Message-ID: <1376313807.4318.303.camel@darkstar>
From: David McGrew <mcgrew@cisco.com>
To: "Igoe, Kevin M." <kmigoe@nsa.gov>
Date: Mon, 12 Aug 2013 09:23:27 -0400
In-Reply-To: <3C4AAD4B5304AB44A6BA85173B4675CAB247161D@MSMR-GH1-UEA03.corp.nsa.gov>
References: <3C4AAD4B5304AB44A6BA85173B4675CAB247161D@MSMR-GH1-UEA03.corp.nsa.gov>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.4.4-3
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Task for the CFRG
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Aug 2013 13:31:54 -0000
Thanks Kevin for laying out the questions and background here; I have a short comment inline: On Thu, 2013-08-08 at 19:45 +0000, Igoe, Kevin M. wrote: > The TLS WG has asked the CFRG for their opinion for a stream cipher, > eSTREAM-SALSA20, > and two MAC algorithms, UMAC and POLY1305, that have been suggested > for use in TLS > (draft-josefsson-salsa20-tls-02). This was presented to the TLS WG at > IETF-87, slides can > be found at > http://www.ietf.org/proceedings/87/slides/slides-87-tls-2.pdf. > The SALSA family works on blocks of 512 bits, and forms a key stream > in 512-bit blocks by > applying a fixed map V^{512}->V^{512} to an input consisting of the > key (either 16 octets or > 32 octets), an 8-octet block counter, an 8-octet IV, and 16 constant > octets. > > SALSA20 was one of the five finalists for a software stream cipher in > the eSTREAM > contest run by ECRYPTII (see http://www.ecrypt.eu.org/stream/). > > UMAC has been around since 1999 and is described in RFC 4418. The UMAC details evolved over the years, as people who have been in this RG since 2005 will recall (as the RFC was reviewed on this list). David > > POLY1305 first showed up as POLY1305-AES, but all it needs from AES is > a 16 byte block > of output. Adapting this to SALSA is straightforward. The 1305 in the > name reflects the > fact that it uses arithmetic modulo 2^{130} – 5. See > http://cr.yp.to/mac/poly1305-20050329.pdf > for a description of poly1305-AES. > > Off the top of my head, the only objection I can see is that SALSA may > be difficult to > implement efficiently in hardware. Hardware TLS acceleration can be > useful at heavily > utilized servers. > > The most current attempt to attack SALSA that I could find is a 2012 > paper on the IACR > e-print server. > > ----------------+-------------------------------------------------- > Kevin M. Igoe | "We can't solve problems by using the same kind > kmigoe@nsa.gov | of thinking we used when we created them." > | - Albert Einstein - > ----------------+-------------------------------------------------- > > > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > http://www.irtf.org/mailman/listinfo/cfrg
- Re: [Cfrg] Task for the CFRG zooko
- [Cfrg] Task for the CFRG Igoe, Kevin M.
- Re: [Cfrg] Task for the CFRG Ted Krovetz
- Re: [Cfrg] Task for the CFRG Blumenthal, Uri - 0558 - MITLL
- [Cfrg] theoretical question ... RE: Task for the … Dan Brown
- Re: [Cfrg] Task for the CFRG David McGrew
- [Cfrg] problems with draft-josefsson-salsa20-tls-… David McGrew
- Re: [Cfrg] Task for the CFRG Ben Laurie
- Re: [Cfrg] Task for the CFRG Paul Hoffman
- Re: [Cfrg] Task for the CFRG Joachim Strömbergson
- Re: [Cfrg] problems with draft-josefsson-salsa20-… Nikos Mavrogiannopoulos
- Re: [Cfrg] problems with draft-josefsson-salsa20-… zooko
- Re: [Cfrg] problems with draft-josefsson-salsa20-… David McGrew
- Re: [Cfrg] problems with draft-josefsson-salsa20-… Nikos Mavrogiannopoulos