[Cfrg] FW: Request for review of ChaCha/Poly1305

Gordon Procter <gtprocter@gmail.com> Tue, 29 July 2014 10:05 UTC

Return-Path: <gtprocter@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id ADC261A033E for <cfrg@ietfa.amsl.com>; Tue, 29 Jul 2014 03:05:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 5vsemQ4wK0pW for <cfrg@ietfa.amsl.com>; Tue, 29 Jul 2014 03:05:56 -0700 (PDT)
Received: from mail-qa0-x230.google.com (mail-qa0-x230.google.com [IPv6:2607:f8b0:400d:c00::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA83E1A0101 for <cfrg@irtf.org>; Tue, 29 Jul 2014 03:05:55 -0700 (PDT)
Received: by mail-qa0-f48.google.com with SMTP id m5so8932611qaj.7 for <cfrg@irtf.org>; Tue, 29 Jul 2014 03:05:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=dJSO43aMuSYVUyGW1UKvYspeoeg3qOXXWbe9ntlIlIc=; b=SbleYQ13Ojez/NcnW3S3Q283I5kLR5PTW1hglxGktbJJu5Cc3pyOBcfxsbDvRLkz4c ma/z3ITKn+m+oP/Rquo3bz/ZNs5d7IvYdsTOOUe9+BBqAfktGXqk/s5jJWngcF2xkzlz eYkTFyxX6/ItgyiA+YbNEcFXNCRKtS7xlBMKqP92lbGy/A1/ZBzgiJ0RtGKLnTAkWRR4 irpbaSSOxVAH+lvyfPjH6DKiS1wXMCiTQsSqcric3304ozVNu1ZV4RF1kE4bckX6nMFw IG1fdzCKNf5unIC9WZ/mj6crAMtn55EtjjcmCsfI+rHMFgkLHI4EySdg95P+XjBucR9I 29EA==
X-Received: by with SMTP id g63mr1637015qge.90.1406628353965; Tue, 29 Jul 2014 03:05:53 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Tue, 29 Jul 2014 03:05:33 -0700 (PDT)
From: Gordon Procter <gtprocter@gmail.com>
Date: Tue, 29 Jul 2014 11:05:33 +0100
Message-ID: <CAJgFzNejJktAUmagGD6hWcHxLJp=2nxyZ6axuENdTiw6kPtA5Q@mail.gmail.com>
To: cfrg@irtf.org
Content-Type: multipart/alternative; boundary="001a113a22ba5e861604ff522f88"
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/n1g5fqDup4KhzpAjml3gR96Y1dM
Subject: [Cfrg] FW: Request for review of ChaCha/Poly1305
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jul 2014 10:05:58 -0000

On 25/07/2014 12:04, "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> wrote:

>Dear CFRG,
>We have been formally requested by the TLS WG to provide review on this
>defining an AEAD construction using the ChaCha and Poly1305 algorithms.
>This scheme is being considered by the TLS WG for adoption in TLS.
>There are two aspects to the request:
>A) analysis of the individual algorithms;
>B) analysis of the composition (in Section 2.8 of the document).
>My sense is that novel analysis of the algorithms (A) is not likely to be
>forthcoming from this group within a realistic timeframe. We can instead
>hope that the adoption of ChaCha in TLS will spur further analysis of it
>by the research community in the longer term.
>On the other hand, analysis of the composition (B) should be within our
>collective reach within a realistic timeframe.
>Comments, please.
>Best wishes
>Kenny (for the chairs)

Hi Kenny,

I can spend some time looking at this (specifically the composition).