Re: [Cfrg] would it be a good idea for CFRG to try review algorithm documents?

GOST has been reviewed and analyzed by the cryptographic community
(academia included) for ages (well, decades, really). I’ve seen several
publications. As I recall, the only significant weakness found was related
to related-keys <pun intended :>. Of course it uses 64-bit blocks in the
world where (most) everybody embraced 128-bit, and some toy with 256-bit
block ciphers. 

However distinguished this body of cryptographers is, I doubt anything new
would pop up.

But by all means, review away! :-)

P.S. Isn’t Russia moving to Grasshopper (128-bit block cipher), making it
their new standard (“GOST” is an abbreviation for “State Standard”, in
case anybody cares to know :)? I.e., isn’t the “old” GOST becoming
irrelevant?
-- 
Regards,
Uri Blumenthal

On 12/10/15, 7:18 , "Cfrg on behalf of Björn Edström"
<cfrg-bounces@irtf.org on behalf of be@bjrn.se> wrote:

>I 100% support the view that cryptographic proposals should be sanity
>checked by CFRG or another appropriate WG/RG. Specifically for the
>reason you mention Stephen: There may have been recent research that
>invalidates some security assumptions that were previously held.
>
>Cheers
>Björn
>
>
>On Thu, Dec 10, 2015 at 10:58 AM, Stephen Farrell
><stephen.farrell@cs.tcd.ie> wrote:
>>
>> Hiya,
>>
>> On 10/12/15 09:25, Yoav Nir wrote:
>>> Hi, Stephen.
>>>
>>>> On 10 Dec 2015, at 3:38 AM, Stephen Farrell
>>>> <stephen.farrell@cs.tcd.ie> wrote:
>>>>
>>>>
>>>> But as a non-cryptographer, I'd be happier if in future things like
>>>> this (or non-national "vanity" algorithm descriptions) had gotten
>>>> some review from CFRG, however I'm not sure if folks here would be
>>>> generally willing to do that kind of review.
>>>
>>> The kind of review you might get in an IETF WG or in a IRTF RG is
>>> somewhere between a few hours to a few days of work from several
>>> people.
>>>
>>> That is likely enough to review some vanity crypto that someone
>>> thought up all by himself (example: [1]). It is not enough for a full
>>> analysis of cryptography that actually works. The draft you are
>>> talking about is GOST crypto. GOST has a team of good cryptographers
>>> working full-time on these algorithms. I doubt a cursory review by
>>> this list could find any new weaknesses. We might be able to point at
>>> previous work published about such an algorithm, or point out that
>>> the block cipher uses a 64-bit block. But I don’t think it’s likely
>>> to find new stuff.
>>
>> Agreed.
>>
>> Pointing at previous work that affects how to sensibly use an
>> algorithm in IETF protocols, or spotting details that are badly
>> documented, would be what we're after here, not new cryptanalytic
>> results. (If someone had those, and was gonna publish, they'd
>> publish elsewhere for sure.)
>>
>> The reason I think that could be valuable though is that I do
>> think there's expertise on this list that's not available in
>> the IETF and I'd like to avoid a situation where cryptographers
>> come back to us some years later saying "WTF!!? the IETF has said
>> how to use <foo> for <bar>, but <biffle et al> showed years ago
>> that that's only safe for 2^N packets and the <blah> setting
>> has to be <fuffle>."
>>
>> I figure it's reasonably likely that the proponents of the
>> <foo> algorithm might omit such details, not out of
>> crypto-badness but just for normal human-nature reasons or
>> because they assume that everyone using <foo> should know
>> that already.
>>
>> Cheers,
>> S.
>>
>>
>>
>>
>>>
>>> Yoav
>>>
>>> [1] http://www.ietf.org/mail-archive/web/cfrg/current/msg06805.html
>>>
>>
>> _______________________________________________
>> Cfrg mailing list
>> Cfrg@irtf.org
>> https://www.irtf.org/mailman/listinfo/cfrg
>
>_______________________________________________
>Cfrg mailing list
>Cfrg@irtf.org
>https://www.irtf.org/mailman/listinfo/cfrg

Re: [Cfrg] would it be a good idea for CFRG to try review algorithm documents?

Attachment: smime.p7s