IETF Logo Mail Archive

[CFRG] Update of the AEGIS draft

Frank Denis <cfrg@pureftpd.org> Fri, 14 April 2023 13:57 UTC

Return-Path: <cfrg@pureftpd.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D963C14CEFF for <cfrg@ietfa.amsl.com>; Fri, 14 Apr 2023 06:57:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pureftpd.org; domainkeys=pass (2048-bit key) header.from=cfrg@pureftpd.org header.d=pureftpd.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lpt_zmFOC4Yz for <cfrg@ietfa.amsl.com>; Fri, 14 Apr 2023 06:57:09 -0700 (PDT)
Received: from mailout-uk.mx.c9x.org (mailout-uk.mx.c9x.org [137.74.223.233]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA512) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE1C7C1516FF for <cfrg@irtf.org>; Fri, 14 Apr 2023 06:57:07 -0700 (PDT)
Received: from msync.c9x.org (localhost [127.0.0.1]) by msync.c9x.org (OpenSMTPD) with ESMTP id 976aa09e for <cfrg@irtf.org>; Fri, 14 Apr 2023 15:57:04 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pureftpd.org; h=from :content-type:mime-version:subject:message-id:date:to; s= selector1; bh=rN1ogHlqzZ0EuGxW/HUggDSw17s=; b=HVBbNfDxWvcoN0dWcB WdwpNnlmfG3kvmZoOAVRm5rtxJouj40sDA8t0qgKyEH/c7ofzq+og9IE6w0MAiEU /tktMPOyAiqTAXXCqKQKCM71hIM9g/u1gYZif8sg1lB7/jhyjSu5cc+Sg3006ecK qmTM4QIgwQtEv43XXs6xrgTcGqUCLmBwmeKUVe6KozxMZxrnDa78ZpQX5ZWWu+4r O9wNUfhwh3DMIf3YExrxR0rc9wEax+QMcsjbVFeW1INUxYwOhz5w6eBptiSRiivP Fs/gPjZPe96/Q6SDxb2XsHbwF6cATr30MhOI51nS1Zj9MbfMCZqXF0Qf8017r1SM OSLA==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pureftpd.org; h=from :content-type:mime-version:subject:message-id:date:to; q=dns; s= selector1; b=UeWsET5IL7uqcPc3Mqqj7MYL66QpicRNtdoFtz727pslqjwC1eF 0itLSTPsI9Wj4KWkiphnYB5svw2rTGN/5A8CIBWWaLI4Y+1ERKlVuLcRZ/WC+zCZ Uy6xX4AY2xX8RK2UeS4E0aPGHUs4uQSyMF7mY8iCDX3ch2V6togmSzH3PC2Pmph4 YFZoZEt+t9SIxB2fCZ2yIJZOGv7LMK13HyLb2herzw0vUMz7GEm1m1MGJYsK8RcW vadao9nm0XXZO5Fr3gVNW5Pno9dkGKpzKIZSSnIWruYHhmix17tjwtcbZxbPX68K XU08kBR6vbh7ehEzCAhKtkdKfrPka9774hg==
Received: from smtpclient.apple (nogent.c9x.org [82.66.97.28]) by premiere.mx.c9x.org (OpenSMTPD) with ESMTPSA id b1871ac9 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO) for <cfrg@irtf.org>; Fri, 14 Apr 2023 15:57:04 +0200 (CEST)
From: Frank Denis <cfrg@pureftpd.org>
Content-Type: multipart/alternative; boundary="Apple-Mail=_44E9ECB6-F06B-4C5E-BC4A-DBA8F3022A5C"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.4\))
Message-Id: <2F9EE079-3605-4451-BA69-99F12CE7AE38@pureftpd.org>
Date: Fri, 14 Apr 2023 15:56:53 +0200
To: IRTF CFRG <cfrg@irtf.org>
X-Mailer: Apple Mail (2.3731.600.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/zPBnp4N2iYqQGWFZLF0iu5XVE48>
Subject: [CFRG] Update of the AEGIS draft
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Apr 2023 13:57:14 -0000

Hi all,

A new revision of the draft on the AEGIS family of authenticated encryption algorithms was recently published.

AEGIS is an AEAD designed for high performance applications, with significant advantages over AES-GCM:
- Fast. 2x to 4x faster than AES-GCM on CPUs with AES pipelines. Software implementations also tend to be faster
- Very simple to implement securely and efficiently using only the AES forward round function
- Reduced memory usage: doesn’t require precomputing a key schedule nor powers of the MAC key to achieve optimal performance
- Large nonce size (128 bits for AEGIS-128L, 256 bits for AEGIS-256)
- Better security bounds
- Context committing
- Backtracking resistant

In addition to internal deployments, AEGIS is already deployed in OVH routers, in the Linux kernel and in VPN software.

Multiple implementations exist (C, C++, Rust, Zig, Python, Go, Assembly), most of them having been written independently, using only the specification:
https://github.com/jedisct1/draft-aegis-aead#known-implementations
In addition to reference code and to the specification, Google’s Project Wycheproof includes an extensive set of test vectors for AEGIS.

For evaluation purposes, AEGIS can be used as an alternative to AES-GCM in the context of TLS.
In order to ensure interoperability, IANA has assigned identifiers for AEGIS-based cipher suites.
There is a maintained fork of BoringSSL that supports these cipher suites. The TLS stack of the Zig standard library also supports these suites out of the box.

Feedback would be very useful. We would love to see this document move forward.

Direct links to the draft:
- latest version (editor’s copy): https://jedisct1.github.io/draft-aegis-aead/#go.draft-irtf-cfrg-aegis-aead.html
- datatracker page: https://datatracker.ietf.org/doc/draft-irtf-cfrg-aegis-aead

Kind regards,

-Frank.

v2.23.0 | Report a Bug | By Email