[openpgp] SHA3 is standardised as FIPS 202

ianG <iang@iang.org> Thu, 06 August 2015 18:53 UTC

Return-Path: <iang@iang.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C6761ACD3E for <openpgp@ietfa.amsl.com>; Thu, 6 Aug 2015 11:53:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NjM-lv6yw6jq for <openpgp@ietfa.amsl.com>; Thu, 6 Aug 2015 11:52:53 -0700 (PDT)
Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C90D61ACC85 for <openpgp@ietf.org>; Thu, 6 Aug 2015 11:52:53 -0700 (PDT)
Received: from tormenta.local (iang.org [209.197.106.187]) by virulha.pair.com (Postfix) with ESMTPSA id 6EB5B6D71D; Thu, 6 Aug 2015 14:52:52 -0400 (EDT)
Message-ID: <55C3AD0C.1060605@iang.org>
Date: Thu, 06 Aug 2015 19:53:00 +0100
From: ianG <iang@iang.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: openpgp@ietf.org
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/mctOUdSjx0ijmzazqHpJi8KTos4>
Subject: [openpgp] SHA3 is standardised as FIPS 202
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Aug 2015 18:53:00 -0000

It looks like SHA3 is now out as FIPS 202.

http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf

I think.



Now, SHA3 or Keccak as it was better known, is built using the sponge 
construction idea.  Included in the design are a couple of XOFs or 
extendable output functions called SHAKE128 and SHAKE256.

I think these XOFs can be used as encryption algorithms in XOR-stream mode.

Which brings us to a point worth thinking about.  For a future OpenPGP 
release, we could use SHA3 for both the hash algorithm and the stream 
cipher.  Etc.  (There are supposed to be modes that you can do for 
authenticated encryption as well.)

Which then gives us the opportunity to have ONE algorithm provide a much 
larger space of our needs.  If we the SHA3 engine were to form the basis 
of all the symmetric needs, then this would provide for a minimal 
implementation with less code and less complexity.

E.g., we could simply set the Mandatory to Implement (MTI) algorthm to 
the SHA3 family.



Worthwhile?  I'm not saying this will work - I'm just holding out the 
thought experiment that we could substantially ease the burden on 
developers and implementers if we could simplify the set down to one 
common family.



iang