Re: [saag] [CFRG] NIST Leightweight Crypto report
Matt Sicker <boards@gmail.com> Tue, 27 July 2021 16:12 UTC
Return-Path: <boards@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD0E43A02DC for <saag@ietfa.amsl.com>; Tue, 27 Jul 2021 09:12:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mhw9ECry7ljJ for <saag@ietfa.amsl.com>; Tue, 27 Jul 2021 09:12:39 -0700 (PDT)
Received: from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com [IPv6:2a00:1450:4864:20::42e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0380A3A02BB for <saag@ietf.org>; Tue, 27 Jul 2021 09:12:38 -0700 (PDT)
Received: by mail-wr1-x42e.google.com with SMTP id b9so15006240wrx.12 for <saag@ietf.org>; Tue, 27 Jul 2021 09:12:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=V7JOXnGAAuHANmbJVDbmgOjov5CoFlgI1Dio7Iotq/M=; b=YGqj0ceJqmIuEwUPd6TIThLzLfG+dRIGvLyX4UgEqNV+Rqn0psohE/tbbn59A1DQpv tlpePCp0n2F0KJ2aVLm6QFkeIlAbdjPYxLv5e0fHg73Utq32ZQGBOChOQVfy6trVF8+l 1WJ7Ata2/cxClrdFG7vvAr+x18dJZahdeFiNLOeKi/kgzow/OcstNRFqg/5pA62FxoZj t8x1Hy2hgZWC/Qc0wJZ2nN0vyIBok/id94+1ubXgCxS20Bgl19ujnKymDizFNXr/TMNV 64KoUeSRTe0R+SQ2ouxD8aomhuvFVJD1kCNEvVx/r6zJk8CyFz+RJUOpV213bCkKQrBd CL+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=V7JOXnGAAuHANmbJVDbmgOjov5CoFlgI1Dio7Iotq/M=; b=qz15pQvVlaUkD7+5PWya/yy2YLsp5Eum6wnIDkP5K4bJN1B1o7Rc60/wj4Yv7SxZ42 sbhaum3RalrwxKzM9dcy7NLb0IQilgDPVN3ZhjOmty7rOPdoLFPhDsudxPNjDX3xFQvw jElS5zYvyVddtlPsBF4mrOUEO8JOycFqazltfXYSg+YALHm4leLPWEk4KG1M+ihkA1Vx mxZgi5N+rifjTja4oDoiS1Hx88vugpW4AVcTe5EK84LEsIslKfuS+K47L/eHz0PI8het R8IRPSHMWmNcGxAtZaB2KvHKugX4+m/ijgzJRQ6xZ/k1m7wnRiAXFnDH9bopzQFQJeU/ dcmA==
X-Gm-Message-State: AOAM531Rslkw9tLezD3wJ6ayUtnMZzVl7S4StDjyEf/8p0/VLFun6Bv8 CTdqRkOOS7noskla7XNThwVlg3/BxqcmvcthXhA=
X-Google-Smtp-Source: ABdhPJyhmcWDON20s29U+N2iNRNHQOcFoMjj9mPqNUV2P/qQ6RogFVUFCgW6Bn9IMtj4foRciUhf2XlDw9mgVVo79cs=
X-Received: by 2002:a5d:51d2:: with SMTP id n18mr25876132wrv.72.1627402355850; Tue, 27 Jul 2021 09:12:35 -0700 (PDT)
MIME-Version: 1.0
References: <bf72532c-d0dc-f76e-17a1-e3a2c3c47953@htt-consult.com> <7ABA9FFF-0C44-4010-940E-2C31C0B345D5@ll.mit.edu>
In-Reply-To: <7ABA9FFF-0C44-4010-940E-2C31C0B345D5@ll.mit.edu>
From: Matt Sicker <boards@gmail.com>
Date: Tue, 27 Jul 2021 11:12:24 -0500
Message-ID: <CACmp6kqTUF4BuVzsAWpVZO91D26=N+UZwEZ4Rv6cjy35n7ixuA@mail.gmail.com>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
Cc: Robert Moskowitz <rgm-sec@htt-consult.com>, "cfrg@irtf.org" <cfrg@irtf.org>, "saag@ietf.org" <saag@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/CoBwRGWyn4XPZBfQrzsvttwrL5Q>
X-Mailman-Approved-At: Fri, 30 Jul 2021 09:47:37 -0700
Subject: Re: [saag] [CFRG] NIST Leightweight Crypto report
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jul 2021 16:12:44 -0000
Also a fan of Xoodyak here. I ported some of the LWC algorithms to Java as an experiment back during the first or second round, and my top choices were Xoodyak for its super useful Cyclist mode along with Ascon for speed and simplicity (and ISAP looked promising, but it's essentially a different mode of operation on Keccak or Ascon permutations). Really, all the sponge function algorithms have a ton of promise for improving the developer experience of actually using cryptography in practice. On Tue, Jul 27, 2021 at 10:22 AM Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu> wrote: > > I have no comment, but one question: which of the NIST Lightweight Crypto candidates provide nonce misuse resistance, at least at the level comparable with SIV mode? > > -- > Regards, > Uri > > There are two ways to design a system. One is to make is so simple there are obviously no deficiencies. > The other is to make it so complex there are no obvious deficiencies. > - C. A. R. Hoare > > > On 7/27/21, 11:06, "CFRG on behalf of Robert Moskowitz" <cfrg-bounces@irtf.org on behalf of rgm-sec@htt-consult.com> wrote: > > NIST just came out with: NISTIR 8369 > > > "Status Report on the Second Round of the NIST Lightweight Cryptography > Standardization Process" > > https://csrc.nist.gov/publications/detail/nistir/8369/final > > I have been working with Xoodyak which is one of the 4 AEAD/hashing > finalists. You can see how I am using it in: > > https://datatracker.ietf.org/doc/draft-moskowitz-hip-new-crypto/ > > I "like" Xoodyak, as I am able to use it much like Keccak/SHA3/SHAKE. > It does not come with the nice standardized calls as in SP800-185, but I > think I have duplicated SHAKE/cSHAKE/KMAC with Xoodyak in my draft. > Comments welcome! > > It has been implemented in openHIP. > > Bob > > _______________________________________________ > CFRG mailing list > CFRG@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg > _______________________________________________ > CFRG mailing list > CFRG@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg
- [saag] NIST Leightweight Crypto report Robert Moskowitz
- Re: [saag] [CFRG] NIST Leightweight Crypto report Blumenthal, Uri - 0553 - MITLL
- Re: [saag] [CFRG] NIST Leightweight Crypto report Thomas Peyrin
- Re: [saag] [CFRG] NIST Leightweight Crypto report Blumenthal, Uri - 0553 - MITLL
- Re: [saag] [CFRG] NIST Leightweight Crypto report Matt Sicker