Re: [TLS] Include Speck block cipher?

Sean Turner <sean@sn3rd.com> Mon, 21 March 2016 14:27 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47EA012D84D for <tls@ietfa.amsl.com>; Mon, 21 Mar 2016 07:27:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ATz-T4sr9hoZ for <tls@ietfa.amsl.com>; Mon, 21 Mar 2016 07:27:16 -0700 (PDT)
Received: from mail-qg0-x22d.google.com (mail-qg0-x22d.google.com [IPv6:2607:f8b0:400d:c04::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 515D612D6A5 for <tls@ietf.org>; Mon, 21 Mar 2016 07:27:16 -0700 (PDT)
Received: by mail-qg0-x22d.google.com with SMTP id w104so153221923qge.1 for <tls@ietf.org>; Mon, 21 Mar 2016 07:27:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=RsbQruZlPFIDpa0qFqEbiEZgxiV0hD9lvP78rRwQGQg=; b=MwlyTXcWElp7eRIlL49MRA+GT8ZRvJ6SI+9LTEWmlRBMc6FwbrHIahWkQvBbtj0xrY PmNS53M0yI5ObsxWS6zTU3L0BU9OjE5Z7Nrxc4rgIy+3Cy1HjUTCVEwNIAgaHqFMnS2Z MoSCWc1geOJrBy5psIlkeZFq6z4YYK197u2E4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=RsbQruZlPFIDpa0qFqEbiEZgxiV0hD9lvP78rRwQGQg=; b=eeEOf8XzSlyAb4NqiUThQ+QbXaJVG9YgGY3u6MxytTICoONSE9CyDHB1/p4K5H4r8N 3RF6dZgqkWu5giQL0AwU1x9X3OGBqFbqE1MrP47c1ui2iE3A8BcTuXxu/Cf81vHYL4wZ xniYU9YWKyo76pSit7F/dHFiVnoKrf9gu13f5CeDU0Q3ketMkHrHf4rkZF8p0IJxcn24 GTBVVrqnfy5SvLM91OdSbIIxL1i/4T+l6uaSZHcTDMqnJkKiRyNtI5TApxONWU8VJKnH EKB1V9APy6xqI6bsMMc02Ij3C/W3nBDyPRALvpc5YZokz1SqTtnwFcfWqEukPR0ukMBA 5y9A==
X-Gm-Message-State: AD7BkJI2Gabe8GWo6WITR9VQBmaoFt7HzeX8zLPCPiwApWp3mYTIFM8ovM4Vu6di6wKhhA==
X-Received: by 10.141.4.135 with SMTP id g129mr43792417qhd.31.1458570435416; Mon, 21 Mar 2016 07:27:15 -0700 (PDT)
Received: from [172.16.0.112] ([96.231.217.211]) by smtp.gmail.com with ESMTPSA id r18sm12379680qkl.24.2016.03.21.07.27.14 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 21 Mar 2016 07:27:14 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <CADBJ=uR0=Kj-68yojXYyqfKJoEncOXV1c-ia3=Az7s_7WqyWYQ@mail.gmail.com>
Date: Mon, 21 Mar 2016 10:27:13 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <BB6F58B0-4EA9-40B4-B7BB-BE57C3E0D40E@sn3rd.com>
References: <CADBJ=uRVC_2ttFXcdgTRamQkrL=EL3hJ7z1xmTGcW_dX01FhZw@mail.gmail.com> <690C4271-64DE-4F61-8283-C5BE7A575BFC@azet.org> <CADBJ=uR0=Kj-68yojXYyqfKJoEncOXV1c-ia3=Az7s_7WqyWYQ@mail.gmail.com>
To: Efthymios Iosifides <iosifidise@gmail.com>
X-Mailer: Apple Mail (2.3112)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/6AQ5fuzCOl55MBFW-VdsZ1i7nbs>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Include Speck block cipher?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2016 14:27:18 -0000

If we’re going to get into the cryptanalysis of SPECK then this thread should move off the TLS list and possibly to the CFRG list.

spt

> On Mar 21, 2016, at 10:07, Efthymios Iosifides <iosifidise@gmail.com>; wrote:
> 
> >I don't see any compelling argument for the inclusion of SPECK? Not only would the affiliation with NSA give the >TLS-WG a bad rep. in the public, more importantly, it makes one of our main problems worse: combinatorial explosion >of possible cipher-suites in TLS. This problem is so bad that it needs multiple blog posts, an effort by Mozilla and >bettercrypto.org to get sys-admins to configure their services.
> 
> 
> Hi all.
> 
> The reputation aspect is not necessarily and strictly correlated with it's provenance, but with it's actual security and performance. And the SPECK we shall note that performs quite well. Also we shall not forget that even the infamous AES has been approved by the NSA before the widespread use of it. In any case i wouldn't like for us to stand on the popular press. On the other hand we shall evaluate if the SPECK could be actually used. For example, the fact that it lacks extensive cryptanalysis is a serious argument for not using it today, but what about the future specifications. On top to that what if we could prove that the SPECK can have better performance than other algos without sacrificing the security. 
> 
> 
> BRs,
> Efthimios Iosifides
> 
> 2016-03-18 19:49 GMT+02:00 Aaron Zauner <azet@azet.org>;:
> Hi,
> 
> > On 17 Mar 2016, at 07:35, Efthymios Iosifides <iosifidise@gmail.com>; wrote:
> >
> > Hello all.
> >
> > I have just found on the ietf archives an email discussion about the inclusion of the SPECK Cipher
> > in the tls standards.
> > It's reference is below :https://www.ietf.org/mail-archive/web/tls/current/msg13824.html
> >
> > Even though that this cipher originates from the NSA one cannot find a whitepaper that describes it's full cryptanalysis. In the above discussion Mr. Strömbergson somehow perfunctorily presents two whitepapers that describe the SPECK's cryptanalysis. Although we shall keep in mind that these papers describe a limited round cryptanalysis. Also we shall not forget that a similar cryptanalysis has taken place for the famous AES. Therefore i personally do not see any actual arguments apart from the facts that concerns the algorithm's  provenance for not including it in a future tls specification. In conclusion even by this day the SPECK cipher has not been yet fully cryptanalyzed succesfully.
> 
> I don't see any compelling argument for the inclusion of SPECK? Not only would the affiliation with NSA give the TLS-WG a bad rep. in the public, more importantly, it makes one of our main problems worse: combinatorial explosion of possible cipher-suites in TLS. This problem is so bad that it needs multiple blog posts, an effort by Mozilla and bettercrypto.org to get sys-admins to configure their services.
> 
> Aaron
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls