Re: [TLS] Include Speck block cipher?

Joachim Strömbergson <joachim@secworks.se> Mon, 21 March 2016 08:21 UTC

Return-Path: <joachim@secworks.se>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE28F12D6EF for <tls@ietfa.amsl.com>; Mon, 21 Mar 2016 01:21:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tUXPkNo1DJbl for <tls@ietfa.amsl.com>; Mon, 21 Mar 2016 01:21:43 -0700 (PDT)
Received: from mail.frobbit.se (mail.frobbit.se [IPv6:2a02:80:3ffe::176]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D14412D6D8 for <tls@ietf.org>; Mon, 21 Mar 2016 01:21:43 -0700 (PDT)
Received: from Knubbis.local (unknown [80.252.219.34]) by mail.frobbit.se (Postfix) with ESMTPSA id 779E9206E8; Mon, 21 Mar 2016 09:21:40 +0100 (CET)
Message-ID: <56EFAF13.3070203@secworks.se>
Date: Mon, 21 Mar 2016 09:21:39 +0100
From: =?ISO-8859-1?Q?Joachim_Str=F6mbergson?= <joachim@secworks.se>
User-Agent: Postbox 4.0.8 (Macintosh/20151105)
MIME-Version: 1.0
To: Tom Ritter <tom@ritter.vg>
References: <CADBJ=uRVC_2ttFXcdgTRamQkrL=EL3hJ7z1xmTGcW_dX01FhZw@mail.gmail.com> <98D69E40-44F4-4BA0-83F6-1B804B4AABB7@shiftleft.org> <CABkgnnWQYvYEWO4CHeBZGq4-SYiF178+piGzyMmvEqVkcHov4w@mail.gmail.com> <CA+cU71kdynhmZpLUqeqw=N-AqnBnCWiAWGN+Scsb+wmb1KdGqw@mail.gmail.com>
In-Reply-To: <CA+cU71kdynhmZpLUqeqw=N-AqnBnCWiAWGN+Scsb+wmb1KdGqw@mail.gmail.com>
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/GksqpzQ_Uw0a6GD8F_xw2zTIJ2I>
Cc: klimn@di.uoa.gr, Efthymios Iosifides <iosifidise@gmail.com>, "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] Include Speck block cipher?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2016 08:21:47 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Tom Ritter wrote:
> On 17 March 2016 at 21:09, Martin Thomson <martin.thomson@gmail.com>;
> wrote:
>> On 18 March 2016 at 12:37, Mike Hamburg <mike@shiftleft.org>;
>> wrote:
>>> No.  The goal should be to remove ciphers, not add new ones,
>>> unless we have a really compelling reason.
>> A necessary, but sufficient set of reasons might include:
>> 
>> 1. thorough cryptanalysis 2. advantages over existing ciphers on
>> important metrics like security and speed, though this would likely
>> need to be significant at this point 3. interest in implementation
>> 
>> Speck is 0 from 3.
> 
> I might make it .5 for 3. Speck is specifically designed to be a 
> lightweight cipher for constrained devices. With RC4 dead in the
> water - we don't have one of those. (Unless ChaCha20 is better than 
> Speck/Simon/related...)

ChaCha20 was not explicitly designed to be lightweight. That said, it is
fairly compact and get good performance on smaller architectures. Even
though the internal variables ate 64-bit, the ARX operations are easy to
map to smaller registers. The closely related Salsa20 cipher requires
about 5 cycles/byte on ARM:

https://www.hyperelliptic.org/tanja/vortraege/20121129.pdf


But if we wanted algorithms optimized for embedded, small architectures
we could look at the ECRYPT eSTREAM profile 2 ciphers:

http://www.ecrypt.eu.org/stream/

AFAIK they did get a fair amount of analysis.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim@secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJW768TAAoJEF3cfFQkIuyNI6kQAJqE8LL0RJl4hZGufq/qeMId
q4t6m+kHLu0mZhufNUAs15yMz5XA4El0ZBOKuNml4sUUYRZWyUCinALjXvJ6gxEV
jptsj9XiEKYGrmIOjOZxBo85oeKYgDKDvvXmgS5BWmsOFzvjTteuIV2udwEzydWo
yWoHmYba47vI/R6GwNLykkaum3dYpYuZQtcRYHZO34/+asxcmhDydR03iYKOJWM6
EG1HyT2Wc9nzeXifzp21IdMFYe67IFz3E9/0YLExyInBA2ZCE1/ziQn/m2ZpSsBN
DFjp6Rg3U6FkcvJ9f/xz0ltG5rp5+NZAGfzc5rcRNZ3sZfF1DbyV9bCcppWngjmd
/7HYuzAWoveMmxcWU64ClFdUhkyMDyeBd3gRDq74GWXjHszZifFNxtEG2IKclqco
HmrP7OWdEpeaaSF1EmKZwSjwNlpWD7OAYykTYoRqtETF4hzj2jqniFuG+QEy7MsS
9oMnI2ojNVkfDISlWmeDDIXEnH5m/RHQqXqK9YQwSM/YDz1mGidQjjJm576+M10y
Ok9v/WswIuqwATtfKX8AWXci1YojwhY9iBegTDawphwRLtV11JRsY0C+iUD1xjJ3
Jywlx7d+HDZ0XX10NJS80FhJE9wzo12F93fntGlKsLDPzKhtiQfmulY4RFrr/LlU
INSG+VzHMYQmPAjTVDCc
=2IW+
-----END PGP SIGNATURE-----