Re: [TLS] Include Speck block cipher?
Joachim Strömbergson <joachim@secworks.se> Tue, 22 March 2016 09:14 UTC
Return-Path: <joachim@secworks.se>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8F6A12D66E for <tls@ietfa.amsl.com>; Tue, 22 Mar 2016 02:14:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QczmpeNSI4cZ for <tls@ietfa.amsl.com>; Tue, 22 Mar 2016 02:14:44 -0700 (PDT)
Received: from mail.frobbit.se (mail.frobbit.se [85.30.129.185]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47A6D12D65A for <tls@ietf.org>; Tue, 22 Mar 2016 02:14:44 -0700 (PDT)
Received: from Knubbis.local (unknown [80.252.219.34]) by mail.frobbit.se (Postfix) with ESMTPSA id 437E51FE02; Tue, 22 Mar 2016 10:14:41 +0100 (CET)
Message-ID: <56F10CFF.8020603@secworks.se>
Date: Tue, 22 Mar 2016 10:14:39 +0100
From: Joachim Strömbergson <joachim@secworks.se>
User-Agent: Postbox 4.0.8 (Macintosh/20151105)
MIME-Version: 1.0
To: Efthymios Iosifides <iosifidise@gmail.com>
References: <CADBJ=uRVC_2ttFXcdgTRamQkrL=EL3hJ7z1xmTGcW_dX01FhZw@mail.gmail.com> <690C4271-64DE-4F61-8283-C5BE7A575BFC@azet.org> <CADBJ=uR0=Kj-68yojXYyqfKJoEncOXV1c-ia3=Az7s_7WqyWYQ@mail.gmail.com>
In-Reply-To: <CADBJ=uR0=Kj-68yojXYyqfKJoEncOXV1c-ia3=Az7s_7WqyWYQ@mail.gmail.com>
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/HG75eb8puLAHdYb5M4KabUQRQrQ>
Cc: klimn@di.uoa.gr, tls@ietf.org
Subject: Re: [TLS] Include Speck block cipher?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2016 09:14:47 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Aloha! Efthymios Iosifides wrote: > The reputation aspect is not necessarily and strictly correlated > with it's provenance, but with it's actual security and performance. > And the SPECK we shall note that performs quite well. Also we shall > not forget that even the infamous AES has been approved by the NSA > before the widespread use of it. In any case i wouldn't like for us > to stand on the popular press. On the other hand we shall evaluate if > the SPECK could be actually used. For example, the fact that it lacks > extensive cryptanalysis is a serious argument for not using it today, > but what about the future specifications. Hold on here. There is imho a fairly big difference of how AES came about with an open competition compared to how Simon and Speck has been developed. Yes, NSA was an important part in the selection of Rijndael as AES. But that is not the same thing as they actually designed it. Right? Also, there has been tens of ciphers proposed the last few years aiming for the ultralight space. Some of them are as complex in terms of code and data requirements as Speck and sports about the same performance. See for example: https://eprint.iacr.org/2013/295.pdf http://www.ijsce.org/attachments/File/v3i5/E1933113513.pdf Most of these are Feistel based and some of them uses S-boxes. But there are really quite a few alternatives. And besides, as is shown in those links AES can be implemented to not hog resources. The internal operations operates on Bytes. The big issue is the S-box and the extra space needed if you need to expand the key (which is only really needed if you need to decrypt. If you use a good cipher mode, it i not needed.) > On top to that what if we could prove that the SPECK can have better > performance than other algos without sacrificing the security. Start by proving that. Based on what is published I think it will be hard to show significant gains with Speck compared to other ciphers. The two papers published so far on the cryptanalysis does not give me a good warm feeling for long term security of Speck. And the last point is really the thing, right? We are talking about a cipher for embedded stuff, Internet of Things devices. These things are deployed and will be doing their chores for 20-30+ years without much love and maintenance. The communication are typically low bandwidth and with good delay resilience. So what is needed is something cheap (compact in terms of resources) and good, well proven security. I don't see Speck shining much brighter than others in this respect, on the contrary in fact. If you look at what MCUs are used for IoT today and moving forward it is quite probably an ARM based device (Cortex M0, M0+ for example). AES can be implemented very compact and give good performance on this architecture. And even better, for well under 1 USD you can get an ARM based MCU with AES in HW. I fail to see why anyone would be interested in Speck and would never recommend anyone to use it. But hey, write a draft and try to get an informational RFC for it if it scratches your itch. There are several other RFCs describing ciphers not being used very much. - -- Med vänlig hälsning, Yours Joachim Strömbergson - Alltid i harmonisk svängning. ======================================================================== Joachim Strömbergson Secworks AB joachim@secworks.se ======================================================================== -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJW8Qz+AAoJEF3cfFQkIuyN2eoQAK85EwmpLc2iqAMkA/I2ogB+ DsCvYl7ZxwpBgWzTfHSeVwccclC0FwcGvPIvCegAU5Barv58Mc5L+7mLnJ1hn8LR qTfQYz9yXyipn/6L0PDca2gpoSi/QqbJtlBRWfNYdmaqb1K8X5A8qgljtJMHNDEP eSHgmLFKLVpJFQbp2aGlqSwysEwaseTvLWfbWLBeA6itBivwxm2LtN1GT9ZTHlD9 /NfZockKF3bLOYaachtS84tIA8CKUhmRvf2/5e1MVDEZ53JivoSNZuNAjeMAlCED NMG6IfsKrEWisQaBliUaE3OzGxh2y1AGpw72/Fx2MmduaroR4nhiYWnMfvk2PRue ALEx0qFmBqverSTK78NzseGQBGu+iER7mQl2wK7d+1NDoNTNiijqB4aYNZeGwRc9 IeeVIKo/qTbZBH5qoI5nQRKsCdvsN36Sw7kSy1oCw5NMBMQBnk9vOZeAna7TUMas jnAF1ReH3dc2XeKJ9GdomZk60eHambIQBrPVlkziXcfECQo9CtXHK/OvYtGDHCmr Owb5ftgqojWKZdp+IA0hHWQe01x1nwrwE95G2VtWfN+ZqpSTcE21GBDRRL6TcogQ gfRMfcSMrggSE3BH/i+Bmaloee9vvo13t1SS7YpxJjjMZgCtngaWbtgS8xlcf0TQ ioZfyFBxQMckohswjyWp =s6MB -----END PGP SIGNATURE-----
- [TLS] Include Speck block cipher? Ryan Carboni
- Re: [TLS] Include Speck block cipher? Salz, Rich
- Re: [TLS] Include Speck block cipher? Hanno Böck
- Re: [TLS] Include Speck block cipher? Joachim Strömbergson
- Re: [TLS] Include Speck block cipher? Salz, Rich
- [TLS] Include Speck block cipher? Efthymios Iosifides
- Re: [TLS] Include Speck block cipher? Mike Hamburg
- Re: [TLS] Include Speck block cipher? Tony Arcieri
- Re: [TLS] Include Speck block cipher? Martin Thomson
- Re: [TLS] Include Speck block cipher? Eric Rescorla
- Re: [TLS] Include Speck block cipher? Tom Ritter
- Re: [TLS] Include Speck block cipher? Aaron Zauner
- Re: [TLS] Include Speck block cipher? Joachim Strömbergson
- Re: [TLS] Include Speck block cipher? Efthymios Iosifides
- Re: [TLS] Include Speck block cipher? Salz, Rich
- Re: [TLS] Include Speck block cipher? Sean Turner
- Re: [TLS] Include Speck block cipher? Paterson, Kenny
- Re: [TLS] Include Speck block cipher? Joachim Strömbergson