Re: [TLS] Include Speck block cipher?

"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Mon, 21 March 2016 17:07 UTC

Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB08212D8CB for <tls@ietfa.amsl.com>; Mon, 21 Mar 2016 10:07:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.387
X-Spam-Level:
X-Spam-Status: No, score=-0.387 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, URIBL_RHS_DOB=1.514] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=rhul.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iDa6dbNJgbm0 for <tls@ietfa.amsl.com>; Mon, 21 Mar 2016 10:07:21 -0700 (PDT)
Received: from emea01-db3-obe.outbound.protection.outlook.com (mail-db3on0670.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe04::670]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0DC912D512 for <tls@ietf.org>; Mon, 21 Mar 2016 10:07:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rhul.onmicrosoft.com; s=selector1-rhul-ac-uk; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=vGIIFTaBtiALMWCQ2Fx3tUqML/aKBLOHYpfOlSutrGE=; b=YOEC4EaXycjGlJ6cO7chXgoKoFIKiHXY2VXiQtiOHCBii+3qn9kVXQPRiZCk/vRgijQb/ataEw+RnrvrPN4ao+6sdiYPUqHX0VOacjgyoRusBnBxvRQ/stQGwb1xiJvOpHqvSLZA6pFZgKQzzJYyttXm6inIkoG0Bzkr8aPhvwQ=
Received: from VI1PR03MB1822.eurprd03.prod.outlook.com (10.166.42.148) by VI1PR03MB1822.eurprd03.prod.outlook.com (10.166.42.148) with Microsoft SMTP Server (TLS) id 15.1.443.12; Mon, 21 Mar 2016 17:07:04 +0000
Received: from VI1PR03MB1822.eurprd03.prod.outlook.com ([10.166.42.148]) by VI1PR03MB1822.eurprd03.prod.outlook.com ([10.166.42.148]) with mapi id 15.01.0443.014; Mon, 21 Mar 2016 17:07:04 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: Sean Turner <sean@sn3rd.com>, Efthymios Iosifides <iosifidise@gmail.com>
Thread-Topic: [TLS] Include Speck block cipher?
Thread-Index: AQHRgLV7oLH5mnkCaEOW6/o4gDVN2p9fe5EAgAR4/QCAAAWMgIAALLuA
Date: Mon, 21 Mar 2016 17:07:04 +0000
Message-ID: <D315DA35.67815%kenny.paterson@rhul.ac.uk>
References: <CADBJ=uRVC_2ttFXcdgTRamQkrL=EL3hJ7z1xmTGcW_dX01FhZw@mail.gmail.com> <690C4271-64DE-4F61-8283-C5BE7A575BFC@azet.org> <CADBJ=uR0=Kj-68yojXYyqfKJoEncOXV1c-ia3=Az7s_7WqyWYQ@mail.gmail.com> <BB6F58B0-4EA9-40B4-B7BB-BE57C3E0D40E@sn3rd.com>
In-Reply-To: <BB6F58B0-4EA9-40B4-B7BB-BE57C3E0D40E@sn3rd.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.1.160122
authentication-results: sn3rd.com; dkim=none (message not signed) header.d=none;sn3rd.com; dmarc=none action=none header.from=rhul.ac.uk;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [80.254.78.161]
x-ms-office365-filtering-correlation-id: 87e95964-cefc-4c5f-d8f9-08d351ab3a1e
x-microsoft-exchange-diagnostics: 1; VI1PR03MB1822; 5:74CHTtVZZzUcqahCJ8BU1yBztY8IUOpm+T+hJGYeIU43GDqqItvOi7ZWTUhzFMS6um5RquljcWUHqSKCGUwPHruIGC+Z8bcMHrpvEgIkHrI2FSqzYJFF0CWUfcJgeqa8mZ99zWedXqoidiJ1xmUIHQ==; 24:oxwqOMgONf5d8V4BJI2IW7rd7aF3JOTSidWRSLPJ+Ryz2qEDSyC0/z9hnETj61fb7Leg2UZQe9nMZQC43MXD2tbp3Lc+1JNnPJCqwe0uVaE=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:VI1PR03MB1822;
x-microsoft-antispam-prvs: <VI1PR03MB18229E7ED8ADDC87AF1D0AF0BC8F0@VI1PR03MB1822.eurprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001); SRVR:VI1PR03MB1822; BCL:0; PCL:0; RULEID:; SRVR:VI1PR03MB1822;
x-forefront-prvs: 0888B1D284
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(53754006)(377424004)(24454002)(5002640100001)(86362001)(66066001)(1096002)(93886004)(122556002)(1220700001)(54356999)(5001770100001)(19580405001)(106116001)(2900100001)(77096005)(19580395003)(10400500002)(81166005)(5004730100002)(6116002)(102836003)(3846002)(586003)(74482002)(15975445007)(4001350100001)(83506001)(2950100001)(92566002)(50986999)(5008740100001)(189998001)(4326007)(36756003)(2906002)(3660700001)(11100500001)(76176999)(3280700002)(87936001); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR03MB1822; H:VI1PR03MB1822.eurprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: text/plain; charset="utf-8"
Content-ID: <D6CD976D82A83F4CA21ADAFC57B5DBED@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: rhul.ac.uk
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Mar 2016 17:07:04.4635 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2efd699a-1922-4e69-b601-108008d28a2e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR03MB1822
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/OqxtEIbcib6H98queVdCXkdiWf8>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Subject: Re: [TLS] Include Speck block cipher?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2016 17:07:28 -0000

Hi

I think Rich Salz already said exactly what CFRG would say:

> If someone wants to see SPECK adopted by IETF protocols, the first thing
>that will have to happen is papers analyzing it.

There's some analysis already, but not that much.

Regards,

Kenny 




On 21/03/2016 14:27, "TLS on behalf of Sean Turner" <tls-bounces@ietf.org
on behalf of sean@sn3rd.com> wrote:

>If we’re going to get into the cryptanalysis of SPECK then this thread
>should move off the TLS list and possibly to the CFRG list.
>
>spt
>
>> On Mar 21, 2016, at 10:07, Efthymios Iosifides <iosifidise@gmail.com>
>>wrote:
>> 
>> >I don't see any compelling argument for the inclusion of SPECK? Not
>>only would the affiliation with NSA give the >TLS-WG a bad rep. in the
>>public, more importantly, it makes one of our main problems worse:
>>combinatorial explosion >of possible cipher-suites in TLS. This problem
>>is so bad that it needs multiple blog posts, an effort by Mozilla and
>>>bettercrypto.org to get sys-admins to configure their services.
>> 
>> 
>> Hi all.
>> 
>> The reputation aspect is not necessarily and strictly correlated with
>>it's provenance, but with it's actual security and performance. And the
>>SPECK we shall note that performs quite well. Also we shall not forget
>>that even the infamous AES has been approved by the NSA before the
>>widespread use of it. In any case i wouldn't like for us to stand on the
>>popular press. On the other hand we shall evaluate if the SPECK could be
>>actually used. For example, the fact that it lacks extensive
>>cryptanalysis is a serious argument for not using it today, but what
>>about the future specifications. On top to that what if we could prove
>>that the SPECK can have better performance than other algos without
>>sacrificing the security.
>> 
>> 
>> BRs,
>> Efthimios Iosifides
>> 
>> 2016-03-18 19:49 GMT+02:00 Aaron Zauner <azet@azet.org>:
>> Hi,
>> 
>> > On 17 Mar 2016, at 07:35, Efthymios Iosifides <iosifidise@gmail.com>
>>wrote:
>> >
>> > Hello all.
>> >
>> > I have just found on the ietf archives an email discussion about the
>>inclusion of the SPECK Cipher
>> > in the tls standards.
>> > It's reference is below
>>:https://www.ietf.org/mail-archive/web/tls/current/msg13824.html
>> >
>> > Even though that this cipher originates from the NSA one cannot find
>>a whitepaper that describes it's full cryptanalysis. In the above
>>discussion Mr. Strömbergson somehow perfunctorily presents two
>>whitepapers that describe the SPECK's cryptanalysis. Although we shall
>>keep in mind that these papers describe a limited round cryptanalysis.
>>Also we shall not forget that a similar cryptanalysis has taken place
>>for the famous AES. Therefore i personally do not see any actual
>>arguments apart from the facts that concerns the algorithm's  provenance
>>for not including it in a future tls specification. In conclusion even
>>by this day the SPECK cipher has not been yet fully cryptanalyzed
>>succesfully.
>> 
>> I don't see any compelling argument for the inclusion of SPECK? Not
>>only would the affiliation with NSA give the TLS-WG a bad rep. in the
>>public, more importantly, it makes one of our main problems worse:
>>combinatorial explosion of possible cipher-suites in TLS. This problem
>>is so bad that it needs multiple blog posts, an effort by Mozilla and
>>bettercrypto.org to get sys-admins to configure their services.
>> 
>> Aaron
>> 
>> _______________________________________________
>> TLS mailing list
>> TLS@ietf.org
>> https://www.ietf.org/mailman/listinfo/tls
>
>_______________________________________________
>TLS mailing list
>TLS@ietf.org
>https://www.ietf.org/mailman/listinfo/tls