Re: [TLS] Include Speck block cipher?

"Paterson, Kenny" <> Mon, 21 March 2016 17:07 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CB08212D8CB for <>; Mon, 21 Mar 2016 10:07:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.387
X-Spam-Status: No, score=-0.387 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, URIBL_RHS_DOB=1.514] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id iDa6dbNJgbm0 for <>; Mon, 21 Mar 2016 10:07:21 -0700 (PDT)
Received: from ( [IPv6:2a01:111:f400:fe04::670]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C0DC912D512 for <>; Mon, 21 Mar 2016 10:07:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1-rhul-ac-uk; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=vGIIFTaBtiALMWCQ2Fx3tUqML/aKBLOHYpfOlSutrGE=; b=YOEC4EaXycjGlJ6cO7chXgoKoFIKiHXY2VXiQtiOHCBii+3qn9kVXQPRiZCk/vRgijQb/ataEw+RnrvrPN4ao+6sdiYPUqHX0VOacjgyoRusBnBxvRQ/stQGwb1xiJvOpHqvSLZA6pFZgKQzzJYyttXm6inIkoG0Bzkr8aPhvwQ=
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.1.443.12; Mon, 21 Mar 2016 17:07:04 +0000
Received: from ([]) by ([]) with mapi id 15.01.0443.014; Mon, 21 Mar 2016 17:07:04 +0000
From: "Paterson, Kenny" <>
To: Sean Turner <>, Efthymios Iosifides <>
Thread-Topic: [TLS] Include Speck block cipher?
Thread-Index: AQHRgLV7oLH5mnkCaEOW6/o4gDVN2p9fe5EAgAR4/QCAAAWMgIAALLuA
Date: Mon, 21 Mar 2016 17:07:04 +0000
Message-ID: <>
References: <> <> <> <>
In-Reply-To: <>
Accept-Language: en-GB, en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
authentication-results:; dkim=none (message not signed) header.d=none;; dmarc=none action=none;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: []
x-ms-office365-filtering-correlation-id: 87e95964-cefc-4c5f-d8f9-08d351ab3a1e
x-microsoft-exchange-diagnostics: 1; VI1PR03MB1822; 5:74CHTtVZZzUcqahCJ8BU1yBztY8IUOpm+T+hJGYeIU43GDqqItvOi7ZWTUhzFMS6um5RquljcWUHqSKCGUwPHruIGC+Z8bcMHrpvEgIkHrI2FSqzYJFF0CWUfcJgeqa8mZ99zWedXqoidiJ1xmUIHQ==; 24:oxwqOMgONf5d8V4BJI2IW7rd7aF3JOTSidWRSLPJ+Ryz2qEDSyC0/z9hnETj61fb7Leg2UZQe9nMZQC43MXD2tbp3Lc+1JNnPJCqwe0uVaE=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:VI1PR03MB1822;
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001); SRVR:VI1PR03MB1822; BCL:0; PCL:0; RULEID:; SRVR:VI1PR03MB1822;
x-forefront-prvs: 0888B1D284
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(53754006)(377424004)(24454002)(5002640100001)(86362001)(66066001)(1096002)(93886004)(122556002)(1220700001)(54356999)(5001770100001)(19580405001)(106116001)(2900100001)(77096005)(19580395003)(10400500002)(81166005)(5004730100002)(6116002)(102836003)(3846002)(586003)(74482002)(15975445007)(4001350100001)(83506001)(2950100001)(92566002)(50986999)(5008740100001)(189998001)(4326007)(36756003)(2906002)(3660700001)(11100500001)(76176999)(3280700002)(87936001); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR03MB1822;; FPR:; SPF:None; MLV:sfv; LANG:en;
Content-Type: text/plain; charset="utf-8"
Content-ID: <>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Mar 2016 17:07:04.4635 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2efd699a-1922-4e69-b601-108008d28a2e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR03MB1822
Archived-At: <>
Cc: "<>" <>
Subject: Re: [TLS] Include Speck block cipher?
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 21 Mar 2016 17:07:28 -0000


I think Rich Salz already said exactly what CFRG would say:

> If someone wants to see SPECK adopted by IETF protocols, the first thing
>that will have to happen is papers analyzing it.

There's some analysis already, but not that much.



On 21/03/2016 14:27, "TLS on behalf of Sean Turner" <
on behalf of> wrote:

>If we’re going to get into the cryptanalysis of SPECK then this thread
>should move off the TLS list and possibly to the CFRG list.
>> On Mar 21, 2016, at 10:07, Efthymios Iosifides <>
>> >I don't see any compelling argument for the inclusion of SPECK? Not
>>only would the affiliation with NSA give the >TLS-WG a bad rep. in the
>>public, more importantly, it makes one of our main problems worse:
>>combinatorial explosion >of possible cipher-suites in TLS. This problem
>>is so bad that it needs multiple blog posts, an effort by Mozilla and
>>> to get sys-admins to configure their services.
>> Hi all.
>> The reputation aspect is not necessarily and strictly correlated with
>>it's provenance, but with it's actual security and performance. And the
>>SPECK we shall note that performs quite well. Also we shall not forget
>>that even the infamous AES has been approved by the NSA before the
>>widespread use of it. In any case i wouldn't like for us to stand on the
>>popular press. On the other hand we shall evaluate if the SPECK could be
>>actually used. For example, the fact that it lacks extensive
>>cryptanalysis is a serious argument for not using it today, but what
>>about the future specifications. On top to that what if we could prove
>>that the SPECK can have better performance than other algos without
>>sacrificing the security.
>> BRs,
>> Efthimios Iosifides
>> 2016-03-18 19:49 GMT+02:00 Aaron Zauner <>rg>:
>> Hi,
>> > On 17 Mar 2016, at 07:35, Efthymios Iosifides <>
>> >
>> > Hello all.
>> >
>> > I have just found on the ietf archives an email discussion about the
>>inclusion of the SPECK Cipher
>> > in the tls standards.
>> > It's reference is below
>> >
>> > Even though that this cipher originates from the NSA one cannot find
>>a whitepaper that describes it's full cryptanalysis. In the above
>>discussion Mr. Strömbergson somehow perfunctorily presents two
>>whitepapers that describe the SPECK's cryptanalysis. Although we shall
>>keep in mind that these papers describe a limited round cryptanalysis.
>>Also we shall not forget that a similar cryptanalysis has taken place
>>for the famous AES. Therefore i personally do not see any actual
>>arguments apart from the facts that concerns the algorithm's  provenance
>>for not including it in a future tls specification. In conclusion even
>>by this day the SPECK cipher has not been yet fully cryptanalyzed
>> I don't see any compelling argument for the inclusion of SPECK? Not
>>only would the affiliation with NSA give the TLS-WG a bad rep. in the
>>public, more importantly, it makes one of our main problems worse:
>>combinatorial explosion of possible cipher-suites in TLS. This problem
>>is so bad that it needs multiple blog posts, an effort by Mozilla and
>> to get sys-admins to configure their services.
>> Aaron
>> _______________________________________________
>> TLS mailing list
>TLS mailing list