[TLS] chacha to replace RC4 (was: Salsa vs. ChaCha)

Nikos Mavrogiannopoulos <nmav@redhat.com> Fri, 06 December 2013 12:20 UTC

Return-Path: <nmav@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id C51E71AE387 for <tls@ietfa.amsl.com>; Fri, 6 Dec 2013 04:20:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.903
X-Spam-Status: No, score=-6.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id dh9jEepXKT5u for <tls@ietfa.amsl.com>; Fri, 6 Dec 2013 04:20:02 -0800 (PST)
Received: from mx1.redhat.com (mx1.redhat.com []) by ietfa.amsl.com (Postfix) with ESMTP id 88A551AE35C for <tls@ietf.org>; Fri, 6 Dec 2013 04:20:02 -0800 (PST)
Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com []) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rB6CJpnJ028012 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 6 Dec 2013 07:19:51 -0500
Received: from [] (dhcp-2-127.brq.redhat.com []) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id rB6CJmWm010624 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 6 Dec 2013 07:19:50 -0500
Message-ID: <1386332388.3430.22.camel@dhcp-2-127.brq.redhat.com>
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: Samuel Neves <sneves@dei.uc.pt>
Date: Fri, 06 Dec 2013 13:19:48 +0100
In-Reply-To: <5296C6D7.2040509@dei.uc.pt>
References: <CAM_a8JzY8VGq+N-5YbDk_3EdXkKJzof1BtUTVY8pJev2HZ9U6g@mail.gmail.com> <1384850165.2542.13.camel@dhcp-2-127.brq.redhat.com> <5296C6D7.2040509@dei.uc.pt>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.67 on
Cc: tls@ietf.org
Subject: [TLS] chacha to replace RC4 (was: Salsa vs. ChaCha)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Dec 2013 12:20:05 -0000

On Thu, 2013-11-28 at 04:30 +0000, Samuel Neves wrote:
>  - Zooko has mentioned BLAKE and its success against cryptanalysis, but
> as noted this does not translate to a useful security reduction. It is
> worth pointing out, however, that cryptographers chose to base the core
> of their algorithm in the ChaCha quarter-round rather than the Salsa
> quarter-round. This suggests equal or more confidence in ChaCha (see
> also [4]).

To speed things up, we have submitted an alternative draft that replaces
RC4 with Chacha [0] instead of Salsa20. This draft is based on the 20
round variant of chacha.

We believe there are merits in selecting a winner of cryptographic
competition, but given your comments and that Chacha was the
recommendation of the CFRG there is no need to delay things if Chacha vs
Salsa20 is only issue to replace RC4.

[0]. http://www.ietf.org/id/draft-mavrogiannopoulos-chacha-tls-00.txt