Re: [TLS] chacha/poly state?
Adam Langley <agl@imperialviolet.org> Mon, 28 April 2014 17:42 UTC
Return-Path: <alangley@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9987C1A6F17 for <tls@ietfa.amsl.com>; Mon, 28 Apr 2014 10:42:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wl9ynZhoeYc4 for <tls@ietfa.amsl.com>; Mon, 28 Apr 2014 10:42:03 -0700 (PDT)
Received: from mail-la0-x22b.google.com (mail-la0-x22b.google.com [IPv6:2a00:1450:4010:c03::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 348871A6F93 for <tls@ietf.org>; Mon, 28 Apr 2014 10:42:03 -0700 (PDT)
Received: by mail-la0-f43.google.com with SMTP id c6so5392883lan.30 for <tls@ietf.org>; Mon, 28 Apr 2014 10:42:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=vwEOWkVtqP4YLOrU29UQ5VYgUW/TGE++sg+Cni2lxaE=; b=xivdVXqJ5aUpbknqXxqD70C0YvdGASPidrTn1P/kxkl6Xehh1uFBJgjC4mXAsQhzTS CuJF378F+66CnxrmTtds5zCN4ES5xT48aJPS0xTSec/dPGDnnsSXEhiar/re/SWHp4Tz x0U38ie/p5HaSBXxxxqBoB686qXhveGFZwmcQ+o0e19yIBs52JqaBt4mVX8/ZUiUYH5Q MuP2yY7WdxWuhDidbkZjmf3PLZQY6DFcnmsobFaPQ4FI/1r01PIh5GtbsOWYDXK6sx2r qvyYa6Mii+Ss+0D6OuhC0ViffnCQh/gEuGKfadvUJm5CIyO2NbIxgVTCaa5alEqKHXra iz2A==
MIME-Version: 1.0
X-Received: by 10.152.18.170 with SMTP id x10mr1607441lad.55.1398706921683; Mon, 28 Apr 2014 10:42:01 -0700 (PDT)
Sender: alangley@gmail.com
Received: by 10.112.35.131 with HTTP; Mon, 28 Apr 2014 10:42:01 -0700 (PDT)
In-Reply-To: <CACsn0cn+NoHJs62zXt+Yh8pkVs4wO=BPmgAfwjMPP2EAstmWUA@mail.gmail.com>
References: <2A0EFB9C05D0164E98F19BB0AF3708C7120C35E915@USMBX1.msg.corp.akamai.com> <1398669797.2453.6.camel@dhcp-2-127.brq.redhat.com> <EF841B12-F76E-4D65-AF9C-EF9311C4789A@gmail.com> <CACsn0cn+NoHJs62zXt+Yh8pkVs4wO=BPmgAfwjMPP2EAstmWUA@mail.gmail.com>
Date: Mon, 28 Apr 2014 10:42:01 -0700
X-Google-Sender-Auth: W4WZBGZJiBz3bUwSUvF9ARqAsFk
Message-ID: <CAMfhd9UCMN=thasTeVA1F41dGsPYhOxLJekNwmNd-eE1y+AzUg@mail.gmail.com>
From: Adam Langley <agl@imperialviolet.org>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/kLhAxQbqeXk9KqiWj36n-hfFbRE
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] chacha/poly state?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Apr 2014 17:42:04 -0000
On Mon, Apr 28, 2014 at 8:04 AM, Watson Ladd <watsonbladd@gmail.com> wrote: > So the changes were relabeling some words as counter and others as > nonce, in a different way from ChaCha? I think if you can tell that > from a PRF, you can tell the original ChaCha from a PRF, because we > have an injection into the original input state. The whole AEAD construction is a "change" from the way that DJB does it in NaCl and so probably need review. I spoke to DJB about it at CRYPTO 2013, but that's hardly an endorsement. Having said that, I think this does need to be pushed forward. Perhaps the best path is as an individual submission. I'll try and add the test vectors and then see whether that's possible. Cheers AGL -- Adam Langley agl@imperialviolet.org https://www.imperialviolet.org
- [TLS] chacha/poly state? Salz, Rich
- Re: [TLS] chacha/poly state? Nikos Mavrogiannopoulos
- Re: [TLS] chacha/poly state? Yoav Nir
- Re: [TLS] chacha/poly state? Watson Ladd
- Re: [TLS] chacha/poly state? Adam Langley
- Re: [TLS] chacha/poly state? Yoav Nir