Re: [TLS] Include Speck block cipher?

Aaron Zauner <> Fri, 18 March 2016 17:49 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E6CCF12D627 for <>; Fri, 18 Mar 2016 10:49:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 91Tyv24RZzIZ for <>; Fri, 18 Mar 2016 10:49:23 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:400c:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9307112D61B for <>; Fri, 18 Mar 2016 10:49:23 -0700 (PDT)
Received: by with SMTP id l68so47613032wml.1 for <>; Fri, 18 Mar 2016 10:49:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gmail; h=subject:mime-version:from:in-reply-to:date:cc:message-id:references :to; bh=cPgCYEJhhPQSVyI4YIwRTZxjardEj+hxaMIQhL3dxbI=; b=QQzRAz7R994BbmdGfdJFHw6dOKFG3Zedsxx5TDHeiXgIpmg2XAmPuk1RIOQ9yR2Vjo mvurnlFsxb055ON0FJR6vZrO0SBZHmECyqhG/gF/BQNF1E5Xiet7hdhhlPKXGY04s9BS zmor3LanI9mPz2nmGlD8AFIICrhGct9OnMNj0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:subject:mime-version:from:in-reply-to:date:cc :message-id:references:to; bh=cPgCYEJhhPQSVyI4YIwRTZxjardEj+hxaMIQhL3dxbI=; b=Pd7rdmmSwzWJWibOhJkuy760Rua8yB8EaoUZBWz/pduoxdU0nX1+Jb9WACXYnKJziL GktvHVbhGqXaXPawZ6of0VdzbXhJGlnJnPeQyY2tLCjOq4NG7IsebWJJ47s/4DNFFtP5 E2/ph6DnBEa417SchbFSqjIlUzi8WM4rVO1wbA+Pwrx6L6g4g07dTouEkjep+RVwtF9T sPdospunK9SXfE5WmFyCMdkf94lZwTTcqyIWKVvmqCwBU0qGtlPELwpXyOVR9Qg8ZSdN s7N8nGoGOF0ZefenGVS3b1zPYG3gRlhwBEKSYeSchZFaaX7gTPKyH9sEjLBNmsZ20TY3 JlNw==
X-Gm-Message-State: AD7BkJLK7/f/tiUVJMvij+IyRM3HvnTG2x5N8lYNlkKGly/U5Ppa20hJEzok0d9+fAP4IA==
X-Received: by with SMTP id o6mr18781276wjx.57.1458323362008; Fri, 18 Mar 2016 10:49:22 -0700 (PDT)
Received: from [] ( []) by with ESMTPSA id w10sm450767wmw.1.2016. (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 18 Mar 2016 10:49:20 -0700 (PDT)
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
Content-Type: multipart/signed; boundary="Apple-Mail=_C219A4B7-445F-4911-BF11-D69CF74019EC"; protocol="application/pgp-signature"; micalg=pgp-sha512
X-Pgp-Agent: GPGMail 2.6b2
From: Aaron Zauner <>
In-Reply-To: <>
Date: Fri, 18 Mar 2016 18:49:18 +0100
Message-Id: <>
References: <>
To: Efthymios Iosifides <>
X-Mailer: Apple Mail (2.3112)
Archived-At: <>
Subject: Re: [TLS] Include Speck block cipher?
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 18 Mar 2016 17:49:26 -0000


> On 17 Mar 2016, at 07:35, Efthymios Iosifides <> wrote:
> Hello all.
> I have just found on the ietf archives an email discussion about the inclusion of the SPECK Cipher
> in the tls standards.
> It's reference is below :
> Even though that this cipher originates from the NSA one cannot find a whitepaper that describes it's full cryptanalysis. In the above discussion Mr. Strömbergson somehow perfunctorily presents two whitepapers that describe the SPECK's cryptanalysis. Although we shall keep in mind that these papers describe a limited round cryptanalysis. Also we shall not forget that a similar cryptanalysis has taken place for the famous AES. Therefore i personally do not see any actual arguments apart from the facts that concerns the algorithm's  provenance for not including it in a future tls specification. In conclusion even by this day the SPECK cipher has not been yet fully cryptanalyzed succesfully.

I don't see any compelling argument for the inclusion of SPECK? Not only would the affiliation with NSA give the TLS-WG a bad rep. in the public, more importantly, it makes one of our main problems worse: combinatorial explosion of possible cipher-suites in TLS. This problem is so bad that it needs multiple blog posts, an effort by Mozilla and to get sys-admins to configure their services.