[cryptography] [tor-dev] Even more notes on relay-crypto constructions
eugen at leitl.org
Fri Oct 12 05:12:17 EDT 2012
----- Forwarded message from unknown <unknown at pgpru.com> -----
From: unknown <unknown at pgpru.com>
Date: Thu, 11 Oct 2012 19:17:22 +0000
To: tor-dev at lists.torproject.org
Subject: Re: [tor-dev] Even more notes on relay-crypto constructions
Reply-To: tor-dev at lists.torproject.org
On Tue, 9 Oct 2012 00:28:38 -0400
Nick Mathewson <nickm at torproject.org> wrote:
> So to be concrete, let me suggest a few modes of operation. I believe
> I'm competent to implement these:
I think (IMHO) Keccak makes many (most?) symmetric encryption modes
obsolete in the near future.
Now Keccak-Hash is SHA-3 winner. It is not only a hash.
Keccak is universal and can be used to authenticated stream encryption
with one pass with input any amount of pads and output any amount
of additional MACs from one-pass operation (so called duplexing mode).
"Duplexing the sponge: single-pass authenticated encryption and
Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van
In this year Keccak will recieve only a hash status officialy. Later we
can see many other modes of using Keccak as universal
RO-indistinguishable PRF with good
security proofs and tons of analysis published already.
Some parts of protocols can be done more simply with Keccak: new padding
modes for RSA instead of OAEP is one example.
In a sponge function, the input is like a white page: It does not
impose any speciﬁc structure to it. Additional optional inputs (e.g.,
key, nonce, personalization data) can be appended or prepended to the
input message according to a well-deﬁned convention, possibly under the
hood of diversiﬁcation as proposed in [6, Section “Domain separation”].
K supports all the possible applications of sponge functions and duplex
objects described in [6, Chapters “Sponge applications” and “Duplex
applications”]. These include hash function, randomized hash function,
hash function instance diﬀerentiation, slow one-way function, parallel
and tree hashing, mask generating function, key derivation function,
deterministic random bit generator, reseedable pseudo random bit
sequence generator, message authentication code (MAC) function,
stream cipher, random-access stream cipher and authenticated encryption.
"The Keccak SHA-3 submission"
Guido Bertoni, Joan Daemen, Michael Peeters, Gilles Van Asshe
Keccak is hardware fast and can be realased in GPU at first.
"Keccak Tree hashing on GPU, using Nvidia Cuda API"
If NIST adopt many uses Keccak as standards then
the most of cryptoinfrastructure migrate to it. Keccak in the
future is more then AES today and makes many uses of AES
(and any other blockciphers) unnecessary
(excluding PRP-modes for disk encryption, but
PRF-PRP transformation modes is potentially possible too).
tor-dev mailing list
tor-dev at lists.torproject.org
----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cryptography