[cryptography] State of the art in block ciphers?

Joachim Strömbergson Joachim at Strombergson.com
Tue Dec 3 05:13:46 EST 2013

Hash: SHA1


(Added the list as recipient since I assume not replying to list was a
mistake - if not I apologize to SandyH.)

Sandy Harris wrote:
> Joachim Strömbergson <Joachim at strombergson.com> wrote:
>> The question is then - what is state of the art in block cipher
>> design? What would be the candidates to complement AES in SSL/TLS?
> The other finalist from the AES competition -- Twofish, MARS, RC6 and
> Serpent would be obvious possibilities. All except RC6 have open
> licenses, I think.
> Various conutries also have newer standards for ciphers that can 
> replace AES. Camellia in Japan, Aria in Korea, mybe others?

So, the state of the art 2013 for block ciphers are the other AES
finalists and some older national ciphers such as Camellia, SEED? Is
that really the case?

I'm not saying they aren't interesting or good - but wonder if there
really hasn't been any progress. The good thing with older algorithms is
that they have been around and hopefully been tested more. Some of them
such as Camellia has been through evaluations such as CRYPTREC. And both
Canellia and SEED are in OpenSSL and/or has been accepted as ciphers in
SSL/TLS. But are they used - outside their national relation?

Camellia is not as fast as AES, and like AES contain S-boxes which I
assume would today be harder to motivate to use due to possible side
channel effects. SEED is probably slower for similar length key than AES
too. And has S-boxes.

I would assume that since the end of the AES competition and NIST
standardizing the algorithm we would have learned a lot of how to
construct, good, really fast block ciphers. eSTREAM and SHA-3
competitions shows that we today can develop algorithms that are really
fast and can provide protection against attacks we (imho) didn't know as
much about when AES was designed.

Things like ARX-constructions, HAIFA and sponges that move away from
Feistel like constructions.

For something to successfully complement AES as block cipher in SSL/TLS
I believe it needs to provide at least the same performance (able to
utilize things like AES-NI on modern CPUs), protect against side channel
attacks and be a pretty good drop in substitute. (Possibly working on
larger block size though...)

Flame on!

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


More information about the cryptography mailing list