[cryptography] State of the art in block ciphers?
darkstar at city-net.com
Thu Dec 5 03:13:52 EST 2013
On 2013-12-03 Joachim at Strombergson.com wrote:
>I would assume that since the end of the AES competition and NIST
>standardizing the algorithm we would have learned a lot of how to
>construct, good, really fast block ciphers. eSTREAM and SHA-3
>competitions shows that we today can develop algorithms that are really
>fast and can provide protection against attacks we (imho) didn't know as
>much about when AES was designed.
I recently looked into this and Threefish seems to be the only block
cipher I could find that provides major advantages over AES. The large
block sizes and tweak parameter make it a good fit for disk encryption.
I don't know how the performace compares to hardware AES. I haven't so
far come across any good reason to start using any block cipher other than
AES or Threefish (unless special circumstances are involved).
OTOH, for TLS ChaCha seems to me like the best choice at this point.
>Things like ARX-constructions, HAIFA and sponges that move away from
>Feistel like constructions.
I don't think sponges help make block ciphers, although monkeyDuplex is
neat for AEAD (reduced inner rounds for better software performance). I
don't think it is a good choice now for TLS (not much analysis yet), but
maybe in a few years. My guess is something Keccak based will come out of
CAESAR (by 2018, according to current timeline).
More information about the cryptography