[cryptography] State of the art in block ciphers?

Matthew Orgass darkstar at city-net.com
Thu Dec 5 03:13:52 EST 2013

On 2013-12-03 Joachim at Strombergson.com wrote:

>I would assume that since the end of the AES competition and NIST
>standardizing the algorithm we would have learned a lot of how to
>construct, good, really fast block ciphers. eSTREAM and SHA-3
>competitions shows that we today can develop algorithms that are really
>fast and can provide protection against attacks we (imho) didn't know as
>much about when AES was designed.

   I recently looked into this and Threefish seems to be the only block 
cipher I could find that provides major advantages over AES.  The large 
block sizes and tweak parameter make it a good fit for disk encryption. 
I don't know how the performace compares to hardware AES.  I haven't so 
far come across any good reason to start using any block cipher other than 
AES or Threefish (unless special circumstances are involved).

   OTOH, for TLS ChaCha seems to me like the best choice at this point.

>Things like ARX-constructions, HAIFA and sponges that move away from
>Feistel like constructions.

   I don't think sponges help make block ciphers, although monkeyDuplex is 
neat for AEAD (reduced inner rounds for better software performance).  I 
don't think it is a good choice now for TLS (not much analysis yet), but 
maybe in a few years.  My guess is something Keccak based will come out of 
CAESAR (by 2018, according to current timeline).


More information about the cryptography mailing list