[cryptography] Compositing Ciphers?

Collin RM Stocks collin at sibilance.org
Sat Sep 14 00:40:15 EDT 2013

On 09/06/2013 08:27 PM, Jeffrey Walton wrote:
> Hi All,
> With all the talk of the NSA poisoning NIST, would it be wise to
> composite ciphers? (NY Times, Guardian, Dr. Green's blog, et seq).
> I've been thinking about running a fast inner stream cipher (Salsa20
> without a MAC) and wrapping it in AES with an authenticated encryption
> mode (or CBC mode with {HMAC|CMAC}).
> I'm aware of, for example, NSA's Fishbowl running IPSec at the network
> layer (the "outer" encryption") and then SRTP and the application
> level (the "inner" encryption). But I'd like to focus on hardening one
> cipherstream at one level, and not cross OSI boundaries.
> I'm also aware of the NSA's lightweight block ciphers
> (http://eprint.iacr.org/2013/404). I may have been born at night, but
> it was not last night....

Just FYI: I spoke to Adi Shamir recently (he is doing a lecture series 
at Courant), and he said he had looked at SIMON and SPECK and did not 
see anything wrong with them. Shamir is, of course, a world-renowned 
cryptanalyst, responsible for breaking FEAL and DES, for example.

> Has anyone studied the configuration and security properties of a
> inner stream cipher with an outer block cipher?
> Jeff
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography

More information about the cryptography mailing list