[noise] Noise & MEM-AEAD
Jason A. Donenfeld
Jason at zx2c4.com
Mon Jan 30 09:59:11 PST 2017
Hey Trevor & folks,
Anyone here interested in a Noise suite involving MEM-AEAD?
https://eprint.iacr.org/2015/999.pdf
MEM-AEAD uses the Blake2b permutation, and OPP mode is 0.55
cycles/byte, using only 1 pass, which is pretty much the fastest AEAD
that doesn't involve AES-NI. In Noise, this would reduce code size,
since the Blake2b internals can be reused, resulting pretty much in
just a Blake2b+ECDH based protocol. Most of all, the paper has
security proofs for the construction.
There's a C and a Rust implementation here:
https://github.com/MEM-AEAD/mem-aead
https://github.com/MEM-AEAD/mem-aead-rust
And one of the authors (CC'd) has a recorded presentation from Eurocrypt:
https://www.youtube.com/watch?v=TpyrWMzXBWA
Is anybody on this list (or Trevor?) interested in this? I plan to do
an experimental branch of WireGuard for testing this out.
Regards,
Jason
More information about the Noise
mailing list