[noise] Noise & MEM-AEAD
Jason A. Donenfeld
Jason at zx2c4.com
Mon Jan 30 09:59:11 PST 2017
Hey Trevor & folks,
Anyone here interested in a Noise suite involving MEM-AEAD?
MEM-AEAD uses the Blake2b permutation, and OPP mode is 0.55
cycles/byte, using only 1 pass, which is pretty much the fastest AEAD
that doesn't involve AES-NI. In Noise, this would reduce code size,
since the Blake2b internals can be reused, resulting pretty much in
just a Blake2b+ECDH based protocol. Most of all, the paper has
security proofs for the construction.
There's a C and a Rust implementation here:
And one of the authors (CC'd) has a recorded presentation from Eurocrypt:
Is anybody on this list (or Trevor?) interested in this? I plan to do
an experimental branch of WireGuard for testing this out.
More information about the Noise