[noise] Noise & MEM-AEAD
Trevor Perrin
trevp at trevp.net
Mon Jan 30 11:30:24 PST 2017
On Mon, Jan 30, 2017 at 9:59 AM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> Hey Trevor & folks,
>
> Anyone here interested in a Noise suite involving MEM-AEAD?
>
> https://eprint.iacr.org/2015/999.pdf
>
> MEM-AEAD uses the Blake2b permutation, and OPP mode is 0.55
> cycles/byte, using only 1 pass, which is pretty much the fastest AEAD
> that doesn't involve AES-NI.
Seems interesting, fast, smart people behind it.
I probably wouldn't use new fast symmetric crypto for anything
important until it's been analyzed for several more years.
(Maybe you can argue that the NORX/BLAKE2b/BLAKE2/ChaCha/Salsa
analysis applies, but I dunno, it's only using 4 rounds of BLAKE2b, so
it's not obvious to me how much analysis it inherits).
But it would be fun to experiment with, totally support you naming and
spec'ing this, linking a doc on the Wiki, etc.
Trevor
More information about the Noise
mailing list