[noise] Lightweight ciphers and Noise
Trevor Perrin
trevp at trevp.net
Wed Nov 22 02:04:18 PST 2017
On Wed, Nov 22, 2017 at 8:25 AM, Rhys Weatherley
<rhys.weatherley at gmail.com> wrote:
>> > We may want to have a separate discussion as to when it is acceptable to
>> > use
>> > 64-bit block ciphers with Noise.
[...]
>>
>> The Noise spec currently has a discussion about the (small) security
>> concern with large data volumes and 128-bit block ciphers like AES.
>> So I'd prefer if things went the other direction (towards PRFs like
>> ChaCha with *less* risk than 128-bit PRPs; rather than towards more
>> risk and tighter limits).
>
>
> Fair enough. Given that Speck is so fast, it should be possible for someone
> to design a 256-bit or 512-bit block cipher using the same idea, but I don't
> have the necessary math skills to try so I won't. Speck got some of its
> ideas from Threefish. I vaguely recall someone on the cryptography mailing
> list (Dan Bernstein maybe?) talking about Speck variants with larger block
> sizes a year or so ago. Maybe someone has a link? I haven't yet
> implemented Threefish-256 on Arduino but maybe I should give it a try.
My 2c: All that is way too creative. For actual use you want
well-studied, widely-available crypto, so just optimizing and
verifying the common algorithms (e.g. ChaChaPoly) is much more
worthwhile.
Trevor
More information about the Noise
mailing list