[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Even more notes on relay-crypto constructions

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] Even more notes on relay-crypto constructions
From: unknown <unknown@xxxxxxxxx>
Date: Thu, 11 Oct 2012 19:17:22 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 11 Oct 2012 15:24:34 -0400
Gpg-key-fingerprint: EE1E 6772 92A7 F9F1 F1DE 326B 9153 691B 8058 5959
In-reply-to: <CAKDKvuxj=CBK82nH8vMbwHymyqR44i8eT9DiwumGxZOQgSnvZw@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Organization: PGPru.com
References: <CAKDKvuxj=CBK82nH8vMbwHymyqR44i8eT9DiwumGxZOQgSnvZw@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: unknown

On Tue, 9 Oct 2012 00:28:38 -0400
Nick Mathewson <nickm@xxxxxxxxxxxxxx> wrote:

> So to be concrete, let me suggest a few modes of operation.  I believe
> I'm competent to implement these:

I think (IMHO) Keccak makes many (most?) symmetric encryption modes
obsolete in the near future. 

Now Keccak-Hash is SHA-3 winner. It is not only a hash.
Keccak is universal and can be used to authenticated stream encryption
with one pass with input any amount of pads and output any amount
of additional MACs from one-pass operation (so called duplexing mode).

http://sponge.noekeon.org/SpongeDuplex.pdf

"Duplexing the sponge: single-pass authenticated encryption and
other applications"
Guido Bertoni, Joan Daemen, MichaÃl Peeters, and Gilles Van
Assche.

In this year Keccak will recieve only a hash status officialy. Later we
can see many other modes of using Keccak as universal
RO-indistinguishable PRF with good
security proofs and tons of analysis published already. 
Some parts of protocols can be done more simply with Keccak: new padding
modes for RSA instead of OAEP is one example. 

Cite:
"
In a sponge function, the input is like a white page: It does not
impose any speciïc structure to it. Additional optional inputs (e.g.,
key, nonce, personalization data) can be appended or prepended to the
input message according to a well-deïned convention, possibly under the
hood of diversiïcation as proposed in [6, Section âDomain separationâ].
K supports all the possible applications of sponge functions and duplex
objects described in [6, Chapters âSponge applicationsâ and âDuplex
applicationsâ]. These include hash function, randomized hash function,
hash function instance diïerentiation, slow one-way function, parallel
and tree hashing, mask generating function, key derivation function,
deterministic random bit generator, reseedable pseudo random bit
sequence generator, message authentication code (MAC) function,
stream cipher, random-access stream cipher and authenticated encryption.
"

http://keccak.noekeon.org/Keccak-submission-3.pdf

"The Keccak SHA-3 submission"

Guido Bertoni, Joan Daemen, Michael Peeters, Gilles Van Asshe

Keccak is hardware fast and can be realased in GPU at first.

"Keccak Tree hashing on GPU, using Nvidia Cuda API"
https://sites.google.com/site/keccaktreegpu/

If NIST adopt many uses Keccak as standards then
the most of cryptoinfrastructure migrate to it. Keccak in the
future is more then AES today and makes many uses of AES 
(and any other blockciphers) unnecessary 
(excluding PRP-modes for disk encryption, but
PRF-PRP transformation modes is potentially possible too).

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Even more notes on relay-crypto constructions
  - From: unknown

References:
- [tor-dev] Even more notes on relay-crypto constructions
  - From: Nick Mathewson

Prev by Author: Re: [tor-dev] Extending Pyonionoo to provide statistics
Next by Author: Re: [tor-dev] Even more notes on relay-crypto constructions
Previous by thread: Re: [tor-dev] Even more notes on relay-crypto constructions
Next by thread: Re: [tor-dev] Even more notes on relay-crypto constructions
Index(es):
- Author
- Thread