[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Even more notes on relay-crypto constructions



On Tue, 9 Oct 2012 00:28:38 -0400
Nick Mathewson <nickm@xxxxxxxxxxxxxx> wrote:

> So to be concrete, let me suggest a few modes of operation.  I believe
> I'm competent to implement these:

I think (IMHO) Keccak makes many (most?) symmetric encryption modes
obsolete in the near future. 

Now Keccak-Hash is SHA-3 winner. It is not only a hash.
Keccak is universal and can be used to authenticated stream encryption
with one pass with input any amount of pads and output any amount
of additional MACs from one-pass operation (so called duplexing mode).

http://sponge.noekeon.org/SpongeDuplex.pdf

"Duplexing the sponge: single-pass authenticated encryption and
other applications"
Guido Bertoni, Joan Daemen, MichaÃl Peeters, and Gilles Van
Assche.

In this year Keccak will recieve only a hash status officialy. Later we
can see many other modes of using Keccak as universal
RO-indistinguishable PRF with good
security proofs and tons of analysis published already. 
Some parts of protocols can be done more simply with Keccak: new padding
modes for RSA instead of OAEP is one example. 

Cite:
"
In a sponge function, the input is like a white page: It does not
impose any speciïc structure to it. Additional optional inputs (e.g.,
key, nonce, personalization data) can be appended or prepended to the
input message according to a well-deïned convention, possibly under the
hood of diversiïcation as proposed in [6, Section âDomain separationâ].
K supports all the possible applications of sponge functions and duplex
objects described in [6, Chapters âSponge applicationsâ and âDuplex
applicationsâ]. These include hash function, randomized hash function,
hash function instance diïerentiation, slow one-way function, parallel
and tree hashing, mask generating function, key derivation function,
deterministic random bit generator, reseedable pseudo random bit
sequence generator, message authentication code (MAC) function,
stream cipher, random-access stream cipher and authenticated encryption.
"

http://keccak.noekeon.org/Keccak-submission-3.pdf

"The Keccak SHA-3 submission"

Guido Bertoni, Joan Daemen, Michael Peeters, Gilles Van Asshe


Keccak is hardware fast and can be realased in GPU at first.

"Keccak Tree hashing on GPU, using Nvidia Cuda API"
https://sites.google.com/site/keccaktreegpu/

If NIST adopt many uses Keccak as standards then
the most of cryptoinfrastructure migrate to it. Keccak in the
future is more then AES today and makes many uses of AES 
(and any other blockciphers) unnecessary 
(excluding PRP-modes for disk encryption, but
PRF-PRP transformation modes is potentially possible too).

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev