[147179] in cryptography@c2.net mail archive
Re: [Cryptography] The paranoid approach to crypto-plumbing
daemon@ATHENA.MIT.EDU (Sandy Harris)
Tue Sep 17 11:45:09 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <r422Ps-1075i-12B5E1BE25FD4D27AD79323ECFA8C3A7@Williams-MacBook-Pro.local>
Date: Tue, 17 Sep 2013 11:41:33 -0400
From: Sandy Harris <sandyinchina@gmail.com>
To: Cryptography <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Mon, Sep 16, 2013 at 12:44 PM, Bill Frantz <frantz@pwpconsult.com> wrote:
> Symmetric encryption:
>
> Two algorithms give security equal to the best of them. Three
> protect against meet-in-the-middle attacks. Performing the
> multiple encryption at the block level allows block cyphers to
> be combined with stream cyphers. RC4 may have problems, but
> adding it to the mix isn't very expensive.
A paper of mine on combining a stream cipher with a block
cipher: http://eprint.iacr.org/2008/473
AES-256 uses 14 rounds vs. 10 for AES-128, so it is about
40% slower. Given 256 bits of key and a stream cipher that
is 5x faster than AES, you can use AES-128 and have 128
bits to key the stream cipher. AES-128 plus whitening that
changes for every block (two 128-bit blocks of stream
cipher output) has roughly the same cost as AES-256.
There are several ways to reduce the cost and/or increase
the security from there; see the paper for details.
I am still working on this notion and will have a new and
much improved version of that paper sometime this year.
Anyone I know moderately well who wants to review it
can contact me off-list for the current draft.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
