On 09/06/2013 08:27 PM, Jeffrey Walton wrote:
Hi All,
With all the talk of the NSA poisoning NIST, would it be wise to
composite ciphers? (NY Times, Guardian, Dr. Green's blog, et seq).
I've been thinking about running a fast inner stream cipher (Salsa20
without a MAC) and wrapping it in AES with an authenticated encryption
mode (or CBC mode with {HMAC|CMAC}).
I'm aware of, for example, NSA's Fishbowl running IPSec at the network
layer (the "outer" encryption") and then SRTP and the application
level (the "inner" encryption). But I'd like to focus on hardening one
cipherstream at one level, and not cross OSI boundaries.
I'm also aware of the NSA's lightweight block ciphers
(http://eprint.iacr.org/2013/404). I may have been born at night, but
it was not last night....
Just FYI: I spoke to Adi Shamir recently (he is doing a lecture series
at Courant), and he said he had looked at SIMON and SPECK and did not
see anything wrong with them. Shamir is, of course, a world-renowned
cryptanalyst, responsible for breaking FEAL and DES, for example.
Has anyone studied the configuration and security properties of a
inner stream cipher with an outer block cipher?
Jeff
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
