-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aloha!
(Added the list as recipient since I assume not replying to list was a mistake - if not I apologize to SandyH.) Sandy Harris wrote: > Joachim Strömbergson <joac...@strombergson.com> wrote: >> The question is then - what is state of the art in block cipher >> design? What would be the candidates to complement AES in SSL/TLS? > > The other finalist from the AES competition -- Twofish, MARS, RC6 and > Serpent would be obvious possibilities. All except RC6 have open > licenses, I think. > > Various conutries also have newer standards for ciphers that can > replace AES. Camellia in Japan, Aria in Korea, mybe others? So, the state of the art 2013 for block ciphers are the other AES finalists and some older national ciphers such as Camellia, SEED? Is that really the case? I'm not saying they aren't interesting or good - but wonder if there really hasn't been any progress. The good thing with older algorithms is that they have been around and hopefully been tested more. Some of them such as Camellia has been through evaluations such as CRYPTREC. And both Canellia and SEED are in OpenSSL and/or has been accepted as ciphers in SSL/TLS. But are they used - outside their national relation? Camellia is not as fast as AES, and like AES contain S-boxes which I assume would today be harder to motivate to use due to possible side channel effects. SEED is probably slower for similar length key than AES too. And has S-boxes. I would assume that since the end of the AES competition and NIST standardizing the algorithm we would have learned a lot of how to construct, good, really fast block ciphers. eSTREAM and SHA-3 competitions shows that we today can develop algorithms that are really fast and can provide protection against attacks we (imho) didn't know as much about when AES was designed. Things like ARX-constructions, HAIFA and sponges that move away from Feistel like constructions. For something to successfully complement AES as block cipher in SSL/TLS I believe it needs to provide at least the same performance (able to utilize things like AES-NI on modern CPUs), protect against side channel attacks and be a pretty good drop in substitute. (Possibly working on larger block size though...) Flame on! - -- Med vänlig hälsning, Yours Joachim Strömbergson - Alltid i harmonisk svängning. ======================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlKdrtoACgkQZoPr8HT30QHv/ACfehs+RxsvX/esPCePthntjZBE K5YAn1Wnd3wvtWVdGHD6rtyA2yD6834D =WH2x -----END PGP SIGNATURE----- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography