On 2013-12-03 joac...@strombergson.com wrote:
I would assume that since the end of the AES competition and NIST standardizing the algorithm we would have learned a lot of how to construct, good, really fast block ciphers. eSTREAM and SHA-3 competitions shows that we today can develop algorithms that are really fast and can provide protection against attacks we (imho) didn't know as much about when AES was designed.
I recently looked into this and Threefish seems to be the only block cipher I could find that provides major advantages over AES. The large block sizes and tweak parameter make it a good fit for disk encryption. I don't know how the performace compares to hardware AES. I haven't so far come across any good reason to start using any block cipher other than AES or Threefish (unless special circumstances are involved).
OTOH, for TLS ChaCha seems to me like the best choice at this point.
Things like ARX-constructions, HAIFA and sponges that move away from Feistel like constructions.
I don't think sponges help make block ciphers, although monkeyDuplex is neat for AEAD (reduced inner rounds for better software performance). I don't think it is a good choice now for TLS (not much analysis yet), but maybe in a few years. My guess is something Keccak based will come out of CAESAR (by 2018, according to current timeline).
-Matt _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
