from:"William Bathurst"

Re: [openssl-dev] Speck Cipher Integration with OpenSSL

2018-01-09 Thread William Bathurst


Hi Dmitry,

We implemented it using the same means as we saw the other ciphers. It 
was using the EVP functions. This way it could be included or excluded 
via makefile.


Regards,
Bill


On 1/9/2018 12:23 AM, Dmitry Belyavsky wrote:

Dear William,

Does SPECK implementation need to be a part of the OpenSSL bundle itself?
It can be added as engine, similar to Russian GOST support, with 
minimal patches providing OIDs/NIDs if necessary.


On Fri, Jan 5, 2018 at 9:52 PM, William Bathurst <wbath...@gmail.com 
<mailto:wbath...@gmail.com>> wrote:


Hello All,

We have open sourced our work in regards to integrating the Speck
Cipher with OpenSSL. Basic information about this cipher can be
found here.

https://en.wikipedia.org/wiki/Speck_(cipher)
<https://en.wikipedia.org/wiki/Speck_%28cipher%29>
<https://en.wikipedia.org/wiki/Speck_%28cipher%29
<https://en.wikipedia.org/wiki/Speck_%28cipher%29>>

SPECK is a lightweight block ciphers each of which comes in a
variety of widths and key sizes and is targeted towards resource
constrained devices and environments. This implementation is
currently implemented using the 128 and 256 block sizes.

We are currently modifying the source from Apache to OpenSSL open
source licensing for the Speck/OpenSSL integration. Related
repositories such as the cipher itself will remain under the
Apache license. We would love input on the following items:

1) Community interest in such a lightweight cipher.
2) Committers willing to help on the code for improvements.
3) Information on how to make this available as a patch.

We have currently integrated Speck with OpenSSL 1.1. We also have
an Speck Client software available for people who wish to test
this software. Future ports will be to mbedTLS.

We have listed making it available as an issue:

https://github.com/openssl/openssl/issues
<https://github.com/openssl/openssl/issues>

OpenSSL/Speck Integration open source repositories:

https://github.com/m2mi/openssl_speck
<https://github.com/m2mi/openssl_speck>
https://github.com/m2mi/open_speck
<https://github.com/m2mi/open_speck>

Feel free to contact to to discuss the cipher and uses.

With Regards,
Bill

-- 
openssl-dev mailing list

To unsubscribe:
https://mta.openssl.org/mailman/listinfo/openssl-dev
<https://mta.openssl.org/mailman/listinfo/openssl-dev>




--
SY, Dmitry Belyavsky




-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Speck Cipher Integration with OpenSSL

2018-01-09 Thread William Bathurst


Hi dkg,

You stated the following:

My understanding is that the algorithm designers and primary advocates
have not been particularly forthcoming with their design goals, and
their reputation is mixed, at best.

Simon and Speck has been in the public domain for a number of years and 
there are quite a few white papers and articles on the Ciphers. Allowing 
public scrutiny and crypto-analysis is one way to put a cipher through 
the grinder to make sure there are no back doors or weaknesses.


Regards,
Bill


On 1/5/2018 11:33 AM, Daniel Kahn Gillmor wrote:

Hi Bill--

On Fri 2018-01-05 10:52:01 -0800, William Bathurst wrote:


We have open sourced our work in regards to integrating the Speck Cipher
with OpenSSL. Basic information about this cipher can be found here.

https://en.wikipedia.org/wiki/Speck_(cipher)
<https://en.wikipedia.org/wiki/Speck_%28cipher%29>

SPECK is a lightweight block ciphers each of which comes in a variety of
widths and key sizes and is targeted towards resource constrained
devices and environments. This implementation is currently implemented
using the 128 and 256 block sizes.

Thanks for your work on this, and for reporting on it here.  Out of
curiosity, who is the "We" involved here?  The changeset history
appears to be a bit ambivalent about the authorship, based on edits to
the README itself:

   
https://github.com/m2mi/openssl_speck/commit/4a67a5644ff5c56956063d858033585f57686d1e
   
https://github.com/m2mi/openssl_speck/commit/8d619beffa3bd1c221fc6a7946b9aa7a00774019


1) Community interest in such a lightweight cipher.

I'm not convinced that the OpenSSL project should encourage the adoption
of SPECK, given the general level of distrust around the algorithm:

   https://www.schneier.com/blog/archives/2017/09/iso_rejects_nsa.html

My understanding is that the algorithm designers and primary advocates
have not been particularly forthcoming with their design goals, and
their reputation is mixed, at best.

Regards,

   --dkg


--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Speck Cipher Integration with OpenSSL

2018-01-08 Thread William Bathurst

Hi Hanno/all,

I can understand your view that "more is not always good" in crypto. The
reasoning behind the offering can be found in the following whitepaper:

https://csrc.nist.gov/csrc/media/events/lightweight-cryptography-workshop-2015/documents/papers/session1-shors-paper.pdf

I will summarize in a different way though. We wish to offer an
optimized lightweight TLS for IoT. A majority of devices found in IoT
are resource constrained, for example a device CPU may only have 32K of
RAM. Therefore security is an afterthought by developers. For some only
AES 128 is available and they wish to use 256 bit encryption. Then Speck
256 would be an option because it has better performance and provides
sufficient security.

Based on the above scenario you can likely see why we are interested in
OpenSSL. First, OpenSSL can be used for terminating lightweight TLS
connections near the edge, and then forwarding using commonly used ciphers.

[IoT Device] -TLS/Speck>[IoT Gateway]-TLS> [Services]

Also, we are interested in using OpenSSL libraries at the edge for
client creation. One thing we would like to do is provide instructions
for an highly optimized build of OpenSSL that can be used for contrained
devices.

I think demand will eventually grow because there is an initiative by
the US government to improve IoT Security and Speck is being developed
and proposed as a standard within the government. Therefore, I see users
who wish to play in this space would be interested in a version where
Speck could be used in OpenSSL.

It is my hope to accomplish the following:

[1] Make Speck available via Open Source, this could be as an option or
as a patch in OpenSSL.
[2] If we make it available as a patch, is there a place where we would
announce/make it known that it is available?

We are also looking at open-sourcing the client side code. This would be
used to create light-weight clients that use Speck and currently we also
build basic OAuth capability on top of it.

Thanks for your input!

Bill

On 1/5/2018 11:40 AM, Hanno Böck wrote:

On Fri, 5 Jan 2018 10:52:01 -0800
William Bathurst <wbath...@gmail.com> wrote:

1) Community interest in such a lightweight cipher.

I think there's a shifting view that "more is not always good" in
crypto. OpenSSL has added features in the past "just because" and it
was often a bad decision.

Therefore I'd generally oppose adding ciphers without a clear usecase,
as increased code complexity has a cost.
So I think questions that should be answered:
What's the usecase for speck in OpenSSL? Are there plans to use it in
TLS? If yes why? By whom? What advantages does it have over existing
ciphers? (Yeah, it's "lightweight", but that's a pretty vague thing.)

Also just for completeness, as some may not be aware: There are some
concerns about Speck due to its origin (aka the NSA). I don't think
that is a reason to dismiss a cipher right away, what I'd find more
concerning is that from what I observed there hasn't been a lot of
research about speck.

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] Speck Cipher Integration with OpenSSL

2018-01-05 Thread William Bathurst


Hello All,

We have open sourced our work in regards to integrating the Speck Cipher 
with OpenSSL. Basic information about this cipher can be found here.


https://en.wikipedia.org/wiki/Speck_(cipher) 



SPECK is a lightweight block ciphers each of which comes in a variety of 
widths and key sizes and is targeted towards resource constrained 
devices and environments. This implementation is currently implemented 
using the 128 and 256 block sizes.


We are currently modifying the source from Apache to OpenSSL open source 
licensing for the Speck/OpenSSL integration. Related repositories such 
as the cipher itself will remain under the Apache license. We would love 
input on the following items:


1) Community interest in such a lightweight cipher.
2) Committers willing to help on the code for improvements.
3) Information on how to make this available as a patch.

We have currently integrated Speck with OpenSSL 1.1. We also have an 
Speck Client software available for people who wish to test this 
software. Future ports will be to mbedTLS.


We have listed making it available as an issue:

https://github.com/openssl/openssl/issues

OpenSSL/Speck Integration open source repositories:

https://github.com/m2mi/openssl_speck
https://github.com/m2mi/open_speck

Feel free to contact to to discuss the cipher and uses.

With Regards,
Bill

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Speck Cipher Integration with OpenSSL

Re: [openssl-dev] Speck Cipher Integration with OpenSSL

Re: [openssl-dev] Speck Cipher Integration with OpenSSL

[openssl-dev] Speck Cipher Integration with OpenSSL

4 matches

Site Navigation

Mail list logo

Footer information