If we’re going to get into the cryptanalysis of SPECK then this thread should move off the TLS list and possibly to the CFRG list.
spt > On Mar 21, 2016, at 10:07, Efthymios Iosifides <iosifid...@gmail.com> wrote: > > >I don't see any compelling argument for the inclusion of SPECK? Not only > >would the affiliation with NSA give the >TLS-WG a bad rep. in the public, > >more importantly, it makes one of our main problems worse: combinatorial > >explosion >of possible cipher-suites in TLS. This problem is so bad that it > >needs multiple blog posts, an effort by Mozilla and >bettercrypto.org to get > >sys-admins to configure their services. > > > Hi all. > > The reputation aspect is not necessarily and strictly correlated with it's > provenance, but with it's actual security and performance. And the SPECK we > shall note that performs quite well. Also we shall not forget that even the > infamous AES has been approved by the NSA before the widespread use of it. In > any case i wouldn't like for us to stand on the popular press. On the other > hand we shall evaluate if the SPECK could be actually used. For example, the > fact that it lacks extensive cryptanalysis is a serious argument for not > using it today, but what about the future specifications. On top to that what > if we could prove that the SPECK can have better performance than other algos > without sacrificing the security. > > > BRs, > Efthimios Iosifides > > 2016-03-18 19:49 GMT+02:00 Aaron Zauner <a...@azet.org>: > Hi, > > > On 17 Mar 2016, at 07:35, Efthymios Iosifides <iosifid...@gmail.com> wrote: > > > > Hello all. > > > > I have just found on the ietf archives an email discussion about the > > inclusion of the SPECK Cipher > > in the tls standards. > > It's reference is below > > :https://www.ietf.org/mail-archive/web/tls/current/msg13824.html > > > > Even though that this cipher originates from the NSA one cannot find a > > whitepaper that describes it's full cryptanalysis. In the above discussion > > Mr. Strömbergson somehow perfunctorily presents two whitepapers that > > describe the SPECK's cryptanalysis. Although we shall keep in mind that > > these papers describe a limited round cryptanalysis. Also we shall not > > forget that a similar cryptanalysis has taken place for the famous AES. > > Therefore i personally do not see any actual arguments apart from the facts > > that concerns the algorithm's provenance for not including it in a future > > tls specification. In conclusion even by this day the SPECK cipher has not > > been yet fully cryptanalyzed succesfully. > > I don't see any compelling argument for the inclusion of SPECK? Not only > would the affiliation with NSA give the TLS-WG a bad rep. in the public, more > importantly, it makes one of our main problems worse: combinatorial explosion > of possible cipher-suites in TLS. This problem is so bad that it needs > multiple blog posts, an effort by Mozilla and bettercrypto.org to get > sys-admins to configure their services. > > Aaron > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
