[tor-dev] SHA-3 isn't looking so hot to me (was: Draft sketch document with ideas for future crypto ops)

unknown unknown at pgpru.com
Wed Nov 2 17:53:48 UTC 2011

On Tue, 1 Nov 2011 14:51:00 -0700
coderman <coderman at gmail.com> wrote:

> On Tue, Nov 1, 2011 at 1:20 PM, Zooko O'Whielacronx <zooko at zooko.com> wrote:
> > ...
> > Therefore, in the context of whether we can expect SHA-3 and/or
> > SHA-256 circuits to come built into our chips in the future, the fact
> > that SHA-256 can be implemented in a smaller circuit means it would be
> > cheaper for a chip maker to include it.
> my strong preference for SHA-2-256 is precisely for this reason. i use
> multiple systems with hardware accelerated SHA-2-256. these systems
> will never have accelerated SHA-3.
> adoption of SHA-3 into hardware designs may change this in the future;
> i am skeptical :)
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

I'm very enthusiastic about one of five SHA-3 finalist -- Keccak. 
I contact with the Keccak team about some ideas and they responded readily.
IMHO Keccak is more perspespective than Skein or ChaCha as a universal cryptoprimitive to make
most of symmetryc algos obsolete.

Keccak is not only a hash with any possible length of output but PBKDF, KDF, MAC, old-style HMAC, 
Stream cipher, random acces Stream Cipher, stronge authenticated Stream Cipher, 
per block or per complete message authenticated Stream Cipher and possible many more, 
proved to be secure in random oracle model and easy to use to make most of protocols

The Keccak team pointed me to a method for executing stream cipher encryption and
authenticated encryption based on sponge.

The first presentation of the so called duplexing mode, using a sponge
for MACing and encryption was at the SHA-3 conference in Santa Barbara
in 2010.
You can download the paper from here
And recently presented at SAC2011, here you can have a look at the
presentation http://sac2011.ryerson.ca/SAC2011/BDPVA.pdf

If NIST make the Keccak a SHA-3 finalist then be prepare to integrate it as a good flexible choice.
Not only as a hash but virtually as everything symmetric algos.
Unfortunately, most of the Keccak properties may be standartizated so slow. 

And most of that non-hash properties seems non-conservative, experimental, innovatory and ambitious but
very amazingly perspective and good designed with respectful research works 
and good reputations of authors.

See www.keccak.noekeon.org for details.

More information about the tor-dev mailing list