[tor-dev] Even more notes on relay-crypto constructions

unknown unknown at pgpru.com
Thu Oct 11 19:17:22 UTC 2012

On Tue, 9 Oct 2012 00:28:38 -0400
Nick Mathewson <nickm at torproject.org> wrote:

> So to be concrete, let me suggest a few modes of operation.  I believe
> I'm competent to implement these:

I think (IMHO) Keccak makes many (most?) symmetric encryption modes
obsolete in the near future. 

Now Keccak-Hash is SHA-3 winner. It is not only a hash.
Keccak is universal and can be used to authenticated stream encryption
with one pass with input any amount of pads and output any amount
of additional MACs from one-pass operation (so called duplexing mode).


"Duplexing the sponge: single-pass authenticated encryption and
other applications"
Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van

In this year Keccak will recieve only a hash status officialy. Later we
can see many other modes of using Keccak as universal
RO-indistinguishable PRF with good
security proofs and tons of analysis published already. 
Some parts of protocols can be done more simply with Keccak: new padding
modes for RSA instead of OAEP is one example. 

In a sponge function, the input is like a white page: It does not
impose any specific structure to it. Additional optional inputs (e.g.,
key, nonce, personalization data) can be appended or prepended to the
input message according to a well-defined convention, possibly under the
hood of diversification as proposed in [6, Section “Domain separation”].
K supports all the possible applications of sponge functions and duplex
objects described in [6, Chapters “Sponge applications” and “Duplex
applications”]. These include hash function, randomized hash function,
hash function instance differentiation, slow one-way function, parallel
and tree hashing, mask generating function, key derivation function,
deterministic random bit generator, reseedable pseudo random bit
sequence generator, message authentication code (MAC) function,
stream cipher, random-access stream cipher and authenticated encryption.


"The Keccak SHA-3 submission"

Guido Bertoni, Joan Daemen, Michael Peeters, Gilles Van Asshe

Keccak is hardware fast and can be realased in GPU at first.

"Keccak Tree hashing on GPU, using Nvidia Cuda API"

If NIST adopt many uses Keccak as standards then
the most of cryptoinfrastructure migrate to it. Keccak in the
future is more then AES today and makes many uses of AES 
(and any other blockciphers) unnecessary 
(excluding PRP-modes for disk encryption, but
PRF-PRP transformation modes is potentially possible too).

More information about the tor-dev mailing list