[Cryptography] We need a new encryption algorithm competition.
ianG
iang at iang.org
Sun Mar 16 16:44:50 EDT 2014
On 16/03/2014 12:40 pm, Phillip Hallam-Baker wrote:
> On Sun, Mar 16, 2014 at 12:33 AM, James A. Donald <jamesd at echeque.com>wrote:
>> On Sat, 15 Mar 2014 16:31:05 ianG wrote:
>>> If people stop believing in ...
>> Trust individuals.
> One of the side discussions that came up at the STRINT workshop was on the
> need for better management of crypto algorithms in standards.
...
> So we can hypothesize a backup set of algorithms:
>
> ??, SHA3, HMAC-SHA3 / ??-CCM, ECDH, ECDSA
First question -- when was a backup suite last successfully fielded?
Second question -- what proportion of problems are addressed by a suite
algorithm?
Which is to say, in challenging your assumptions, I'm not sure your
going to get any benefit form the huge amount of work you need to do to
handle a backup suite.
Another indicator is this: when you come to launch the backup
algorithm, will everything have changed?
Since I last designed a packet suite using AES/SHA1/HMAC, we have
shifted over to a fanboy consensus of ChaCha20/Poly1305; which as it
happens is a stream-based mechanism, so the code to implement it looks
entirely different.
Further, in some sort of foreseeable future, CAESAR comes out and we now
have a suite of AE algorithms, so even ChaCha/Poly is starting to look
like last year's fashion, not cool.
Then add in the whole RSA => DSA => RSA (again) => EC/NIST => EC/safe
progression, and the public key side is looking as volatile. What's in
the future? I've got one recommendation that NTRU is needed within 5
years, if it is, then we're likely back to the drawing board. Again.
...
> I can't see how to get there unless we run a whole new crypto algorithm
> competition.
So, in a sense, there is an emerging consensus that competitions are
what we need to re-establish trust in a process. h/t to Ralf as well.
That isn't going to go away. We're kind of left with a sense that we
need a competition for every darn problem we have. So why not do that?
Why not start COMPETE 2014 -- the yearly event for crypto competitions?
Every year, we assemble at <nice place> and have an open knock
presentations followed by attack rumps.
Presentations are ideas designed to solve today's problem. Open rules
-- if you want to try for the backup suite prize, present it.
There could be classes or threads: AE suite, PK suite, comprehensive
cipherbox (to use djb's term), protocol (e.g., QUIC to knock out TLS).
One event to rule them all, one event to find them, one event to bring
them all and in the sunlight blind them!
iang, he:) apologies, it's sunday
More information about the cryptography
mailing list