[Cryptography] cryptography Digest, Vol 16, Issue 11
Jerry Leichter
leichter at lrw.com
Fri Aug 15 08:57:30 EDT 2014
On Aug 15, 2014, at 6:37 AM, ianG <iang at iang.org> wrote:
>> (There are vaguer hints that they have some similar design secrets for stream ciphers: No public stream cipher has survived public attack, but while we don't know how they work internally, NSA has continue to field stream ciphers for its own
>> use, so it apparently thinks it can produce secure ones.)
> Hmmm... I haven't heard of any such embarrassment for the ChaCha family?
ChaCha may prove to be the first secure public stream cipher. It probably needs more time to settle in, though - it's about 6 years old. (Salsa, of which it's a variant, is a year older.)
> OTOH, as far as I can tell, it's just a block cipher internally with a
> stream wrapper around it...
Ultimately what matters is performance in "stream-cipher-like" situations (encrypting small and large streams of data without delays). The Salsa/ChaCha family seems closer on these measures to traditional stream ciphers like RC4 than to block ciphers like AES. Two quotes from http://cr.yp.to/snuffle.html:
"ARM speeds: At the SASC 2007 workshop, Cedric Lauradoux reported a Salsa20 implementation for a 200MHz ARM920T taking 69 cycles/byte and using just 868 bytes of code. For comparison, Lauradoux reported an AES implementation taking 101 cycles/byte with 15920 bytes of code.
FPGA speeds: At the SASC 2007 workshop, Marcin Rogawski reported an unrolled-double-round Salsa20 implementation using 3510 logic elements on a Altera Cyclone EP1C20F324C6 (130nm process). The implementation is estimated to drain 450.14 mW at 30MHz and produce 1280 Mbps. For comparison, Rogawski reported an AES implementation using 5053 logic elements; the implementation is estimated to drain 1191.01 mW at 105MHz and produce 611 Mbps."
(It's difficult to give exact comparisons since both Salsa and ChaCha are families of ciphers and the particular family member you pick affects both speed and security.)
-- Jerry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140815/4939890c/attachment.bin>
More information about the cryptography
mailing list