[Cryptography] We need a new encryption algorithm competition.

Hanno Böck hanno at hboeck.de
Sun Mar 16 15:08:44 EDT 2014 

On Sun, 16 Mar 2014 08:40:22 -0400
Phillip Hallam-Baker <hallam at gmail.com> wrote:

> ??, SHA3, HMAC-SHA3 / ??-CCM, ECDH, ECDSA

There tends to be a consensus that ECDSA is NOT the way to go with
elliptic curves due to its property that it fails with bad random
numbers.
ed25519 has some fans and is the thing openssh recently adopted. GnuPG
also is working on it.

> Spot the problem? We currently have no backup for an encryption
> algorithm.

There are plenty of choices that are probably reasonably secure and
different from AES:
* The AES competitors. People tend to think that Serpent was the most
  secure choice and Twofish was the best compromise between security
  and speed and many consider it as the "real winner".
* Use SHA-3-winner keccak for encryption. The keccak authors have
  defined an authenticated encryption mode for keccak [1].
* estream-competition [2] was a crypto algo competition for stream
  ciphers. Salsa20[2] and its successor chacha20 seem to have quite
  some fans (openssh adopted it, tls will probably do soon).
* There are plenty of old and still good algos like blowfish or
  camellia.

Amongst them, chacha20 is probably the most likely choice. It's a
stream cipher, AES is a block cipher, so there are situations when you
can't switch them, but basically in many areas you can use both block
or stream ciphers.

I really don't see that we don't have alternatives for symmetric
encryption algos. I'm much more worried that we have very little
alternatives once the public key algos break, because they are all very
similar (and we pretty much already know that it will happen if quantum
computers become usable).

[1] https://eprint.iacr.org/2011/499
[2] https://en.wikipedia.org/wiki/ESTREAM

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140316/99be5914/attachment.pgp>

More information about the cryptography mailing list