[Cryptography] Stream Cipher over Unreliable Transport

Sid Spry sid at aeam.us
Thu Jul 2 17:13:37 EDT 2020


On Thu, Jul 2, 2020, at 7:52 AM, John Denker wrote:
> On 7/1/20 8:27 PM, Sid Spry wrote:
> 
> > I'm assuming the title has been done before. I am having some
> > trouble turning up good examples of an implementation. Most stream
> > ciphers I can find discussed assume transport integrity.
> 
> How is this different from encrypting a random-access disk?
> 

Well, it's not. As I point out I looked at disk encryption block modes.

> > My imagined selection is one of ChaCha20, AES-CTR block mode, or
> > something based on the Mersenne twister, if any of those aren't
> > patent encumbered.
> 
> I would use ChaCha20.
> 
> ===============
> 
> This is slightly heretical, but I have always considered cipher
> "modes" such as CBC to be fig leaves used to cover up a bad
> design.
> 
> The Right Thing™ is to use a different key for each block. The
> chaining mode serves only to disguise the fact that you are
> re-using a key.  The only reason you would be tempted to do
> this is if the cipher is vulnerable to related-key attacks, or
> is too expensive to re-key, or both.
> 

This seems intractable as if I am understanding your statement
you would need to store another disk of key material, which
defeats the point?

> ===============
> 
> Tangential remark:
> 
> The is rarely a good reason to use a stream cipher.  There are
> situations where it's not particularly worse, but it is hard to
> imagine a situation where it is better than the alternative.
>

Yeah. I was tired when I wrote this, I wanted to get it in before bed
so I had a response or two to look forward to the next day. My
original obsession with stream ciphers was their typically easier
implementation on an MCU. I've since decided to not use one,
so I may as well just use a block cipher. A big problem on a
typical MCU today also is there's no way to easily add a MAC.

But I am still interested if there ARE any usable stream ciphers
for my stated purpose.

As it is my "design" is more or less just a block cipher based
design already. So, will just use that.


More information about the cryptography mailing list