[Cryptography] block size / block cipher versus stream cipher

[jrzx]

On Friday, March 19, 2021 10:54 PM, John Denker via cryptography <cryptography at metzdowd.com> wrote
> 2.  Sometimes we are encrypting data at rest, but sometimes we
>     are encrypting real-time interactive stuff, which means we
>     care about latency. Sometimes care about good data
>     compression.
>     That means that sometimes we need to send a few bits or
>     a single bit ... and do it /right now/. We cannot wait to
>     fill a big block.
>
> 3.  Block chaining modes are IMHO a fig leaf, used to cover up
>     the ugliness of non-agile keying. It allows a key to be
>     re-used from one block to another. In contrast,
>     IMHO a proper cryptosystem
>     simply uses a different key for each block. It does not
>     require an expensive "key-scheduling" step, and it is
>     not vulnerable to related-key attacks.
>
>     Example #3: Block chaining modes are dead on arrival
>     if we need to do random access.

Agreed.  Some considerable time ago I concluded that
everyone should use ChaCha20 and XChaCha20 all the time everywhere for these reasons - random access to the
encryption stream, and the capacity to encrypt a
single bit, or any small number of bits, in isolation.

No blocks.  Blocks are an obsolete technology.

And with the high speed and small size of the 25519
elliptic curve family, nonces are also an obsolete
technology.