[Cryptography] block size / block cipher versus stream cipher

[jrzx]

On Monday, March 22, 2021 10:48 AM, Phillip Hallam-Baker <phill at hallambaker.com> wrote:

> What I am looking at is ways to tune a cipher so that I can use frequent rekeying
> of the symmetric key to avoid the need to go through an expensive public key
> agreement.

Public key agreement is expensive?

On my desktop, it costs a couple of microseconds to generate a fresh shared
symmetric secret from a an unshared ristretto25519 scalar and a shared
ristretto25519 elliptic point.

> OCB can be configured so it can be used in the same manner as ECB
> (i.e. random lookup) but with a performance penalty for each 'seek'
> operation. And you can't do authentication of course.

I am using ChaCha20 with continual random seek and authentication, no
noticeable performance penalty, though I have not really tested for performance.

It looks to me that the standard entry point to the libsodium library does a random
seek every time it decrypts and authenticates a sequence of bytes, whether it
needs to do so or not, though I have not verified this. I have verified that it does
a random seek every sixty four bytes when decrypting a sequence of more than
sixty four bytes, that it does the same thing as it would do for a completely
new key, nonce, and byte offset, every sixty four bytes, which is why I have not
bothered to verify the other two issues.

> Phill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210323/28382d46/attachment.htm>