[Cryptography] block size / block cipher versus stream cipher

[Kristian Gjøsteen]

23. mar. 2021 kl. 05:22 skrev jrzx <jrzx at protonmail.ch>:
> On Sunday, March 21, 2021 3:49 PM, Kristian Gjøsteen <kristian.gjosteen at ntnu.no <mailto:kristian.gjosteen at ntnu.no>> wrote:
>> The block cipher design paradigm has been a roaring success.
>> We are in a position where an idiot like me can safely us
>> block cipher to design cryptosystems and prove solid>
>> theorems about their security.
> 
> I don't think I am a complete idiot, and it is non trivial for me to implement the block cipher paradigm without screwing up.
> 
> You wind up doing a lot of clever and complicated things with nonces and key scheduling.
> 
> Allegedly, a great many people do screw up.


Yes, we know. We all know. But you are missing the point.

Block ciphers do not make your implementation job harder, they make it easier, because you do not (usually!) have to implement the block cipher.

What makes your implementation job harder is idiots like me designing systems. And you know what: Without block ciphers, idiots like me would still design systems. And they would be harder to implement correctly. As a bonus, they would also be more likely to be insecure **as a design**, rendering secure implementation moot.

Block ciphers are great. (Callas mentioned tweakable block ciphers in another e-mail; they are double-plus great.)

-- 
Kristian Gjøsteen

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20210325/089a2f2a/attachment.htm>