[Cryptography] Keccak-based AEAD cipher algorithm
Stephan Mueller
smueller at chronox.de
Thu Jul 28 01:34:06 EDT 2022
Am Dienstag, 26. Juli 2022, 22:23:32 CEST schrieb Jacob Christian Munch-
Andersen:
Hi Jacob,
> On Tue, Jul 26, 2022, at 11:47 AM, Stephan Mueller wrote:
> > Using Keccak, a symmetric stream cipher algorithm using the authenticated
> > encryption with additional data (AEAD) algorithm can be specified.
>
> Before getting to an actual cryptographic review, there are a few structural
> issues that I think you need to fix.
>
> First of all, why are there two almost identical algorithms? It doesn't seem
> like they serve different purposes or have significantly different
> trade-offs, so why wouldn't you just pick the one you think is best and
> forget about the other one?
Exactly. It all started off by using KMAC as this was the natural choice
considering it handles a key. But then KMAC requires at least 2 Keccak
operations during initialization whereas cSHAKE requires only one. And when
comparing KMAC to cSHAKE, both are basically identical with the exception that
KMAC adds more padding (that is filled with zeros). Thus I thought why not
using cSHAKE instead.
For research, I implemented both to also see the difference in performance.
But in the end, one should remain.
>
> Second, what functions do I actually need to call in order to use this? You
> have placed all the documentation inside code files, which is ugh. But more
> important, you have failed to provide a concise instruction, and some
> sample code is really a must-have.
The instruction on using the code is given in the header files with the
function names. The examples on using the code are given in the test case
files in [1] through [4].
> When I look at the header files there
> are a bunch of different functions, as best I can tell
> lc_cc_encrypt_oneshot and lc_cc_decrypt_oneshot are the sane choices, with
> everything else serving as footguns for those who are unaware.
>
> Third, could you elaborate why one should choose this algorithm over
> competing ones? We already have plenty different to choose from, so a new
> one isn't worth much if it isn't better than the old ones in some way.
It started as a research project to study whether a viable algorithm based on
hashes can be created. I.e. the algorithm use hashes to encrypt data (a weird
statement, but this is true in this case).
[1] https://github.com/smuellerDD/leancrypto/blob/master/aead/tests/
cshake_crypt_test.c
[2] https://github.com/smuellerDD/leancrypto/blob/master/aead/tests/
cshake_crypt_large_test.c
[2] https://github.com/smuellerDD/leancrypto/blob/master/aead/tests/
kmac_crypt_test.c
[4] https://github.com/smuellerDD/leancrypto/blob/master/aead/tests/
kmac_crypt_large_test.c
Ciao
Stephan
More information about the cryptography
mailing list