The committee has been discussing the importance of various features of authenticated ciphers, and has drafted the following list of three important types of use cases. Please feel free to send comments to the mailing list.
Use Case 1: Lightweight applications (resource constrained environments) * critical: fits into small hardware area and/or small code for 8-bit CPUs * desirable: natural ability to protect against side-channel attacks * desirable: hardware performance, especially energy/bit * desirable: speed on 8-bit CPUs * message sizes: usually short (can be under 16 bytes), sometimes longer Use Case 2: High-performance applications * critical: efficiency on 64-bit CPUs (servers) and/or dedicated hardware * desirable: efficiency on 32-bit CPUs (small smartphones) * desirable: constant time when the message length is constant * message sizes: usually long (more than 1024 bytes), sometimes shorter Use Case 3: Defense in depth * critical: authenticity despite nonce misuse * desirable: limited privacy damage from nonce misuse * desirable: authenticity despite release of unverified plaintexts * desirable: limited privacy damage from release of unverified plaintexts * desirable: robustness in more scenarios; e.g., huge amounts of data ---Dan -- You received this message because you are subscribed to the Google Groups "Cryptographic competitions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/crypto-competitions. For more options, visit https://groups.google.com/d/optout.
