On Tue 2018-01-09 18:41:25 -0800, William Bathurst wrote: > [ dkg wrote: ] >> My understanding is that the algorithm designers and primary advocates >> have not been particularly forthcoming with their design goals, and >> their reputation is mixed, at best. > > Simon and Speck has been in the public domain for a number of years and > there are quite a few white papers and articles on the Ciphers. Allowing > public scrutiny and crypto-analysis is one way to put a cipher through > the grinder to make sure there are no back doors or weaknesses.
It sounds like we agree that adversarial cryptanalysis is a necessary component of evaluating cryptographic algorithms today. :) And yes, Simon and Speck have indeed been published for a while now. My understanding is that there has been a steady stream of cryptanalysis against them, which has made some non-negligible progress in whittling down their initially-claimed security levels. Meanwhile (as i said above), the designers have not been particularly forthcoming with producing their design goals and their own cryptanalysis, despite requests for those documents. Shouldn't the designers of algorithms intended to be used by the public also be transparent about their design goals and their own understanding of the strengths and weaknesses of the algorithms they're proposing? This seems particularly relevant when the designers have been plausibly accused of trying to pass off sub-standard cryptographic algorithms as acceptable for public consumption (e.g. "we got punked" as one NIST representative described the Dual EC DRBG fiasco). I'd personally like to see documentation of the internal design goals and cryptanalysis from the authors of Simon and Speck before considering it for wider adoption, especially given that reasonably efficient strong ciphers are already available. Or do you think that knowing the designers' goals and internal analysis should not a relevant criterion for consideration? Regards, --dkg
signature.asc
Description: PGP signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev