net2o: Hex Artifact Content

Artifact e8c0f8338d276df5293c825915ce95ded0d7f4c9:

File wiki/threefish.md — part of check-in [74c8c0e13b] at 2016-09-13 22:13:40 on branch trunk — Typos fixed (user: bernd size: 1447)
0000: 23 20 54 68 72 65 65 66 69 73 68 20 41 45 41 44  # Threefish AEAD
0010: 20 6d 6f 64 65 20 23 0a 0a 49 20 75 73 65 20 4b   mode #..I use K
0020: 65 63 63 61 6b 20 69 6e 20 44 75 70 6c 65 78 20  eccak in Duplex 
0030: 6d 6f 64 65 2c 20 77 68 69 63 68 20 67 69 76 65  mode, which give
0040: 73 20 62 6f 74 68 20 65 6e 63 72 79 70 74 69 6f  s both encryptio
0050: 6e 20 61 6e 64 0a 61 75 74 68 65 6e 74 69 63 61  n and.authentica
0060: 74 69 6f 6e 20 69 6e 20 6f 6e 65 20 67 6f 20 28  tion in one go (
0070: 69 74 27 73 20 61 6e 20 41 45 41 44 20 63 69 70  it's an AEAD cip
0080: 68 65 72 20 2d 20 61 75 74 68 65 6e 74 69 63 61  her - authentica
0090: 74 65 64 0a 65 6e 63 72 79 70 74 69 6f 6e 20 77  ted.encryption w
00a0: 69 74 68 20 61 73 73 6f 63 69 61 74 65 64 20 64  ith associated d
00b0: 61 74 61 29 2e 20 20 46 6f 72 20 62 6c 6f 63 6b  ata).  For block
00c0: 20 63 69 70 68 65 72 73 2c 20 41 45 41 44 20 75   ciphers, AEAD u
00d0: 73 75 61 6c 6c 79 0a 72 65 71 75 69 72 65 73 20  sually.requires 
00e0: 61 20 73 65 63 6f 6e 64 20 66 75 6e 63 74 69 6f  a second functio
00f0: 6e 2c 20 65 2e 67 2e 20 61 20 68 61 73 68 20 6f  n, e.g. a hash o
0100: 72 20 61 74 20 6c 65 61 73 74 20 61 20 67 6f 6f  r at least a goo
0110: 64 20 65 6e 6f 75 67 68 0a 63 68 65 63 6b 73 75  d enough.checksu
0120: 6d 20 70 72 6f 74 65 63 74 65 64 20 62 79 20 74  m protected by t
0130: 68 65 20 63 79 70 68 65 72 20 69 74 73 65 6c 66  he cypher itself
0140: 2e 0a 0a 48 6f 77 65 76 65 72 2c 20 66 6f 72 20  ...However, for 
0150: 54 68 72 65 65 66 69 73 68 2c 20 74 68 65 72 65  Threefish, there
0160: 27 73 20 61 20 72 65 61 73 6f 6e 61 62 6c 79 20  's a reasonably 
0170: 67 6f 6f 64 20 68 61 73 68 20 6d 6f 64 65 2c 20  good hash mode, 
0180: 77 69 74 68 0a 22 72 65 61 73 6f 6e 61 62 6c 79  with."reasonably
0190: 20 67 6f 6f 64 22 20 61 73 20 69 6e 20 22 77 61   good" as in "wa
01a0: 73 20 66 69 6e 61 6c 69 73 74 20 69 6e 20 74 68  s finalist in th
01b0: 65 20 53 48 41 2d 33 20 63 6f 6d 70 65 74 69 74  e SHA-3 competit
01c0: 69 6f 6e 22 20 28 61 73 0a 63 72 79 70 74 6f 20  ion" (as.crypto 
01d0: 70 72 69 6d 69 74 69 76 65 20 66 6f 72 20 74 68  primitive for th
01e0: 65 20 53 6b 65 69 6e 33 20 68 61 73 68 20 66 75  e Skein3 hash fu
01f0: 6e 63 74 69 6f 6e 29 2e 20 20 4e 6f 6e 65 20 6f  nction).  None o
0200: 66 20 74 68 65 20 66 69 6e 61 6c 69 73 74 73 0a  f the finalists.
0210: 66 61 69 6c 65 64 20 66 6f 72 20 73 65 63 75 72  failed for secur
0220: 69 74 79 20 77 65 61 6b 6e 65 73 73 65 73 3b 20  ity weaknesses; 
0230: 54 68 72 65 65 66 69 73 68 20 69 73 20 6a 75 73  Threefish is jus
0240: 74 20 73 6c 6f 77 65 72 20 77 68 65 6e 0a 69 6d  t slower when.im
0250: 70 6c 65 6d 65 6e 74 65 64 20 69 6e 20 68 61 72  plemented in har
0260: 64 77 61 72 65 2e 0a 0a 4e 6f 77 2c 20 75 6e 6c  dware...Now, unl
0270: 69 6b 65 20 4b 65 63 63 61 6b 2c 20 74 68 65 20  ike Keccak, the 
0280: 53 6b 65 69 6e 20 6d 6f 64 65 20 66 6f 72 20 54  Skein mode for T
0290: 68 72 65 65 66 69 73 68 20 63 61 6e 20 6e 6f 74  hreefish can not
02a0: 20 62 65 20 75 73 65 64 20 74 6f 0a 65 6e 63 72   be used to.encr
02b0: 79 70 74 20 61 6e 64 20 68 61 73 68 20 74 68 65  ypt and hash the
02c0: 20 70 6c 61 69 6e 74 65 78 74 20 69 6e 20 6f 6e   plaintext in on
02d0: 65 20 67 6f 2e 20 20 45 76 65 6e 20 74 68 6f 75  e go.  Even thou
02e0: 67 68 20 74 68 65 20 61 6c 67 6f 72 69 74 68 6d  gh the algorithm
02f0: 0a 61 63 74 75 61 6c 6c 79 20 64 6f 65 73 20 62  .actually does b
0300: 6c 6f 63 6b 77 69 73 65 20 65 6e 63 72 79 70 74  lockwise encrypt
0310: 20 74 68 65 20 6d 65 73 73 61 67 65 20 75 73 69   the message usi
0320: 6e 67 20 54 68 72 65 65 66 69 73 68 2c 20 61 6e  ng Threefish, an
0330: 64 0a 65 78 63 68 61 6e 67 65 73 20 74 68 65 20  d.exchanges the 
0340: 6b 65 79 20 66 6f 72 20 65 61 63 68 20 62 6c 6f  key for each blo
0350: 63 6b 2e 20 20 57 68 79 3f 20 20 54 68 65 20 6e  ck.  Why?  The n
0360: 65 78 74 20 62 6c 6f 63 6b 20 69 73 20 65 6e 63  ext block is enc
0370: 72 79 70 74 65 64 0a 75 73 69 6e 67 20 74 68 65  rypted.using the
0380: 20 78 6f 72 20 6f 66 20 70 6c 61 69 6e 74 65 78   xor of plaintex
0390: 74 20 61 6e 64 20 63 69 70 68 65 72 74 65 78 74  t and ciphertext
03a0: 20 6f 66 20 74 68 65 20 70 72 65 76 69 6f 75 73   of the previous
03b0: 20 62 6c 6f 63 6b 20 61 73 0a 6b 65 79 2e 20 20   block as.key.  
03c0: 57 69 74 68 20 61 20 6b 6e 6f 77 6e 20 70 6c 61  With a known pla
03d0: 69 6e 74 65 78 74 20 61 74 74 61 63 6b 2c 20 79  intext attack, y
03e0: 6f 75 20 63 61 6e 20 64 65 64 75 63 65 20 74 68  ou can deduce th
03f0: 65 20 6b 65 79 20 66 6f 72 0a 65 76 65 72 79 74  e key for.everyt
0400: 68 69 6e 67 20 66 6f 6c 6c 6f 77 69 6e 67 20 74  hing following t
0410: 68 65 20 62 6c 6f 63 6b 20 77 68 65 72 65 20 79  he block where y
0420: 6f 75 20 6b 6e 6f 77 20 74 68 65 20 70 6c 61 69  ou know the plai
0430: 6e 74 65 78 74 20 28 61 6e 64 0a 74 68 65 72 65  ntext (and.there
0440: 2c 20 79 6f 75 20 64 6f 6e 27 74 20 6e 65 65 64  , you don't need
0450: 20 69 74 29 2e 0a 0a 41 6e 64 20 74 68 61 74 27   it)...And that'
0460: 73 20 65 76 65 6e 20 74 68 6f 75 67 68 20 79 6f  s even though yo
0470: 75 20 63 61 6e 20 73 74 61 72 74 20 53 6b 65 69  u can start Skei
0480: 6e 33 20 77 69 74 68 20 61 6e 20 61 72 62 69 74  n3 with an arbit
0490: 72 61 72 79 20 6b 65 79 2c 0a 70 72 6f 64 75 63  rary key,.produc
04a0: 69 6e 67 20 61 20 6b 65 79 65 64 20 68 61 73 68  ing a keyed hash
04b0: 20 28 67 6f 6f 64 20 65 6e 6f 75 67 68 20 66 6f   (good enough fo
04c0: 72 20 48 4d 41 43 29 2e 0a 0a 53 6f 20 49 20 61  r HMAC)...So I a
04d0: 64 64 65 64 20 61 20 74 68 69 72 64 20 69 6e 70  dded a third inp
04e0: 75 74 20 69 6e 74 6f 20 74 68 61 74 20 78 6f 72  ut into that xor
04f0: 20 66 6f 72 20 74 68 65 20 6e 65 78 74 20 6b 65   for the next ke
0500: 79 3a 20 78 6f 72 20 77 69 74 68 20 74 68 65 0a  y: xor with the.
0510: 70 72 65 76 69 6f 75 73 20 6b 65 79 2e 20 20 4e  previous key.  N
0520: 6f 77 20 74 68 61 74 20 73 69 6d 70 6c 65 20 6b  ow that simple k
0530: 6e 6f 77 6e 20 70 6c 61 69 6e 74 65 78 74 20 61  nown plaintext a
0540: 74 74 61 63 6b 20 73 74 6f 70 73 20 77 6f 72 6b  ttack stops work
0550: 69 6e 67 2e 0a 41 73 20 74 68 69 73 20 6d 6f 64  ing..As this mod
0560: 65 20 66 6f 72 20 54 68 72 65 65 66 69 73 68 20  e for Threefish 
0570: 68 61 73 20 6e 6f 74 20 73 65 65 6e 20 67 6f 6f  has not seen goo
0580: 64 20 72 65 76 69 65 77 2c 20 49 20 77 6f 6e 27  d review, I won'
0590: 74 20 73 75 67 67 65 73 74 0a 75 73 69 6e 67 20  t suggest.using 
05a0: 69 74 20 6e 6f 77 2e                             it now.