-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Aloha!
Niels Möller wrote:
I haven't read the paper, but I guess it's just a change of coordinates, the same or the inverse of what's done in curve25519_mul_g? Which uses the Edwards curve representation for speed and to reuse precomputed tables. If so, should be quite easy.
Not sure why key reuse is desirable, though, since curve25519 keys are both small and cheap to generate.
I'm at least seeing several projects where the ability to have a single keypair is highly desirable.
...
Last time I looked at blake2, it seemed there were so into high performance, that they had defined multiple incompatible versions intended for different machines. Which put me off a bit. But if there's an agreed upon general-purpose version of blake2, that would make more sense.
Yes, the versions are different. blake2b is focused on high performance, 64-bit systems. Blake2s is for 8- to 32-bit systems. Having blake2s would imho be a good addition to sha2- and sha3.
I'm also not sure how to deal with research and Nettle. On one hand, it's nice if people use Nettle as a base for implementing new algorithms, and that makes it easier to integrate code once a new algorithm matures. But on the other hand, for a practical library, it's not really useful to include dozens of obscure algorithms and research projects.
With the exception of the new XEdDS, Argon2 and possibly OCB mode, I would say that the suggested additions I listed are not for obscure research algorithms, but algorithms that see concrete usage. And OCB is taking off. My focus in general is not research, but embedded industry usage and needs.
The XEDdsa is very new, but is used in OpenWhisperSystems, and as I've said before meets a concrete need. The XEdDSA brings is a concrete and well defined way to transform Curve-keys to allow usage for signing too.
CMAC is very much not a research modem but an establish NIST standard. CMAC is much better (harder to misuse) than CBC-MAC and is used in massively deployed protocols.
But hey, It¨s just suggestions. I intended to provide code, but only if there is an interest for it.
- -- Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning. ======================================================================== Joachim Strömbergson Secworks AB joachim@secworks.se ========================================================================