nymble nymble at gmail.com
Tue Mar 18 17:51:30 PDT 2014

A joint contribution by the NSA and Huawei just removed the AES-SIV mode of operation from IEEE 802.11:

Very strange bedfellows. 

AES-SIV was being proposed in the draft for a key wrap application.  AES-CCM is now the only alternative … 

SIV is increasingly my favorite AEAD mode.  It is more efficient over-the wire than CCM or GCM and is 'nonce safe’.  

Is anyone using or considering ChaCha-SIV?   Nonce-safe is a very nice property - particularly for multicast applications.

More information about the cypherpunks mailing list