nymble at gmail.com
Tue Mar 18 17:51:30 PDT 2014
A joint contribution by the NSA and Huawei just removed the AES-SIV mode of operation from IEEE 802.11:
Very strange bedfellows.
AES-SIV was being proposed in the draft for a key wrap application. AES-CCM is now the only alternative …
SIV is increasingly my favorite AEAD mode. It is more efficient over-the wire than CCM or GCM and is 'nonce safe’.
Is anyone using or considering ChaCha-SIV? Nonce-safe is a very nice property - particularly for multicast applications.
More information about the cypherpunks