On 128-bit security

Joan DAEMEN joan.daemen at st.com
Fri Oct 4 02:08:07 PDT 2013 

Hello all,

Zooko wrote:

> I personally do not believe that there is any secret
> agenda behind this proposal, even though I believe that
> there was a secret agenda behind Dual EC DRBG.
>
> One reason that I believe that the motivation behind
> this proposal is the stated motivation of improving
> performance, is that Joan Daemen told me in person in
> January of 2013 that the Keccak team had considered
> defining a reduced Keccak to compete with BLAKE2, but
> had decided against it because they didn't want to
> disrupt the SHA-3 standardization process.
>
> Apparently they changed their minds, and apparently
> their fears of disruption turned out to be prescient!

Yes, Zooko and I met at the end-of-Ecrypt II event on Tenerife early
2013 (24° C in January!).
I don't remember our conversation in detail, but I I'm sure Zooko is
citing me correctly because that is what we were thinking about at the
time.

Actually, what we had in mind was to propose something like "Keccak2"
to compete with BLAKE2 by drastically cutting the number of rounds,
e.g., down to 12 rounds for Keccak-f[1600], but otherwise keeping the
algorithm as it is. That might have sent the wrong message indeed, but
we just didn't do it.

In contrast, the capacity is an integral parameter of the Keccak
family that we even proposed as user-tunable in our SHA-3 submission.
Matching the capacity to the security strength levels of [NIST SP
800-57] is simply exploiting that flexibility.

Kind regards,

Joan, also on behalf of my Keccak companions

-------

Regards,

Zooko Wilcox-O'Hearn

Founder, CEO, and Customer Support Rep
https://LeastAuthority.com
Freedom matters.
_______________________________________________
The cryptography mailing list
cryptography at metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

More information about the Testlist mailing list