DonaldTsang
commented
6 years ago I would like to note that Salsa20, XSalsa20 and ChaCha20 are all different ciphers.
Open DonaldTsang opened 6 years ago
DonaldTsang
commented
6 years ago I would like to note that Salsa20, XSalsa20 and ChaCha20 are all different ciphers.
sjaeckel
commented
6 years ago I would like to note that Salsa20, XSalsa20 and ChaCha20 are all different ciphers.
XSalsa20 is missing but the two others are already in the latest develop branch.
Btw. do you intend to submit PR's for all these ciphers? Or is this really just a wishlist ;)
sjaeckel
commented
6 years ago SIV can be ticked as soon as #319 is finished
DonaldTsang
commented
6 years ago @sjaeckel I have some basic C skills, really want to PR when I understand pointers and OO.
I might need some guidance on copy-pasting ciphers correctly to conform with coding standards.
karel-m
commented
6 years ago @DonaldTsang I think we should aim at features available in modern crypto libraries like libsodium which is IMO what "cool kids" tend to use nowadays. If you have some spare time, could you please analyse what we are missing in comparison to libsodium?
From your list I agree with XSalsa20 + SIV but the rest are rarely used and IMO mostly not worth the effort (but I might be wrong; if you show me some real use-cases I may change my mind).
LightBit
commented
6 years ago @karel-m Should Salsa20 be extended to XSalsa20 (when longer IV is used) or should it be separate implementation?
sjaeckel
commented
6 years ago @LightBit if Salsa20 can easily be turned into XSalsa20 at runtime, so both could use the same basis, I'm pro extension. Otherwise we'd have to have a look what's best.
karel-m
commented
6 years ago ping @buggywhip ^^
LightBit
commented
6 years ago @sjaeckel Due to salsa20_ivctr64(), extension would add 64 bytes overhead in state for Salsa20 to save key and IV. It would re-setup, if IV is different and longer than 8 bytes, else only counter would change.
karel-m
commented
6 years ago Due to salsa20_ivctr64(), extension would ...
As salsa20 was not released yet (it is only in develop branch) we can still change its API if needed - e.g. incorporating salsa20_ivctr64 into salsa20_setup or/and introducing salsa20_xsetup.
sjaeckel
commented
6 years ago As salsa20 was not released yet (it is only in develop branch) we can still change its API if needed
yep
e.g. incorporating salsa20_ivctr64 into salsa20_setup or/and introducing salsa20_xsetup.
whoever wants to add xsalsa20 should just do it (preferably based on our salsa20) we'll then bring it in form together if required :)
buggywhip
commented
6 years ago whoever wants to add xsalsa20 should just do it (preferably based on our salsa20) we'll then bring it in form together if required :)
I'm willing to take this on but need to finish my current project. ...or at least get to a good stopping point. ...perhaps in a week or two?
DonaldTsang
commented
6 years ago @karel-m The reason I suggest adding legacy ciphers to the library is to allow future cryptographers to play around with it and test out new ideas.
The hashes from SPHLib is already being used in thousands of cryptocurrencies and tokens (see: X11, X13, X15)
karel-m
commented
6 years ago When talking about xsalsa20 it may be also a good idea to consider xchacha20 + xchacha20poly1305 (which are supported e.g. by libsodium)
The goal of this Issue is to "price match" libtomcrypt with other cryptographic libraries in regards to functionality and variety.
reference: https://www.cryptopp.com/
reference: https://botan.randombit.net/manual/
reference: http://www.bouncycastle.org/csharp/index.html
Elliptic curves that are safe reference: https://eprint.iacr.org/2013/647