Open leonbotros opened 2 years ago
Thanks for the suggestion. I agree that new AEAD algorithms are needed. OCB is also a CFRG recommendation (and specified in RFC7253), so I agree it could make sense as an option.
Is there any interest in bringing these algorithms to the browser?
I'll try to find out whether there's implementor interest for this :)
Here's a draft spec for AES-OCB in Web Crypto: https://twiss.github.io/webcrypto-modern-algos/#aes-ocb.
The CAESAR competition for standardizing new AEAD algorithms wrapped up a while ago and some new very fast constructions were recommended (see, https://competitions.cr.yp.to/caesar-submissions.html). For benchmarks, see eBACS. Most of these recommendations (especially the recommendations for use case 2) take advantage of AES-NI instructions already widely available in hardware. There's also no more patents on AES-OCB iirc.
Is there any interest in bringing these algorithms to the browser?