Re: Digest for ciphermodes-forum@list.nist.gov - 1 update in 1 topic

56 views
Skip to first unread message

Tushar Patel

unread,
Apr 2, 2024, 10:03:27 PMApr 2
to ciphermo...@list.nist.gov
Hi Arne,

There is a specification that I will submit, however, for now there are several modes of operation internally and trying to summarize it to the bare minimum.
Will keep you posted soon.

Thx.,
Tushar

On Tue, Apr 2, 2024 at 6:25 PM <ciphermo...@list.nist.gov> wrote:
Arne Padmos <goo...@arnepadmos.com>: Apr 02 08:52AM -0700

> Please advise if this might fit the definitions for the accordion mode
 
Hard to tell without a detailed technical specification (which is a big red
flag in itself). However, going by the mention that a "32-byte tag is
necessary for decryption" and the statement that the mode is CTR-based, my
guess would be no.
 
Note that the panel at the Third NIST Workshop on Block Cipher Modes of
Operation 2023 already included a sketch of the interface of an accordion
mode by Rogaway:
 
https://csrc.nist.gov/csrc/media/Presentations/2023/panel-lessons-learned/images-media/sess-4-panel-bcm-workshop-2023.pdf#page=23
 
Also, the announcement is very clear in describing an accordion mode as 'a
tweakable, variable-input-length-strong pseudorandom permutation'.
 
> it does involve a PCT patent and guidance and clarification from NIST
relating to patents and protected works patents might be helpful
 
Luckily NIST has provided a detailed description of how they handle the
issue of intellectual property in NIST IR 7977, including this note:
 
"While developing its cryptographic standards and guidelines for
non-national security systems, NIST has noted a strong preference among its
users for solutions that are unencumbered by royalty-bearing patented
technologies."
 
Of course, patents are great if they hamper adoption of insecure modes of
operation (e.g. see https://eprint.iacr.org/2019/311), but less great if
they lead to compatibility problems (e.g. see PGP 2 vs 3+).
 
Op zaterdag 30 maart 2024 om 02:31:45 UTC+1 schreef Tushar Patel:
 
You received this digest because you're subscribed to updates for this group. You can change your settings on the group membership page.
To unsubscribe from this group and stop receiving emails from it send an email to ciphermodes-fo...@list.nist.gov.

Tushar Patel

unread,
Apr 2, 2024, 11:29:31 PMApr 2
to ciphermo...@list.nist.gov
HI Arne,

While there can be tweaks, would there be a specific cipher-mode describing such a cipher-mode? 
The original paper from Prof. Rogaway is a bit old and  from what I see is that it  may challenges in terms of real cipher design in a practical world. 

1. How does a cipher-mode work in existing networks and protocols?
2. I am not sure of the integrity model and other features for complying to the AEAD requirement of accordion..

It is early to discuss, however, I hope the model of atnaCM provides the proper framework to meet such challenges.

In terms of specification, the Design Summary has the list of specifications at the end with their significance towards the end of the document.. Also, you can read the "Mode Of Operations Abstract" on https://atnacipher.com.  This would really be very helpful as this is my first time submitting to this Forum and can use any guidance to get the right information to get it selected (if acceptable.)

This might give you more on the design goals of "atnaCM" cipher-mode and personally there will be applications that work better in each specific mode and hopefully can coexist off this effort similar to SP800-38A

Please let me know if there are questions.

Thx.,
Tushar
Reply all
Reply to author
Forward
0 new messages