CAESAR use cases
716 views
Skip to first unread message
D. J. Bernstein
Jul 16, 2016, 4:36:17 PM7/16/16
to crypto-co...@googlegroups.com
The committee has been discussing the importance of various features of
authenticated ciphers, and has drafted the following list of three
important types of use cases. Please feel free to send comments to the
mailing list.
Use Case 1: Lightweight applications (resource constrained environments)
* critical: fits into small hardware area and/or small code for 8-bit CPUs
* desirable: natural ability to protect against side-channel attacks
* desirable: hardware performance, especially energy/bit
* desirable: speed on 8-bit CPUs
* message sizes: usually short (can be under 16 bytes), sometimes longer
Use Case 2: High-performance applications
* critical: efficiency on 64-bit CPUs (servers) and/or dedicated hardware
* desirable: efficiency on 32-bit CPUs (small smartphones)
* desirable: constant time when the message length is constant
* message sizes: usually long (more than 1024 bytes), sometimes shorter
Use Case 3: Defense in depth
* critical: authenticity despite nonce misuse
* desirable: limited privacy damage from nonce misuse
* desirable: authenticity despite release of unverified plaintexts
* desirable: limited privacy damage from release of unverified plaintexts
* desirable: robustness in more scenarios; e.g., huge amounts of data
---Dan
authenticated ciphers, and has drafted the following list of three
important types of use cases. Please feel free to send comments to the
mailing list.
Use Case 1: Lightweight applications (resource constrained environments)
* critical: fits into small hardware area and/or small code for 8-bit CPUs
* desirable: natural ability to protect against side-channel attacks
* desirable: hardware performance, especially energy/bit
* desirable: speed on 8-bit CPUs
* message sizes: usually short (can be under 16 bytes), sometimes longer
Use Case 2: High-performance applications
* critical: efficiency on 64-bit CPUs (servers) and/or dedicated hardware
* desirable: efficiency on 32-bit CPUs (small smartphones)
* desirable: constant time when the message length is constant
* message sizes: usually long (more than 1024 bytes), sometimes shorter
Use Case 3: Defense in depth
* critical: authenticity despite nonce misuse
* desirable: limited privacy damage from nonce misuse
* desirable: authenticity despite release of unverified plaintexts
* desirable: limited privacy damage from release of unverified plaintexts
* desirable: robustness in more scenarios; e.g., huge amounts of data
---Dan
Reply all
Reply to author
Forward
0 new messages