meta icon indicating copy to clipboard operation
meta copied to clipboard

Published 20 hours ago verified publisher icon miscreant

AES-GCM-SIV

Open tarcieri opened this issue 7 years ago • 0 comments

Continuing from #31, this is a tracking ticket for potentially including AES-GCM-SIV as a supported construction in this library.

AES-GCM-SIV has an advantages that it is both very fast, and is on track to become an IETF standard with a soon-to-be-published RFC. For these reasons it is likely to get multiple, highly optimized implementations across various platforms in many languages.

The disadvantages are that it is a much more complicated construction than the ones presently implemented by Miscreant, that the security bounds are lower, and that for the construction to be performant it relies on hardware instructions which can be used to accelerate the POLYVAL function, which is not widely available on low-power platforms like IoT devices or low-end smartphones.

tarcieri avatar Aug 25 '17 04:08 tarcieri