Cryptology ePrint Archive: Report 2019/1492
Too Much Crypto
Jean-Philippe Aumasson
Abstract: We show that many symmetric cryptography primitives would not be less safe with significantly fewer rounds. To support this claim, we review the cryptanalysis progress in the last 20 years, examine the reasons behind the current number of rounds, and analyze the risk of doing fewer rounds. Advocating a rational and scientific approach to round numbers selection, we propose revised number of rounds for AES, BLAKE2, ChaCha, and SHA-3, which offer more consistent security margins across primitives and make them much faster, without increasing the security risk.
Category / Keywords: secret-key cryptography / cryptanalysis, AES, BLAKE2, ChaCha, SHA-3
Date: received 29 Dec 2019, last revised 3 Jan 2020
Contact author: jeanphilippe aumasson at gmail com
Available format(s): PDF | BibTeX Citation
Note: Presented at Real-World Crypto 2020
Version: 20200103:101600 (All versions of this report)
Short URL: ia.cr/2019/1492
[ Cryptology ePrint archive ]