Paper 2019/1492

Too Much Crypto

Jean-Philippe Aumasson

Abstract

We show that many symmetric cryptography primitives would not be less safe with significantly fewer rounds. To support this claim, we review the cryptanalysis progress in the last 20 years, examine the reasons behind the current number of rounds, and analyze the risk of doing fewer rounds. Advocating a rational and scientific approach to round numbers selection, we propose revised number of rounds for AES, BLAKE2, ChaCha, and SHA-3, which offer more consistent security margins across primitives and make them much faster, without increasing the security risk.

Note: Presented at Real-World Crypto 2020 May 24, 2021: New version fixed a calculus error (see https://twitter.com/laughinghan/status/1394844992531689476) and adds a few lines to the conclusion.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. Minor revision.
Keywords
cryptanalysisAESBLAKE2ChaChaSHA-3
Contact author(s)
jeanphilippe aumasson @ gmail com
History
2021-05-24: last of 4 revisions
2019-12-30: received
See all versions
Short URL
https://ia.cr/2019/1492
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/1492,
      author = {Jean-Philippe Aumasson},
      title = {Too Much Crypto},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1492},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/1492}},
      url = {https://eprint.iacr.org/2019/1492}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.