[Cryptech Tech] AES SIV mode for key wrapping?

Paul Lambert paul at marvell.com
Tue Mar 17 19:57:02 UTC 2015

Previous message (by thread): [Cryptech Tech] AES SIV mode for key wrapping?
Next message (by thread): [Cryptech Tech] AES SIV mode for key wrapping?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Russ,

>>> SIV is seeing almost no uptake.  AES KEY-WRAP is preferred.
>> 
>> Uptake and technical value are not the same.
>> 
>> First, AES-SIV is being introduced into other non-IETF forums.
>> 
>> Second, AES-SIV is much more efficient that AES KEY-WRAP.
>> 
>> AES-SIV is also nonce insensitive.  A very nice property for an AEAD
>> cipher.
>
>I am aware of all of these properties, but I still recommend AES KEY-WRAP
>for two reasons.  First, I see little uptake.  I am aware of the places
>that Dan Harkins is pushing for its adoption, but they have not happened
>as yet.  Second, if someone wanted to use Cryptech to make a FIPS 140
>module, they would need a FIPS validated mode for key wrapping.

Yes Š but if we were just doing FIPS, this project would only implement
Suite B / FIPS algorithms.

³Better² algorithms should be included independent of the FIPS
requirements.


AES-SIV also has other interesting use cases, like messaging or group
communications where the nonce insensitivity is necessary.

Paul

Previous message (by thread): [Cryptech Tech] AES SIV mode for key wrapping?
Next message (by thread): [Cryptech Tech] AES SIV mode for key wrapping?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list