[Cryptech Tech] AES SIV mode for key wrapping?

Randy Bush randy at psg.com
Wed Mar 18 06:35:43 UTC 2015


breakfast table conversation

first, the key wrapping does not need to be compatible with anyone else
as one does not port keys between hsm vendors.  so the state of
deployment of X is not of critical import.

siv's security proof seems a feature worth considering.  we have aes in
the fpga, how ugly would be wrapping?

pkcs#15 has running code in C, but we would need to implement in
verilog, as we would like critical keys to stay in the fpga.  but until
we get keygen in the fpga, cryptlib's pkcs#15 would give us a nice temp
path.

we're conscious of roadmap timelines, as you can see from the Novena
roadmap on the dashboard, https://trac.cryptech.is/wiki/Dashboard, it is
the longest pole in the critical path tent.  

but we would still prefer to do the technically best thing.

randy


More information about the Tech mailing list