Ciphers that are suitable for hardware-constrained applications (e.g., IoT). Low-cost implementation (in custom hardware or microcontrollers) prioritized over performance. Finalists: ACORN, Ascon
Ciphers that are designed to perform fast on modern general purpose computers. Improved replacements for AES-GCM and ChaCha20/Poly1305. Finalists: AEGIS, MORUS, OCB
Prioritizes security over performance. Notably, both of the finalists for this use case are nonce misuse-resistant. Finalists: COLM, Deoxys-II
I don't know what any of these standards are. And are these standards free-as-in-freedom?
Kayden Rivera
CAESAR (Competition for Authenticated Encryption: Security, Applicability, and Robustness) will identify a portfolio of authenticated ciphers that (1) offer advantages over AES-GCM and (2) are suitable for widespread adoption. Cryptographic algorithm designers are invited to submit proposals of authenticated ciphers to CAESAR. All proposals will be made public for evaluation. CAESAR is run by the international cryptologic research community. The University of Illinois at Chicago applied to NIST for funding for a "Cryptographic competitions" grant, and is using some of this funding to support CAESAR benchmarking and the Directions in Authenticated Ciphers workshop series.
Luke Scott
Thanks for sharing, OP
Levi Kelly
This makes me sad. What the fuck is COLM and Deoxys-II???? How can they be better than Keccak???? Oh I see now.
Joseph Powell
they will sell his families organs to the jews if he doesn't win
Charles Flores
...
Andrew Baker
Can we please ban multiple question marks in a row niggers?
Justin Cooper
XDDDDDDDDDDDDD ebin, dude
Camden Moore
Isn't AES and ChaCha20 theoretically unbreakable? Well, I mean there indeed was an attack that on AES that was more efficient than simply bruteforcing it but I mean was it so bad that it warrants the replacement of the encryption algorithm? What about my GPG encrypted backups online, are they bust?
Aiden Foster
Yea afaik the main symmetric key crypto systems are both in practice and theoretically sound vs the things like RSA and ECC which have big theoretical holes.
Isaiah Torres
AES is difficult to implement securely. Not every CPU has AES-NI. ChaCha20 is only a stream cipher. If you want authenticated encryption you have to couple it with a MAC algorithm. The reason for this competition isn't that AES/ChaCha20 are insecure (they are very secure if used correctly). The reason for this compettion is to find algorithms that perform authenticated encryption in one pass while being easier to implement than AES-GCM.
Austin Williams
What does authenticated mean here? So they are just looking for algorithms that allow prevention of information leaks through side channel attacks like spectre?
Fucking AES trash won for defense in depth. What a fucking joke. I suggest that you read the attached PDF and this: keccak.team/sponge_duplex.html
Brayden Martin
Bernstein is the number one cryptographer of all time. His word is practically gospel to cryptographers, and for good reason, he's a mega-brain. Fuck off with your Holla Forums shit
Ian Young
Great appeal to authority, m8. Please quote what part of my message is Holla Forums??? Bernstein is still assmad because Cubehash was rejected so now he has it in for Keccak. That is also why he made Gimli. Pathetic dwarf.
John Mitchell
Also LMAO at this. He is good but hardly the best.
Matthew Johnson
I'm not appealing to authority, but stating that he *is* the authority. I'm appealing to the fact he's an authority *for a reason*.
The way you contributed nothing useful but pointed out his name (which coincidentally ends in -stein) gave that impression.
Christopher Evans
I am not agreeing or disagreeing with you but you cannot attempt to refute one man's statement of who the best is without providing your own alternative. Someone must be the best, for the other one to not be the best.
Who is the best?
Hunter Bell
Triggered Bernstein fanboy spotted. (You)
Julian Peterson
I can and I did. But here is my alternative: github.com/pvial00 I have no argument as to why he is the best but neither does have one.
Aiden Miller
You're asking for knowledge on the best cryptographers? Don't you mean the best alive?
I seem to recall a time when the best cryptographers were murdered by the alphabets.
