Reconsidering Speck

Posted Aug 9, 2018 19:35 UTC (Thu) by smurf (subscriber, #17840)
In reply to: Reconsidering Speck by zyzzyva
Parent article: Reconsidering Speck

This boils down to the fact that when I read an email message from a cryptographer with reasonable academic credentials who describes this rationale as glorified handwaving (my paraphrase) and points out numerous other errors or even lies etc. in this paper (see the email I linked to), I tend to trust that cryptographer and not the NSA (with numerous examples documenting the latter agency's history of, well, everything from glorified handwaving to lies), and you don't. (Assuming you have read that email.)

Fair enough, but no longer a technical discussion I'd be interested in.

Reconsidering Speck

Posted Aug 9, 2018 22:50 UTC (Thu) by zyzzyva (guest, #107472) [Link]

Well, not *trusting* the explanation is different from there not *being* an explanation.

Yes, I'm well aware of that email. The question of "trust" is relevant for things like the writer's personal experience where he is the primary source. But it isn't (or shouldn't be, in an ideal world) relevant for objective statements, like statements about what the designers claim, or about the current state of cryptanalysis of the ciphers; these can be verified using primary sources. I've read the primary sources, including third-party cryptanalysis and ironically even the writer's own paper he cites, and a somewhat different story is told; e.g., the claim of only a ~15% security margin isn't actually anywhere to be found, nor are rotational attacks on Speck (currently) any better than differential attacks. If you're interested and willing to learn new things, I encourage you to do the same, i.e. please don't just "trust" me either.

Remember, even cryptographers can have an axe to grind :-)