speed speed speed 1000 tcr hashing competition d j
play

Speed, speed, speed $1000 TCR hashing competition D. J. Bernstein - PowerPoint PPT Presentation

Apr 01, 2024 •23 likes •573 views

1 2 Speed, speed, speed $1000 TCR hashing competition D. J. Bernstein Crowley: I have a problem where I need to make some University of Illinois at Chicago; cryptography faster, and Im Ruhr University Bochum setting up a $1000

  1. 1 2 Speed, speed, speed $1000 TCR hashing competition D. J. Bernstein Crowley: “I have a problem where I need to make some University of Illinois at Chicago; cryptography faster, and I’m Ruhr University Bochum setting up a $1000 competition funded from my own pocket for Reporting some recent work towards the solution.” symmetric-speed discussions, Not fast enough: Signing H ( M ), especially from RWC 2020. where M is a long message. Not included in this talk: “[On a] 900MHz Cortex-A7 • NISTLWC. [SHA-256] takes 28.86 cpb : : : • Short inputs. BLAKE2b is nearly twice as • FHE/MPC ciphers. fast : : : However, this is still a lot slower than I’m happy with.”

  2. 1 2 eed, speed, speed $1000 TCR hashing competition Instead cho and sign Bernstein Crowley: “I have a problem where I need to make some Note that University of Illinois at Chicago; cryptography faster, and I’m not full collision University Bochum setting up a $1000 competition Does this funded from my own pocket for TCR bre rting some recent work towards the solution.” symmetric-speed discussions, Not fast enough: Signing H ( M ), ecially from RWC 2020. where M is a long message. included in this talk: “[On a] 900MHz Cortex-A7 NISTLWC. [SHA-256] takes 28.86 cpb : : : rt inputs. BLAKE2b is nearly twice as FHE/MPC ciphers. fast : : : However, this is still a lot slower than I’m happy with.”

  3. 1 2 eed $1000 TCR hashing competition Instead choose random and sign ( R; H ( R; Crowley: “I have a problem where I need to make some Note that H needs Illinois at Chicago; cryptography faster, and I’m not full collision resistance. Bochum setting up a $1000 competition Does this allow faster funded from my own pocket for TCR breaks how many recent work towards the solution.” discussions, Not fast enough: Signing H ( M ), WC 2020. where M is a long message. this talk: “[On a] 900MHz Cortex-A7 [SHA-256] takes 28.86 cpb : : : BLAKE2b is nearly twice as ciphers. fast : : : However, this is still a lot slower than I’m happy with.”

  4. 1 2 $1000 TCR hashing competition Instead choose random R and sign ( R; H ( R; M )). Crowley: “I have a problem where I need to make some Note that H needs only “TCR”, Chicago; cryptography faster, and I’m not full collision resistance. setting up a $1000 competition Does this allow faster H design? funded from my own pocket for TCR breaks how many rounds? work towards the solution.” discussions, Not fast enough: Signing H ( M ), 2020. where M is a long message. “[On a] 900MHz Cortex-A7 [SHA-256] takes 28.86 cpb : : : BLAKE2b is nearly twice as fast : : : However, this is still a lot slower than I’m happy with.”

  5. 2 3 $1000 TCR hashing competition Instead choose random R and sign ( R; H ( R; M )). Crowley: “I have a problem where I need to make some Note that H needs only “TCR”, cryptography faster, and I’m not full collision resistance. setting up a $1000 competition Does this allow faster H design? funded from my own pocket for TCR breaks how many rounds? work towards the solution.” Not fast enough: Signing H ( M ), where M is a long message. “[On a] 900MHz Cortex-A7 [SHA-256] takes 28.86 cpb : : : BLAKE2b is nearly twice as fast : : : However, this is still a lot slower than I’m happy with.”

  6. 2 3 $1000 TCR hashing competition Instead choose random R and sign ( R; H ( R; M )). Crowley: “I have a problem where I need to make some Note that H needs only “TCR”, cryptography faster, and I’m not full collision resistance. setting up a $1000 competition Does this allow faster H design? funded from my own pocket for TCR breaks how many rounds? work towards the solution.” “As far as I know, no-one Not fast enough: Signing H ( M ), has ever proposed a TCR as a where M is a long message. primitive, designed to be faster than existing hash functions, “[On a] 900MHz Cortex-A7 and that’s what I need.” [SHA-256] takes 28.86 cpb : : : BLAKE2b is nearly twice as fast : : : However, this is still a lot slower than I’m happy with.”

  7. 2 3 $1000 TCR hashing competition Instead choose random R and sign ( R; H ( R; M )). Crowley: “I have a problem where I need to make some Note that H needs only “TCR”, cryptography faster, and I’m not full collision resistance. setting up a $1000 competition Does this allow faster H design? funded from my own pocket for TCR breaks how many rounds? work towards the solution.” “As far as I know, no-one Not fast enough: Signing H ( M ), has ever proposed a TCR as a where M is a long message. primitive, designed to be faster than existing hash functions, “[On a] 900MHz Cortex-A7 and that’s what I need.” [SHA-256] takes 28.86 cpb : : : BLAKE2b is nearly twice as More desiderata: tree hash, fast : : : However, this is still a new tweak at each vertex, lot slower than I’m happy with.” multi-message security.

  8. 2 3 TCR hashing competition Instead choose random R Aumasson, and sign ( R; H ( R; M )). wley: “I have a problem 70%, 23%, I need to make some Note that H needs only “TCR”, 50%, 8%, cryptography faster, and I’m not full collision resistance. AES-128/B2b/ChaCha20/SHA-3 up a $1000 competition Does this allow faster H design? are “brok from my own pocket for TCR breaks how many rounds? “Inconsistent towards the solution.” “As far as I know, no-one fast enough: Signing H ( M ), has ever proposed a TCR as a M is a long message. primitive, designed to be faster than existing hash functions, a] 900MHz Cortex-A7 and that’s what I need.” [SHA-256] takes 28.86 cpb : : : BLAKE2b is nearly twice as More desiderata: tree hash, : However, this is still a new tweak at each vertex, wer than I’m happy with.” multi-message security.

  9. 2 3 hashing competition Instead choose random R Aumasson, “Too much and sign ( R; H ( R; M )). have a problem 70%, 23%, 35%, 21% make some Note that H needs only “TCR”, 50%, 8%, 25%, 20% faster, and I’m not full collision resistance. AES-128/B2b/ChaCha20/SHA-3 $1000 competition Does this allow faster H design? are “broken” or “p own pocket for TCR breaks how many rounds? “Inconsistent securit the solution.” “As far as I know, no-one enough: Signing H ( M ), has ever proposed a TCR as a long message. primitive, designed to be faster than existing hash functions, Cortex-A7 and that’s what I need.” 28.86 cpb : : : rly twice as More desiderata: tree hash, ever, this is still a new tweak at each vertex, I’m happy with.” multi-message security.

  10. 2 3 etition Instead choose random R Aumasson, “Too much crypto” and sign ( R; H ( R; M )). roblem 70%, 23%, 35%, 21% rounds some Note that H needs only “TCR”, 50%, 8%, 25%, 20% rounds I’m not full collision resistance. AES-128/B2b/ChaCha20/SHA-3 etition Does this allow faster H design? are “broken” or “practically et for TCR breaks how many rounds? “Inconsistent security margins”. solution.” “As far as I know, no-one H ( M ), has ever proposed a TCR as a message. primitive, designed to be faster than existing hash functions, rtex-A7 and that’s what I need.” : : : as More desiderata: tree hash, still a new tweak at each vertex, with.” multi-message security.

  11. 3 4 Instead choose random R Aumasson, “Too much crypto” and sign ( R; H ( R; M )). 70%, 23%, 35%, 21% rounds or Note that H needs only “TCR”, 50%, 8%, 25%, 20% rounds of not full collision resistance. AES-128/B2b/ChaCha20/SHA-3 Does this allow faster H design? are “broken” or “practically broken”. TCR breaks how many rounds? “Inconsistent security margins”. “As far as I know, no-one has ever proposed a TCR as a primitive, designed to be faster than existing hash functions, and that’s what I need.” More desiderata: tree hash, new tweak at each vertex, multi-message security.

  12. 3 4 Instead choose random R Aumasson, “Too much crypto” and sign ( R; H ( R; M )). 70%, 23%, 35%, 21% rounds or Note that H needs only “TCR”, 50%, 8%, 25%, 20% rounds of not full collision resistance. AES-128/B2b/ChaCha20/SHA-3 Does this allow faster H design? are “broken” or “practically broken”. TCR breaks how many rounds? “Inconsistent security margins”. “As far as I know, no-one “Attacks don’t really get better”. has ever proposed a TCR as a primitive, designed to be faster than existing hash functions, and that’s what I need.” More desiderata: tree hash, new tweak at each vertex, multi-message security.

  13. 3 4 Instead choose random R Aumasson, “Too much crypto” and sign ( R; H ( R; M )). 70%, 23%, 35%, 21% rounds or Note that H needs only “TCR”, 50%, 8%, 25%, 20% rounds of not full collision resistance. AES-128/B2b/ChaCha20/SHA-3 Does this allow faster H design? are “broken” or “practically broken”. TCR breaks how many rounds? “Inconsistent security margins”. “As far as I know, no-one “Attacks don’t really get better”. has ever proposed a TCR as a “Thousands of papers, stagnating primitive, designed to be faster results and techniques”. than existing hash functions, and that’s what I need.” More desiderata: tree hash, new tweak at each vertex, multi-message security.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cedar Rapids RLR & Speed Des Moines RLR & Speed

Cedar Rapids RLR & Speed Des Moines RLR & Speed

Davenport.RLR & Speed Cedar Rapids RLR & Speed Des Moines RLR & Speed Sioux City.. RLR & Speed Muscatine...RLR & Speed Council

248 views • 11 slides
Speed kills 2 but people like speed! 3 Speed Higher speeds are associated with higher

Speed kills 2 but people like speed! 3 Speed Higher speeds are associated with higher

Effects of automated highway speed enforcement: average versus instantaneous speed control 27 th annual ICTCT workshop 16-17 Oct 2014, Karlsruhe - Germany dr. Stijn Daniels, PhD Transportation Research Institute Hasselt University, Belgium

413 views • 9 slides
Speed, speed, speed D. J. Bernstein University of Illinois at Chicago; Ruhr University Bochum

Speed, speed, speed D. J. Bernstein University of Illinois at Chicago; Ruhr University Bochum

1 Speed, speed, speed D. J. Bernstein University of Illinois at Chicago; Ruhr University Bochum Reporting some recent symmetric-speed discussions, especially from RWC 2020. Not included in this talk: NISTLWC. Short inputs.

411 views • 29 slides
SPEED OF THOUGHT SPEED OF THOUGHT 120m/s SPEED OF THOUGHT COMMUNICATIVE The Artist is Absent:

SPEED OF THOUGHT SPEED OF THOUGHT 120m/s SPEED OF THOUGHT COMMUNICATIVE The Artist is Absent:

amon ge, UDLS 2017 SPEED OF THOUGHT SPEED OF THOUGHT 120m/s SPEED OF THOUGHT COMMUNICATIVE The Artist is Absent: Davey Wreden and The Beginners Guide (https://youtu.be/4N6y6LEwsKc) SPEED OF THOUGHT COMMUNICATIVE words per minute (WPM)

804 views • 54 slides
POWERED STARTUPS Speed@BDD Presentation July 2017 SPEED@BDD IN A NUTSHELL Speed@BDD is a

POWERED STARTUPS Speed@BDD Presentation July 2017 SPEED@BDD IN A NUTSHELL Speed@BDD is a

ROCKET POWERED STARTUPS Speed@BDD Presentation July 2017 SPEED@BDD IN A NUTSHELL Speed@BDD is a Lebanese-grown startup accelerator software 2 acceleration 10 startups 3-month 10% equity idea & early cycles per year per cycle

417 views • 4 slides
Speed Management in NZ

Speed Management in NZ

Speed Management in NZ The agenda 1. Benefits of reduced traffic speed (10 min) 2. Speed Quiz (15 min) 3.

948 views • 46 slides
10 years of Speed Tables Peter da Silva FlightAware What are Speed Tables? What are Speed

10 years of Speed Tables Peter da Silva FlightAware What are Speed Tables? What are Speed

10 years of Speed Tables Peter da Silva FlightAware What are Speed Tables? What are Speed Tables? An array of structures A Key-Value store A NoSQL database A portable API Example CExtension particles 1.0 { CTable quark

476 views • 32 slides
Safe Pedestrians, Equines the Environment & Drivers Who are SPEED? The SPEED action group

Safe Pedestrians, Equines the Environment & Drivers Who are SPEED? The SPEED action group

SPEED Safe Pedestrians, Equines the Environment & Drivers Who are SPEED? The SPEED action group was formed after a public meeting to discuss road safety issues and the tragic accident on the A626, involving a horse fatality.

368 views • 13 slides
Speed perception by drivers as dependent on target travel speeds, on every road type urban street

Speed perception by drivers as dependent on target travel speeds, on every road type urban street

32 nd ICTCT Conference in Warsaw, Poland - October 24 & 25, 2019 Background: Speed in Sustainable road safety Speed one of the main issues in Sustainable road safety and in Safe System Speed management matching road

317 views • 3 slides
USB History January 1996 Low Speed USB 1.0 (1.5 Mbit/s) Full Speed USB 1.1 August

USB History January 1996 Low Speed USB 1.0 (1.5 Mbit/s) Full Speed USB 1.1 August

USB History January 1996 Low Speed USB 1.0 (1.5 Mbit/s) Full Speed USB 1.1 August 1998 (12 Mbit/s) High Speed USB 2.0 April 2000 (480 Mbit/s) USB 3.0 November SuperSpeed (3.1 Gen1) 2008 (5 Gbit/s) USB 3.1

782 views • 19 slides
Speed Bump? http://www.skepticalscience.com/graphics.php?g=47 Speed Bump?

Speed Bump? http://www.skepticalscience.com/graphics.php?g=47 Speed Bump?

Speed Bump? http://www.skepticalscience.com/graphics.php?g=47 Speed Bump? http://www.skepticalscience.com/graphics.php?g=47 Speed Bump? Speed Bump? Outline 1. Who Is Your Audience? a) In-Person vs. Print/Online Media

135 views • 12 slides
The Traverse The journey between thermals X country speed is related to: Cruising speed

The Traverse The journey between thermals X country speed is related to: Cruising speed

The Traverse The journey between thermals X country speed is related to: Cruising speed Climb rate Route through the air What speed to fly McCready theory Block speeds or dolphin? McCready theory For every thermal

411 views • 27 slides
CERTAIN FACTS Certain factors which hamper the speed are: 1. Virus infected PC 2. Low SNR

CERTAIN FACTS Certain factors which hamper the speed are: 1. Virus infected PC 2. Low SNR

SLOW SPEED ISSUES CERTAIN FACTS Certain factors which hamper the speed are: 1. Virus infected PC 2. Low SNR ratio due to poor line condition/improper punching at the MDF side 3. Wrong line profile attached to the DSLAM port for high speed

661 views • 16 slides
Speed Development Methods New concepts from the USA Adrian Faccioni Speed & Conditioning

Speed Development Methods New concepts from the USA Adrian Faccioni Speed & Conditioning

Speed Development Methods New concepts from the USA Adrian Faccioni Speed & Conditioning Consultant US Coaches Observed Dan Pfaff Coach of Donovan Bailey (9.84) Bruny Surin (9.84) Obadele Thompson (9.87) Kareem Street

445 views • 21 slides
How a wave packet propagates at a speed faster than the speed of light A novel superluminal

How a wave packet propagates at a speed faster than the speed of light A novel superluminal

How a wave packet propagates at a speed faster than the speed of light A novel superluminal mechanism with high transmission and broad bandwidth Tsun-Hsu Chang ( ) Department of Physics, National Tsing Hua University Claim: The

454 views • 23 slides
MCC Speed Management Policy Agenda Purpose of the Speed Management Policy Results of

MCC Speed Management Policy Agenda Purpose of the Speed Management Policy Results of

MCC Speed Management Policy Agenda Purpose of the Speed Management Policy Results of feedback from previous Road Safety workshop Sum Up; Questions & Close MCC Speed Management Policy Purpose of the Speed Management Policy To

416 views • 16 slides
Comments/Observations: R. Tayloe, Nuint'09 Path forward: theory vs experiment needs, QE

Comments/Observations: R. Tayloe, Nuint'09 Path forward: theory vs experiment needs, QE

Path forward: theory vs experiment needs, QE discussion input Comments/Observations: R. Tayloe, Nuint'09 Path forward: theory vs experiment needs, QE discussion input Comments/Observations: - Desperately seeking: model-independent cross

688 views • 11 slides
Continue Data Structures Grand Tour FixedLengthQueue Markov Orientation and kickoff Turn in

Continue Data Structures Grand Tour FixedLengthQueue Markov Orientation and kickoff Turn in

Continue Data Structures Grand Tour FixedLengthQueue Markov Orientation and kickoff Turn in the written problem from HW 18. Before tomorrow Reading assignment from Weiss Read and understand the Markov assignment Take the short

228 views • 19 slides
SEND WG Chairs: James Kempf, Pekka Nikander 56th IETF, San Francisco Hilton, Tuesday March 18th,

SEND WG Chairs: James Kempf, Pekka Nikander 56th IETF, San Francisco Hilton, Tuesday March 18th,

SEND WG Chairs: James Kempf, Pekka Nikander 56th IETF, San Francisco Hilton, Tuesday March 18th, 2003 http://www.tml.hut.fi/~pnr/SEND/slides.pdf Agenda bashing 5 min. - Agenda discussion 10 min. - Last Call Issues for

931 views • 16 slides
Modeling wildfire and air quality under c limate change Don McKenzie Pacific WIldland Fire

Modeling wildfire and air quality under c limate change Don McKenzie Pacific WIldland Fire

Modeling wildfire and air quality under c limate change Don McKenzie Pacific WIldland Fire Sciences Lab US Forest Service with contributions from Uma Shankar Natasha Stavros Robert Keane Robert Norheim Jeffrey

319 views • 31 slides
Teaching Parallel Programming for IT Students ... Why, When, and How? Ahmed Wagueeh Software

Teaching Parallel Programming for IT Students ... Why, When, and How? Ahmed Wagueeh Software

Teaching Parallel Programming for IT Students ... Why, When, and How? Ahmed Wagueeh Software Architect Ahmedx.wagueeh@intel.com Intel Corporation Agenda Why? When? How? Why? Why is it NOW important to teach parallel programming?!

852 views • 17 slides
This page has been left blank deliberately. . . Chemnitz, CMS2013, September of 2013 p. 1

This page has been left blank deliberately. . . Chemnitz, CMS2013, September of 2013 p. 1

This page has been left blank deliberately. . . Chemnitz, CMS2013, September of 2013 p. 1 Testing the remote control. . . Chemnitz, CMS2013, September of 2013 p. 2 The ( x n ) sequence Paul Nevai paul@nevai.us Chemnitz,

1.32k views • 86 slides
Hosted PostgreSQL: An Objective Look Christophe Pettus PostgreSQL Experts, Inc. FOSDEM PGDay

Hosted PostgreSQL: An Objective Look Christophe Pettus PostgreSQL Experts, Inc. FOSDEM PGDay

Hosted PostgreSQL: An Objective Look Christophe Pettus PostgreSQL Experts, Inc. FOSDEM PGDay 2020 Christophe Pettus CEO, PostgreSQL Experts, Inc. christophe.pettus@pgexperts.com thebuild.com twitter @xof "It's more of a

1.35k views • 88 slides
Database Technology Roadmapping Hector Garcia-Molina CRA Conference at Snowbird 2002 1 Session

Database Technology Roadmapping Hector Garcia-Molina CRA Conference at Snowbird 2002 1 Session

Technology Roadmaps and Plotting Research Routes: Database Technology Roadmapping Hector Garcia-Molina CRA Conference at Snowbird 2002 1 Session Description Setting research directions in a subdiscipline of CSE must be done in light of the

562 views • 10 slides

More recommend