15 Nov 2011 20:35
proposed RG action: draft-cfrg-cipher-catalog
David McGrew <mcgrew <at> cisco.com>
2011-11-15 19:35:21 GMT
2011-11-15 19:35:21 GMT
Hi, I would like to propose the creation of an research group draft that describes all of the ciphers defined or used in IETF RFCs. This draft should contain the basic facts about each cipher, including intellectual property considerations, and also describe its security properties, and provide authoritative references. The most important security considerations are key size and block size (though we have two stream ciphers that accept IVs and one that does not), and probably the easiest way to deal with this is to describe the security ramifications of the different parameter choices, which puts each cipher into a rough category. There are about twenty such ciphers (see the attached html table) and it will be valuable for CFRG to put together this information and ensure appropriate review. There has been discussion in some IETF working groups about the addition of new standards-track ciphers. CFRG should be providing technical input, but it is not the right place for discussion of standards. I think a draft focusing on technical properties is the right contribution. Let me know what you think. Are you willing to participate as an editor, contributor, or reviewer? Do you see any problems with this approach? Anything missing from the outline above? Comments especially welcome on the subject of security categorization. thanks, David
| Cipher | Year Published | Specification | IETF Use | IPR | IPR Terms | Type | Parameters | Key Length (bits) | AES Compatible |
| KCipher-2 Stream Cipher | 2011 | draft-kiyomoto-kcipher2 | 2 Internet Drafts | KDDI, Qualcomm | RAND | Stream | 128-bit IV | 128 | No |
| ARIA | 2010 | RFC 5794 | 2 RFCs, 3 Internet Drafts | None | - | Block | 128-bit block | 128, 192, 256 | Yes |
| CLEFIA | 2007 | RFC 6114 | 1 RFCs, 3 Internet Drafts | SONY | RAND | Block | 128-bit block | 128, 192, 256 | Yes |
| SMS4 | 2006 | 200621016423197990.pdf | None | BDST | Beijing Data Security Technology Co. Ltd. (BDST) | Block | 128-bit block | 128 | Partially |
| Rabbit | 2006 | RFC 4503 | 1 RFC | Cryptico | RAND | Stream | 64-bit IV | 128 | No |
| SEED | 2005 | RFC 4269 | 7 RFCs, 5 Internet Drafts | None | - | Block | 128-bit block | 128 | Partially |
| Camellia | 2000 | RFC 3713 | 15 RFCs, 22 Internet Drafts | NTT | Royalty free (needs IETF tools notification) | Block | 128-bit block | 128, 192, 256 | Yes |
| MISTY1 | 2000 | RFC 2994 | 1 RFC | Mitsubishi | Royalty free (needs IETF tools notification) | Block | 64-bit block | 128 | No |
| CAST-256 | 1999 | RFC 2612 | 13 RFCs | Entrust | Royalty free (needs IETF tools notification) | Block | 128-bit block | 128, 160, 192, 224, 256 | Yes |
| Advanced Encryption Standard (AES) | 1998 | FIPS-197 | 169 RFCs, 118 Internet Drafts | None | - | Block | 128-bit block | 128, 192, 256 | Yes |
| TWOFISH | 1998 | twofishAES.pdf | 9 RFCs, 1 Internet Draft | None | - | Block | 128-bit block | 128, 192, 256 | Yes |
| Serpent | 1998 | serpent.pdf | 6 RFCs, 2 Internet Drafts | None | - | Block | 128-bit block | 128, 192, 256 | Yes |
| SKIPJACK | 1998 | skipjack.pdf | 15 RFCs, 3 Internet Drafts | None | - | Block | 64-bit block | 80 | No |
| RC2 | 1998 | RFC 2268 | 36 RFCs, 10 Internet Drafts | None | - | Block | 64-bit block | 8,16 24, ,...,1024 | No |
| CAST-128 | 1997 | RFC 2144 | 20 RFCs, 1 Internet Draft | Entrust | Royalty free (needs IETF tools notification) | Block | 64-bit block | 128 | No |
| RC4 Stream Cipher | 1994 | draft-kaukonen-cipher-arcfour | 53 RFCs, 23 Internet Drafts | None | - | Stream | No IV | 8,16, 24, ...,1024 | No |
| RC5 | 1994 | RFC 2420 | 25 RFCs, 6 Internet Drafts | RSA | needs IETF tools notification | Block | 32, 64, 128-bit block | 8,16 24, ,...,1024 | Yes |
| BLOWFISH | 1994 | paper-blowfish-fse.html | 26 RFCs, 8 Internet Drafts | None | - | Block | 64-bit block | 32, 64, 96, ...., 448 | No |
| International Data Encryption Algorithm (IDEA) | 1992 | E90/389.PDF | 9 RFCs, 2 Internet Drafts | MediaCrypt AG | Unknown; close to expiration | Block | 64-bit block | 128 | No |
| GOST 28147-89 | 1989 | RFC 5830 | 8 RFCs, 7 Internet Drafts | None | - | Block | 64-bit block | 256 | No |
| Triple Data Encryption Standard (3DES) | 1979 | FIPS-46-3 | 143 RFCs, 56 Internet Drafts | IBM | Royalty free and expired | Block | 64-bit block | 112 | No |
| Data Encryption Standard (DES) | 1977 | FIPS-46 | 82 RFCs, 8 Internet Drafts | IBM | Royalty free and expired | Block | 64-bit block | 56 | No |
| Notes | |||||||||
| 1. Highlighted ciphers are AES-compatible are free of intellectual property complications | |||||||||
| 2. AES-compatible ciphers have security goals and parameters that match those of the AES. Partially compatible ciphers support only some of the AES key lengths. | |||||||||
| 3. Not all ciphers have normative specifications. | |||||||||
| 4. Some IETF uses are self-citations. | |||||||||
| 5. Some RFCs have IPR considerations that are noted in the RFC text, but not in IETF tools. | |||||||||
| 6. The SMS4 cipher does not appear in any IETF documents, but it is included for comparison. | |||||||||
| Observations | |||||||||
| 1. No patented cipher has been added to an IETF standard since 1998, except those with royalty-free terms. | |||||||||
| 2. There are over 200 documents citing AES; if IETF includes new ciphers, it will be important to avoid a combinatorial explosion of new documents. | |||||||||
| 3. A framework for AES-compatible ciphers could be developed, to manage compatibility and to promote security. |
_______________________________________________ Cfrg mailing list Cfrg <at> irtf.org http://www.irtf.org/mailman/listinfo/cfrg
RSS Feed