- More and more people see ChaCha20 as wasteful (too many rounds)
- Poly1305 is "hard" to implement
- ChaCha12 + BLAKE3 can fulfill all the symmetric cryptography needs (MAC, AEAD, Hash, RNG...), which is untrue of ChaCha20 + Poly1305, therefore simplifying the deployment of secure cryptography
- ChaCha12 + BLAKE3 both scales with the width of SIMD vectors, opening the door to really really fast cryptography on general-purpose hardware, especially with ARM SVE & SVE2
- SIV construction requires to decrypt the entire payload before being able to verify the authentication tag, which can be costly and may lead to DoS attacks due to the asymmetry of the cost of attack / cost of defense
jedisct1|6 months ago
Keyb0ardWarri0r|6 months ago
But:
- More and more people see ChaCha20 as wasteful (too many rounds)
- Poly1305 is "hard" to implement
- ChaCha12 + BLAKE3 can fulfill all the symmetric cryptography needs (MAC, AEAD, Hash, RNG...), which is untrue of ChaCha20 + Poly1305, therefore simplifying the deployment of secure cryptography
- ChaCha12 + BLAKE3 both scales with the width of SIMD vectors, opening the door to really really fast cryptography on general-purpose hardware, especially with ARM SVE & SVE2
- SIV construction requires to decrypt the entire payload before being able to verify the authentication tag, which can be costly and may lead to DoS attacks due to the asymmetry of the cost of attack / cost of defense