wiki:Crypto/CurrentSpecs

Version 45 (modified by DISABLED, 7 years ago) (diff)

This page summarizes the current state of the I2P cryptography.

Currently used ciphers

Cipher Used lengths Perceived vulnerability Comments
ElGamal 2048
AES 256 bit keys, 128 bit blocks, CBC mode None A good choice due to common support for hardware acceleration
DSA 1024
SHA256 256 Slow compared to SHA-3

Cipher usage

Router aspect Cipher used Security timescale Usage details Comments
NTCP handshake DSA ???
SSU handshake DSA ???
RouterInfo signing DSA ???
LeaseSet signing? DSA Years 75% verif.? (guesstimation)
LeaseSet revocation (unused) DSA ???
I2CP Session Config signing DSA ???
Datagram signing DSA ???
Streaming message signing DSA ???
SUD signing DSA Years and years 99% verif.

Potential new ciphers

Asymmetric ciphers

Cipher Suggested length Speed [6] Security Implementability Comments
EC-DSA 256 Sign.: 9203/s
Verif.: 4658/s
Good [5] Already used in I2PBote (via bouncycastle?)
EC-DSA 384 Sign.: 4791/s
Verif.: 1085/s
>Good [5]?
RSA-PKCS#1 v1.5 2048 Sign.: 770/s
Verif.: 25184/s
Poor [5]
RSA-PKCS#1 v1.5 3072 Decent [5]?
RSA-PKCS#1 v1.5 4096 Sign.: 108/s
Verif.: 6757/s
>Decent [5]?
RSA-PSS 2048 Sign.: 770/s
Verif.: 25184/s
Decent [5]
RSA-PSS 3072 Sign.: 108/s
Verif.: 6757/s
Good [5]
RSA-PSS 4096 Sign.: 108/s
Verif.: 6757/s
>Good [5]?
DSA 160/1024 Sign.: 8176/s
Verif.: 7500/s
Poor [5]
DSA 2048 Sign.: 2548/s
Verif.: 2089/s
>Poor [5]?
DSA 256/3072 Decent [5]
ElGamal 256/2048 About the same as DSA-2048 as
DSA is based in ElGamal?

[1] http://www.cryptopp.com/benchmarks.html
[2] http://tools.ietf.org/html/rfc4492
[3] NIST 2011 http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf
[4] http://www.keylength.com/en/compare/
[5] ECRYPT II 2011 http://www.ecrypt.eu.org/documents/D.SPA.17.pdf
[6] OpenSSL Benchmark

Symmetric ciphers

Cipher Suggested length Speed Security Implementability Comments
Twofish 256 Bits 256-Bit twofish is faster than 256-bit Rijndael on the same hardware

Hashes

Cipher Implementability Comments
SHA3(Keccak) Faster than the SHA-2 family
RIPEMD-320