wiki:Crypto/CurrentSpecs

Version 56 (modified by guest, 6 years ago) (diff)

--

This page summarizes the current state of the I2P cryptography.

Currently used ciphers

Cipher Used lengths Security Comments
ElGamal 2048 >Poor [5]???
AES 256 bit keys, 128 bit blocks, CBC mode Good [5] A good choice due to common support for hardware acceleration
DSA 1024 Poor [5]
SHA256 256 Good [5] Slow compared to SHA-3

Cipher usage

Router aspect Cipher used Security timescale Usage details Comments
NTCP handshake DSA ???
SSU handshake DSA ???
RouterInfo signing DSA ???
LeaseSet signing? DSA Years 75% verif.? (guesstimation)
LeaseSet revocation (unused) DSA ???
I2CP Session Config signing DSA ???
Datagram signing DSA ???
Streaming message signing DSA ???
SUD signing DSA Years and years 99% verif.

Potential new ciphers

Asymmetric ciphers

Cipher Suggested length Speed [6] Security Implementability Comments
EC-DSA 256 Sign.: 9203/s
Verif.: 4658/s
Good [5] Already used in I2PBote (via bouncycastle?)
EC-DSA 384 Sign.: 4791/s
Verif.: 1085/s
>Good [5]???
RSA-PKCS#1 v1.5 2048 Sign.: 770/s
Verif.: 25184/s
Poor [5]
RSA-PKCS#1 v1.5 3072 Decent [5]
RSA-PKCS#1 v1.5 4096 Sign.: 108/s
Verif.: 6757/s
>Decent [5]???
RSA-PSS 2048 Sign.: 770/s
Verif.: 25184/s
Decent [5]
RSA-PSS 3072 Sign.: 108/s
Verif.: 6757/s
Good [5]
RSA-PSS 4096 Sign.: 108/s
Verif.: 6757/s
>Good [5]???
DSA 160/1024 Sign.: 8176/s
Verif.: 7500/s
Poor [5]
DSA 224/2048
256/2048
Sign.: 2548/s
Verif.: 2089/s
>Poor [5]???
DSA 256/3072 Decent [5]
ElGamal 256/2048 About the same as DSA-2048 as
DSA is based on ElGamal?

Symmetric ciphers

Cipher Suggested length Speed Security Implementability Comments
Twofish 256 Bits 256-Bit Twofish is faster than 256-bit Rijndael(AES) on the same hardware

Hashes

Cipher Security Implementability Comments
SHA3(Keccak) Good enough to be recommended by NIST Faster than the SHA-2 family
RIPEMD-160 Decent [5]
RIPEMD-320 ~RIPEMD-160 [7]

MAC

Cipher Security Implementability Comments
HMAC Good [5]
CMAC Good [5]
CBC-MAC-X9.19 Good [5]
CBC-MAC-EMAC Good [5]



[1] http://www.cryptopp.com/benchmarks.html
[2] http://tools.ietf.org/html/rfc4492
[3] NIST 2011 http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf
[4] http://www.keylength.com/en/compare/
[5] ECRYPT II 2011 http://www.ecrypt.eu.org/documents/D.SPA.17.pdf
[6] OpenSSL Benchmark
[7] http://en.wikipedia.org/wiki/RIPEMD - Citation needed