Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp4072735imm; Mon, 6 Aug 2018 16:22:05 -0700 (PDT) X-Google-Smtp-Source: AAOMgpe1CfizyzCzhbpEBvEw/Rm97WzCxlhekgPdZZyt8WNLrs/Ex1FM3eOuOmNKPVNtl2ELQ15C X-Received: by 2002:a17:902:2006:: with SMTP id n6-v6mr15418735pla.325.1533597725893; Mon, 06 Aug 2018 16:22:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533597725; cv=none; d=google.com; s=arc-20160816; b=SDUKvq2buy8RmQ91Usejy6xyuNekIpbwLt+5IvGZTqsMEfp974Yuc5cFBBi9yWai8M 16gy2ZfBrzOL4nDFAqACYbbxhOl9KR9hqWNxtxJVMUpAJoccB9BbjEWvjdhEK8k14Xln jwGDeIzhkV61Hta7m+iBwocES9z/D7A+JsnKGL7yI6PPyd9PkGDJE/+peEEr57o11G7h 4WPfmr2k7yAE0SFlT3y0lQpKnb5WmI0X+ZNvEXJu9SVyg73Jp7CUIkpkMrV28/y1hORZ VDXS6w4Py01Y569hLBJW0eQIUK26BRbKdmXBwW71N+LpN6StjTkJneZGx6dDKdbAGtEk IFWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=qtt3OvxzV6PwS6w1HWMAhzbg62BIagqOE6TB4itVjIg=; b=U1wMsC1iRZHJ/TLxbBYRQvxwZT0aewlDEcjgcWrfUYWSTvVMsQUE6HzysvtZNVMNPy OoE0VPbk5ZEkDwCS2Wy1/sPMqSQKLry9Tu3VONkCCU/p2w4aig01bvmPoaeEXk9pRjD/ g2L4CfeMjHS6xOx1ZJtm5ee9qVHDVYmdda1zKd/nnp7dUVWMsVDhmkrXVSQ/DCqv4KvV TVCY+SuiJavhsSwq4V8RMnq5DAkI4Rq8CIVPgrqm6+gs0ouYwk3L5XwrCVgRVCDEvMJZ koQDdeGxjotwfmnh+QEYUAsdQuVTJg+gDgq290Qz89zFblUG2y89BftbJ3v1YNAQjQN7 TTPQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=YcegU8tn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p91-v6si10018277plb.51.2018.08.06.16.21.51; Mon, 06 Aug 2018 16:22:05 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=YcegU8tn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1733257AbeHGB1y (ORCPT + 99 others); Mon, 6 Aug 2018 21:27:54 -0400 Received: from frisell.zx2c4.com ([192.95.5.64]:47203 "EHLO frisell.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1733134AbeHGB1y (ORCPT ); Mon, 6 Aug 2018 21:27:54 -0400 Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 13b2a031; Mon, 6 Aug 2018 23:04:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=mime-version :references:in-reply-to:from:date:message-id:subject:to:cc :content-type; s=mail; bh=AsPT6yrHznTEGHP2KZcVei6BUQY=; b=YcegU8 tn6GATRIBNNzCeCi6mQrygK5Mfubva2QbJUQjKFpGblRnjvMWw/7y077kM/1mPJV RdVagzc6RyVe9y+0ghJs0kbhWivJnyKfSsWtIP9ZZ4F/NlAP3tWMifSgqNY75gRR TvbV+mXBFMfN2uZtwBSPdropiammZc0FCscYqng9mN+CYFHfbD63THDrO5RcVgKM 4eHoIMB9rpwbg9XqFXP/SISRNYpst+040qYp3HHJ0WvVQZbnsSzqi7szHr8Qyptk lazKRTR169+NzBFhAjDT2QXC+DAfCMi/d5XT0EygBdyqpH81dECC7Wogpg2hojfj OkVixY5AY4U40UUg== Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 5a39af2c (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO); Mon, 6 Aug 2018 23:04:23 +0000 (UTC) Received: by mail-oi0-f54.google.com with SMTP id b16-v6so11865346oic.9; Mon, 06 Aug 2018 16:16:31 -0700 (PDT) X-Gm-Message-State: AOUpUlE5tQZU6dIK8XEohodQcXAWe1jluRo7vU0vEgm5FtO2yif6V4sl iajW6LBpv8SLcqRSJoQ9/3h4iaR4lKj6QASR0g4= X-Received: by 2002:aca:7596:: with SMTP id q144-v6mr17701006oic.105.1533597390507; Mon, 06 Aug 2018 16:16:30 -0700 (PDT) MIME-Version: 1.0 References: <20180806223300.113891-1-ebiggers@kernel.org> <20180806223300.113891-4-ebiggers@kernel.org> In-Reply-To: <20180806223300.113891-4-ebiggers@kernel.org> From: "Jason A. Donenfeld" Date: Tue, 7 Aug 2018 01:16:18 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH 3/9] crypto: chacha20-generic - refactor to allow varying number of rounds To: ebiggers@kernel.org Cc: Linux Crypto Mailing List , linux-fscrypt@vger.kernel.org, linux-arm-kernel@lists.infradead.org, LKML , Herbert Xu , Paul Crowley , Greg Kaiser , Michael Halcrow , samuel.c.p.neves@gmail.com, tomer.ashur@esat.kuleuven.be, Eric Biggers , "Daniel J . Bernstein" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hey Eric, On Tue, Aug 7, 2018 at 12:35 AM Eric Biggers wrote: > In preparation for adding XChaCha12 support, rename/refactor > chacha20-generic to support different numbers of rounds. I'm interested in learning the motivation behind going with ChaCha12. So far, the vast majority of users of ChaCha have been getting along quite fine with ChaCha20 and enjoying the very large security margin this provides. In some ways, introducing ChaCha12 into the ecosystem feels like a bit of a step backwards, even if it probably still provides adequate security (though ChaCha8 probably shouldn't be used or included at all). I realize the simple answer is just, "because it's faster." But I'm wondering specifically about the speed requirements and on what hardware and in what circumstances you found ChaCha20 was too slow, and if this is the kind of circumstance you expect to persist into the future. Jason