Score:-1

What would be the benefits of using a faster cryptographic system with the same level of security as AES

cn flag

Essentially I'm asking, what if I have designed a quantum-proof stream cipher that is faster than AES-256?

Will using less computational power for encryption/decryption be valuable to companies or various organizations?

I can imagine that faster and lighter encryption while secure enough could potentially cut down costs or give a competitive advantage to a business. (like Google)

However, I would highly appreciate it if you can bring up a few examples that the value of this could make someone pay for a more efficient* encryption algorithm.

*Faster, more secure & using less computational power.

kelalaka avatar
in flag
Decryptiyon who needs that? GCM(CTR) mode is now the gold. Have you ever heard the ChaCha/Salsa series, built-in CTR? There are candidates already but they are not NIST standard. Google already uses [ChaCha](https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html). Any block cipher uses 256-bit of key is secure against Grover! And currently, the Salsa have better security than AES, yet none with 256-bit of key is expected to be broken
kelalaka avatar
in flag
Usually, we don't pay for a cipher, we just find another one to use!
poncho avatar
my flag
"what if I have designed a quantum-proof stream cipher that is faster than AES-256?"; the question that is always asked is "why should we believe that it's secure?". Unless you can come up with a really good answer to that (one better than, well, "I thought about it really hard and couldn't think of a way to break it myself" or "I ran a bunch of statistical tests on the outputs and those tests said it looked random"), no one will touch it...
Maarten Bodewes avatar
in flag
Kelalaka is right, even a very efficient algorithm such as OCB failed miserably, and that was just because of a relatively patent issue (not free for military use). Cryptographers really don't like patents, we just code around them.
Score:2
ru flag

The obvious market for such a cipher is for lightweight internet-of-things devices where production costs need to be kept small and battery life needs to be maximised (e.g. if device access is hard such as with a pacemaker or satellite component). Minimising the circuit size and power consumption in these constrained circumstances is highly desirable.

It is for these reasons that NIST is in the final stages of a process to choose such a cipher suitable for standardisation. In other words, you should aim to be more efficient than the winner(s) of this process rather than AES. Even then the economic savings would have to be significant for implementors to assume the potential liability associated with a non-standard algorithm.

kelalaka avatar
in flag
Well, [NIST required at leas 112-bit security](https://crypto.stackexchange.com/q/87058/18298) not 128.
Maarten Bodewes avatar
in flag
Also of note is the EU stream cipher competition (ECRYPT 2 / eStream), although it is a bit older.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.