diff for duplicates of <20181015175424.97147-1-ebiggers@kernel.org> diff --git a/a/1.txt b/N1/1.txt index bd79f02..ad48877 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -34,7 +34,7 @@ they actually provide a stronger notion of security than XTS. Adiantum is an improved version of our previous algorithm, HPolyC [2]. Like HPolyC, Adiantum uses XChaCha12, two passes of an -ε-almost-∆-universal (εA∆U) hash function, and one AES-256 encryption of +?-almost-?-universal (?A?U) hash function, and one AES-256 encryption of a single 16-byte block. On ARM Cortex-A7, on 4096-byte messages Adiantum is about 4x faster than AES-256-XTS (about 5x for decryption), and about 30% faster than Speck128/256-XTS. @@ -47,9 +47,9 @@ primitives, AES-256 currently has the lower security margin. Adiantum is ~20% faster than HPolyC, with no loss of security; in fact, Adiantum's security bound is slightly better than HPolyC's. It does -this by choosing a faster εA∆U hash function: it still uses Poly1305's -εA∆U hash function, but now a hash function from the "NH" family of hash -functions is used to "compress" the message by 32x first. NH is εAU (as +this by choosing a faster ?A?U hash function: it still uses Poly1305's +?A?U hash function, but now a hash function from the "NH" family of hash +functions is used to "compress" the message by 32x first. NH is ?AU (as shown in the UMAC paper[3]) but is over twice as fast as Poly1305. Key agility is reduced, but that's acceptable for disk encryption. diff --git a/a/content_digest b/N1/content_digest index 5e23aef..65d2e14 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,17 +1,7 @@ - "From\0Eric Biggers <ebiggers@kernel.org>\0" + "From\0ebiggers@kernel.org (Eric Biggers)\0" "Subject\0[RFC PATCH v2 00/12] crypto: Adiantum support\0" "Date\0Mon, 15 Oct 2018 10:54:12 -0700\0" - "To\0linux-crypto@vger.kernel.org\0" - "Cc\0linux-fscrypt@vger.kernel.org" - linux-arm-kernel@lists.infradead.org - linux-kernel@vger.kernel.org - Herbert Xu <herbert@gondor.apana.org.au> - Paul Crowley <paulcrowley@google.com> - Greg Kaiser <gkaiser@google.com> - Michael Halcrow <mhalcrow@google.com> - Jason A . Donenfeld <Jason@zx2c4.com> - Samuel Neves <samuel.c.p.neves@gmail.com> - " Tomer Ashur <tomer.ashur@esat.kuleuven.be>\0" + "To\0linux-arm-kernel@lists.infradead.org\0" "\00:1\0" "b\0" "Hello,\n" @@ -50,7 +40,7 @@ "\n" "Adiantum is an improved version of our previous algorithm, HPolyC [2].\n" "Like HPolyC, Adiantum uses XChaCha12, two passes of an\n" - "\316\265-almost-\342\210\206-universal (\316\265A\342\210\206U) hash function, and one AES-256 encryption of\n" + "?-almost-?-universal (?A?U) hash function, and one AES-256 encryption of\n" "a single 16-byte block. On ARM Cortex-A7, on 4096-byte messages\n" "Adiantum is about 4x faster than AES-256-XTS (about 5x for decryption),\n" "and about 30% faster than Speck128/256-XTS.\n" @@ -63,9 +53,9 @@ "\n" "Adiantum is ~20% faster than HPolyC, with no loss of security; in fact,\n" "Adiantum's security bound is slightly better than HPolyC's. It does\n" - "this by choosing a faster \316\265A\342\210\206U hash function: it still uses Poly1305's\n" - "\316\265A\342\210\206U hash function, but now a hash function from the \"NH\" family of hash\n" - "functions is used to \"compress\" the message by 32x first. NH is \316\265AU (as\n" + "this by choosing a faster ?A?U hash function: it still uses Poly1305's\n" + "?A?U hash function, but now a hash function from the \"NH\" family of hash\n" + "functions is used to \"compress\" the message by 32x first. NH is ?AU (as\n" "shown in the UMAC paper[3]) but is over twice as fast as Poly1305. Key\n" "agility is reduced, but that's acceptable for disk encryption.\n" "\n" @@ -175,4 +165,4 @@ "-- \n" 2.19.0.605.g01d371f741-goog -5fa54ed5351880150202c90335a119df3322fcac4b6dae2746cc722221aa789f +5ae1a911b8195309f73d596ab9ba82d3bac42e56b041442669cf1cccb69e2725
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.