[tahoe-dev] dear DJB: Tiger in eBASH, and also check out my cool project

zooko zooko at zooko.com
Fri Oct 17 16:34:31 PDT 2008


Folks:

I just sent this note to DJB.  It isn't personal, and is probably of  
interest to some people on this list.

By the way, I updated (for hopefully the very last time) the graphs  
in http://allmydata.org/~zooko/lafs.pdf .  It shows that there are  
now 9.5 TB of user data stored on the Tahoe grid operated by  
allmydata.com.

Regards,

Zooko

Begin forwarded message:

> From: zooko <zooko at zooko.com>
> Date: October 17, 2008 17:30:10 PM MDT
> To: "D. J. Bernstein" <djb at cr.yp.to>
> Subject: Tiger in eBASH, and also check out my cool project
>
> Dear DJB:
>
> I'm a professional engineer who uses cryptography, and I very much  
> appreciate your contributions to the field.  This includes your  
> benchmarking work -- thanks for that!
>
> I have been considering switching from SHA-256 to Tiger in my  
> secure filesystem application.  One reason is that Tiger is  
> signficantly faster on our amd64 servers (although I have not yet  
> measured the performance in the context of our actual  
> application).  Another reason is that we have an overall intended  
> crypto strength of 96 bits -- we intend to switch to ECDSA with 192- 
> bit public keys, and if we use SHA-256 for key derivation then we  
> would truncate the output to 192-bits, which makes me worry a  
> little.  I feel that Tiger-192 is probably safer, as well as  
> faster, than SHA-256 % 192 for key-derivation.  For file hashing,  
> it seems better to me to use a 192-bit hash function to match 192- 
> bit digital signatures than to use a 256-bit hash function.
>
> (The motivation for this unusual decision to have a 96-bit crypto  
> strength is included in my paper, below.)
>
> Sean O'Neill's mysterious tests [1] rate Tiger as the only hash  
> function which has four times as many rounds as his tests can  
> distinguish from random (if I understand the idea behind that web  
> page).
>
> Anyway, the reason I'm writing to you is to request that you  
> include Tiger in eBASH.  In addition to possibly helping out  
> working engineers like me who are considering using Tiger, this  
> will also give a good bar for the SHA-3 cryptographers to measure  
> their works against.  There's nothing like a working example to  
> focus people's minds.
>
> I've attached the 6-page summary of my filesystem [2], due to be  
> presented in two weeks at the Storage, Security, and Survivability  
> Workshop after ACM CCS 2008.
>
> See also my post to the hash-forum list a few months ago, which  
> claims that almost no practical, deployed big-data tools use  
> SHA-256.  My filesystem is an exception, but I'm currently  
> considering joining the rest of the big-data tools in using a  
> faster hash function.
>
> http://zooko.com/sha256_is_too_slow.html
>
> Thanks!
>
> Regards,
>
> Zooko Wilcox-O'Hearn
>
> [1] http://defectoscopy.com/results.html
> [2] http://allmydata.org/~zooko/lafs.pdf
> ---
> http://allmydata.org -- Tahoe, the Least-Authority Filesystem
> http://allmydata.com -- back up all your files for $10/month
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lafs.pdf
Type: application/pdf
Size: 275101 bytes
Desc: not available
Url : http://allmydata.org/pipermail/tahoe-dev/attachments/20081017/49a5e478/attachment-0001.pdf 


More information about the tahoe-dev mailing list