Determine interest: AES with IGE mode?
ben.wiederhake at gmail.com
Mon Sep 28 17:14:26 CEST 2015
OpenSSL offers a cipher mode called "IGE" (Infinite Garble Extension),
mainly for AES encryption. Barely anyone uses it, but those who do (e.g.
implementors of the Telegram Protocol, i.e., libtgl) usually have no
AES with IGE mode is not available in libgcrypt (and from a lot of other
crypto libraries), so libtgl is currently locked-in to OpenSSL due to that.
Personally, I now have the choice between implementing it only for
libtgl, or implementing it for libgcrypt.
IGE mode is well explained in the (non-OpenSSL licensed) documentation
from OpenSSL about that mode , and a bit more mathematically detailed
in the original paper  (especially page 16), so:
- it is easily possible to implement it in not too many lines of code.
- there are definitely no conflicts with the GPL here, as there is no
OpenSSL-licensed resource involved at all.
I'd love to see AES-IGE (specifically AES256-IGE) available for
everyone, not just libtgl. But before I dig into libgcrypt and
understand where I have to start adding the code, I'd like to know:
Is there any interest in having AES-IGE in libgcrypt?
As a kind of sales pitch, here's some arguments:
- You benefit: All other people who try to get away from OpenSSL now
have one less obstacle in their way.
- We benefit: Instead of having a few non-crypto-savvy people work on a
security-critical component, we could use a dedicated library; just like
with other important things like SHA1, RSA etc.
So, what do you think?
More information about the Gcrypt-devel