Talk:ESTREAM

From Wikipedia, the free encyclopedia

This article is part of WikiProject Cryptography, an attempt to build a comprehensive and detailed guide to cryptography in the Wikipedia. If you would like to participate, you can choose to edit the article attached to this page, or visit the project page, where you can join the project and see a list of open tasks.

Contents 1 Big Momma Table 2 Cleanup notice 3 Organising the table again 4 Combining less significant cipher pages

[edit] Big Momma Table

I'd suggest removing the submitters from the big momma table, to shrink it considerably. I'd like to add a column that covers whether eSTREAM have published any cryptanalysis too... — ciphergoth 11:13, September 5, 2005 (UTC)

Personally, I find the names of the designers to be helpful summary information ("ah, that's Biham and Seberry's design"). That is, if you've heard of the cryptographers before, it's useful. Maybe we can take a couple of the "big team" rows like DECIM and SOSEMANUK, and replace most of them "et al"?

A column on published cryptanalysis would be very handy, and perhaps one on "type" as recorded on the individual pages (self-synchronising or synchronous)? — Matt Crypto 11:24, 5 September 2005 (UTC)

It looks to me like we need a better way to display cipher status in the table. Crossing out names makes them hard to read, the reference links next to them are far from informative, and with all the broken-fixed-unbroken-withdrawn changes back and forth there are so many statuses. Can't just cross them out. I propose changing the row's background colour reflecting the cipher's current status. Let's say white or light green for those with no attacks against them (that includes Salsa-20 and all other erroneous/bogus attacks), light gray for 'broken and fixed', yellow or light brown for 'broken and not fixed yet', and red or pink for 'broken and withdrawn', and maybe also light blue for 'attack published but not confirmed yet'. We can add a short list describing the colours above or below the table. Any other ideas? Ruptor 13:11, 7 October 2005 (UTC)

You're right. The only quibble I'd add is that colour has disadvantages as a way of doing these things - not everyone browses in colour, including those on mobile devices or using text-to-speech or versions of Wikipedia rendered for portable devices and such. Perhaps what we need are symbols, the way you get symbols in product reviews indicating features. We could choose a few suitable-looking Unicode characters, and provide a key at the top or bottom of the table. Suitable Unicode dingbats might include ✘, ✔, ☀, ☺, ☻. I'm not sure "broken and fixed" means much - eSTREAM aren't accepting fixes AIUI, so once broken the cipher is out of the eSTREAM race. The authors may propose a successor, but that isn't much to do with eSTREAM any more.

Another tricky problem is how to be NPOV about breaks. An-Ping's "analysis" of Salsa20 is undoubtedly bogus, but it's not clear what verifiable, NPOV fact we're referring to when we treat it differently to any other attack that hasn't been acknowledged by the cipher authors. I'd be interested in your ideas here. — ciphergoth 13:40, 7 October 2005 (UTC)

Another case is where Courtois claims an attack which breaks SFKINKS, but Bernstein disagrees. It's difficult when the state of affairs is constantly changing. Perhaps, for the short term, we should just bite the bullet and use a different colour for any disputed break, even one that seems very dubious (like An-Ping's). I suspect that we'll reorganise the table once the Phase II "finalists" are chosen anyway, and at that point we can use the eSTREAM report (which will presumably be published at that point) as a fair judge of whether an attack is accepted. — Matt Crypto 11:49, 8 October 2005 (UTC)

Now Dragon joins the problematic list. Again the break is disputed, but in this case it looks to me like the break is good; the cipher authors claim it requires a large amount of output from a single key/IV pair, but this isn't so, it can work using the output from many IVs. An anon user removed the attack from the table, but I've restored it, marking it disputed. — ciphergoth 07:03, 13 October 2005 (UTC)

[edit] Cleanup notice

This article is being actively maintained, so there's no need for a cleanup notice - I've reverted that change. Please discuss what failings you feel the article has that call for a cleanup here in Talk. — ciphergoth 06:39, September 7, 2005 (UTC)

[edit] Organising the table again

Key
F	a "Focus Phase 2" cipher
2	A "Phase 2" cipher
A	An "archived" cipher
M	Includes a mac
P	Patented

Cipher	eSTREAM webpage	Profile 1 (software)	Profile 2 (hardware)	Properties	Submitters
Dragon	[1]	F			Ed Dawson, Kevin Chen, Matt Henricksen, William Millan, Leonie Simpson, HoonJae Lee, SangJae Moon
Grain	[2]		F		Martin Hell, Thomas Johansson and Willi Meier
Phelix	[3]	F	F	M	Doug Whiting, Bruce Schneier, Stefan Lucks and Frédéric Muller
Salsa20	[4]	F	2		Daniel Bernstein

Here's a proposal for how the table should look. Feel free to directly edit it to improve the proposal. I'm doing it here rather than the article space since things like adding or moving columns is easier when there are only a few example ciphers in the list.

You will note that this removes all the information on what is broken and what isn't. This is because it's proving incredibly hard to summarize; some ciphers have been through many tweaks and variants, and many breaks are disputed - for example, Biham disputes my and Sekar et al's attack on Py (cipher). We link to the eSTREAM page which lists everything everyone's written about a cipher; if we want to provide more information on its security we should report it in the article about the cipher rather than trying to summarize it in this table.

I look forward to your edits. Probably best to comment on them as replies to these paragraphs and to leave the table as the first thing in this section, otherwise it will get hard to read. — ciphergoth 14:12, 1 April 2006 (UTC)

Very late reply on this, sorry. Yes, I agree that the proposed table looks much better and that is probably best to track changes in attacks, status etc for the candidates on their respective page. One thing I would like to see in the table though is key length and claimed strength in bits. Or is that too much detail also? /Joachim

Also very late reply from me. I think the table is fine the way it is. As for the attack status, there is a reason that not even eSTREAM itself makes definite claims about that. I think that Wiki is the wrong place to make disputed claims about the cipher security before an official eSTREAM statement exists. Erik Zenner 11:32, 4 May 2006 (UTC)

Tricky question. In theory, the only requirements for putting something on Wikipedia are that it be verifiable, NPOV and not original research; even Li An-Ping's attacks on Salsa20 meet these criteria even though everyone else knows that they're garbage. In practice, however, notability is also taken into account. One cound try and argue that An-Ping's attacks are not notable, but I think that could be considered to be POV. So the attacks are mentioned in the Salsa20 article, along with the reception they've received from the community.

To put it another way, I don't think mentioning the existence of unconfirmed attacks is a problem (the Py attacks definitely belong on that page, in my biased opinion) but I don't want to try and summarize the attack status of a cipher, because that would introduce big distortions. So I've moved it out of the table; it can live in the articles for each cipher. — ciphergoth 13:22, 4 May 2006 (UTC)

[edit] Combining less significant cipher pages

Looking at a few random cipher pages (e.g., Frogbit, CryptMT, TRBDK3 YAEA), I notice they have very little content and hardly seem worth having dedicated pages for each. Stories/games often have a single page for lists of lesser characters/places/events. How about a single page for eSTREAM submissions that haven't received as much attention? 198.205.33.93 18:40, 5 December 2006 (UTC)

I don't see why we shouldn't, particularly when a cipher's only notability is within the context of eSTREAM. If we get too much detail on any one cipher, we can easily split it out to its own page again. — Matt Crypto 21:26, 5 December 2006 (UTC)