Secure Multi-Party Data Classification System

This grew from secure forum. Is currently being developed by professionals but I would appreciate any feedback or advice. Help us get it right the first time!

 

(This probably doesn't matter much, in reality, so this is going on principle alone.) It doesn't make much since to advocate the use of Whirlpool, while steering away from Rijndael. They're both based on the wide trail srategy, which is still a viable means of secure block cipher design. Furthermore, Whirlpool is facing its own sets of issues these days, with rebound attacks, which is a type of differential attack on block cipher-based hash functions. I'd be curious to know why Whirlpool got the thumbs up, but Rijndael didn't. Security margins aren't conclusive; it's easy to show a metric for which Rijndael's round function achieves full diffusion faster than that of Serpent.

Rijndael is receiving more cryptanalytical attention than any other block cipher, which makes a big difference when it comes to fielding primitives. Besides, the recent attacks need to be considered within context. It's a matter of redesigning the key schedule to better resist these related-key attacks -- a class of attacks which weren't really taken into account as opposed to other classes of attacks. It would suffice to say that oftentimes, the design requirements for key schedules are less ambitious than other components within a block cipher, with efficiency and performance at the forefront. Overall, I see no reason to toss Rijndael to the side because of these attacks.

Has any thought been given to a composite scheme (e.g., AES-CTR-then-CMAC-AES) for ensuring the confidentiality and integrity of data?

Although I haven't read everything yet, it seems like a bit of thought has gone into this design, and the goal of keeping things transparent is certainly a good one, and a hallmark of good security. Once I find the time to read it, I'll get back comments.

 

This is my fault for using whirlpool in the example of how passwords are traditionally stored server side, but we actually decided to go with sha-512 for this system. Although we are also using Sha-1 for data integrity.