[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bellovin's and Ashar's attacks

To: Danny.Nessett@eng.sun.com (Dan Nessett)
Subject: Re: Bellovin's and Ashar's attacks
From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
Date: Thu, 13 Apr 1995 15:33:36 -0400
Cc: smb@research.att.com, perry@imsi.com, ipsec@ans.net
In-Reply-To: Danny.Nessett's message of Thu, 13 Apr 1995 11:05:43 -0700. <199504131806.AA27414@interlock.ans.net>

   Sorry, my message wasn't clear on here. What I meant was caching key schedul
     es
   within the chip itself, which is what I guess the AT&T chip did. With chip
   densities increasing dramatically, I don't think it is unreasonable to cache
   a very large number of key schedules on chip.

I wondered about this, and took a look at the key schedule expansion
algorithm.  

I'm not a EE or VLSI designer, but as best I can tell..

DES key schedule expansion in hardware *isn't slow*.  It can be
implemented in hardware with a pair of 28-bit circular shift registers
and 48 wires, generating one subkey per clock cycle.  The only
complication is that you occasionally need to "double-shift" the
registers.

You can do this in parallel with the encryption, producing the subkeys
only as they're needed.

Software implementations of DES typically expand the 64-bit key into
16 or 32 64-bit words, because bitwise permutations are expensive in
software.  But they're really cheap in hardware..

						- Bill

References:

Re: Bellovin's and Ashar's attacks

From: Danny.Nessett@eng.sun.com (Dan Nessett)

Prev by Date: Re: Bellovin's and Ashar's attacks
Next by Date: Re: Bellovin's and Ahar's attacks
Prev by thread: Re: Bellovin's and Ashar's attacks
Next by thread: Re: Bellovin's and Ashar's attacks
Index(es):
- Main
- Thread