[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bellovin's and Ashar's attacks
Sorry, my message wasn't clear on here. What I meant was caching key schedul
es
within the chip itself, which is what I guess the AT&T chip did. With chip
densities increasing dramatically, I don't think it is unreasonable to cache
a very large number of key schedules on chip.
I wondered about this, and took a look at the key schedule expansion
algorithm.
I'm not a EE or VLSI designer, but as best I can tell..
DES key schedule expansion in hardware *isn't slow*. It can be
implemented in hardware with a pair of 28-bit circular shift registers
and 48 wires, generating one subkey per clock cycle. The only
complication is that you occasionally need to "double-shift" the
registers.
You can do this in parallel with the encryption, producing the subkeys
only as they're needed.
Software implementations of DES typically expand the 64-bit key into
16 or 32 64-bit words, because bitwise permutations are expensive in
software. But they're really cheap in hardware..
- Bill
References: