Re: rc5 perf and rotates

[touch@isi.edu]

> From: stroh@vnet.ibm.com
> Date: Tue, 19 Mar 96 16:51:07 CST
> To: ipsec@ans.net
> Subject: rc5 perf and rotates
> 
> Bill Sommerfeld <sommerfeld@apollo.hp.com> writes
> 
> >>	So on the "variable shifts are efficient" front:
> >>	
> >>		yes:	HP, IBM, DEC, Intel
> >>		no:	Sun, SGI..
> 
> I would label your lists "yes" and "maybe".  If the SPARC and MIPS
> implementations use barrel shifters, I still claim its only a couple extra
> cycles that might even be buried.

They will not get buried if they are in the critical path, which 
they appear to be. That couple of cycles multiplies by 24 (2 rotates
per round, 12 rounds).

> Who cares if a rotate is fast in an absolute sense? - the question is how

I do. I run IP at 150 Mbps, and would like to run _some_ security
that can keep pace. 

> I will need some convincing that algorithms incorporating rotates are inferior
> in cryptographic efficiency to those excluding them.  Rotates would seem to
> be the best way of achieving information diffusion between bit positions (sub
> modulo 8) without loss of information. Averaging over all possible shift counts,

Table lookups might be an alternative, especially if the table is small.

Joe
----------------------------------------------------------------------
Joe Touch - touch@isi.edu		    http://www.isi.edu/~touch/
ISI / Project Leader, ATOMIC-2, LSAM       http://www.isi.edu/atomic2/
USC / Research Assistant Prof.                http://www.isi.edu/lsam/

---

• Prev by Date: rc5 perf and rotates
• Next by Date: draft paper available
• Prev by thread: rc5 perf and rotates
• Next by thread: draft paper available
• Index(es):
  • Main
  • Thread