[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: CBC makes Implementations too Slow.
If a single engine can't run fast enough to encrypt at line speed, one
possible solution is to put two engines on chip and have them work on
different blocks of the same packet in parallel. However, this isn't
possible in CBC mode because you can't start encrypting block n+1 until
you've finished with block n.
Best Regards,
Joseph D. Harwood
(408) 838-9434
jharwood@vesta-corp.com
www.vesta-corp.com
> -----Original Message-----
> From: owner-ipsec@lists.tislabs.com
> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of ji@research.att.com
> Sent: Tuesday, October 30, 2001 7:45 PM
> To: khaja.ahmed@cavium.com; smb@research.att.com
> Cc: ipsec@lists.tislabs.com; mahdavi@sepahan.iut.ac.ir
> Subject: Re: CBC makes Implementations too Slow.
>
>
> Maybe I'm missing something, but packets are sent in a bit-serial manner
> in almost all cases; you can be encrypting block n+1 while you are
> transmitting the (already encrypted) block n. Since you have to transmit
> some headers in the clear, you can start encryption of the payload at the
> same time as the cleartext headers are being transmitted; so long as
> you can encrypt at line speeds, you keep the pipelines full. Isn't that
> what we want?
>
> /ji
>
> --
> /\ ASCII ribbon | John "JI" Ioannidis * Secure Systems
> Research Department
> \/ campaign | AT&T Labs - Research * Florham Park, NJ 07932 * USA
> /\ against | "Intellectuals trying to out-intellectual
> / \ HTML email. | other intellectuals" (Fritz the Cat)
>
>
References: