[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Counter Mode Security: Analysis and Recommendations
Alex(/David),
You have a good point there about the authentication complexity of
say AES-CBC. It does not nicely match with that of Counter-mode-AES.
contd ...
> -----Original Message-----
>...
> Of course there's still the *minor* matter of the hash. Unless I'm
> mistaken, this still requires linear sequential processing of
> the packet
> bytes. Won't this disrupt the tidy flow of parallel blocks?
>
> Cost is still a factor. Let's say you drive it in total to
> $25 per chip
> today. This is $125 retail + $50 for 1 Gbps Ethernet
> hardware. That's
> a tough sell.
> ...
> - Alex
Having said that, simplifying one of them does help silicon
implementations quite a bit. I hate to get into $ numbers, because
no matter what we end up integrating, folks like David do not like
to pay us more than 20-40% margin over the cost of "sand" :-)
Whatever happend to the thoughts around specifying an authentication
algorithm that used AES-CBC-I (Interleaved CBC)? David, maybe you
should take this up next. I can do some leg work for you. With a
reasonable degree, instead of just 3, one can do wonders in
providing head room for run-time vs. space complexity trade-off.
-Shridhar Mukund