[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cfrg] Authenticated encryption

First, let me say that CWC is designed in such a way that there is no kind of order-dependent chaining on block levels. That is, inputs are treated in 96-bit atomic units. If you have, say, 3000 words come in during a single time slice, you can run 1000 parallel computations if you want to do so. In practice, that's not the way the world works, but it's at least theoretically possible to process as much data as you can handle in a single time slice about as fast as you can handle a single block. That is, CWC could scale to speeds faster to 10 gigabits per second in hardware if you throw more hardware at the problem. The tradeoffs are things like dye size and cost.

In short, my answer is that you can (more or less) make CWC run as fast as you need it to run (there's a limit somewhere, of course). We don't do anything ourselves to handle dropped or out of order packets, etc. Those are problems that must be dealt with in the surrounding environment in which CWC is applied.

But, there's no intrinsic issue with CWC that would keep you from designing around the problems you mention at the 10 gigabit/second level.

John


On Tuesday, April 29, 2003, at 01:19 PM, Alex Alten wrote:

John, Doug, Tadayoshi,

I've only had a chance to skim the I-D draft. Just a quick question about the
hardware 10 Gbps performance. For the receiver can this be sustained if
packets are dropped, corrupted or arrive out of order? If not, is it a bad hit
requiring a resynchronization of some sort?

Thanks,

- Alex

At 04:51 PM 4/24/2003 -0400, John Viega wrote:
Indeed, this is the paper we're preparing. We have just a bit more cosmetic work to do, and should be making it available some time next week.

John

On Thursday, April 24, 2003, at 04:31 PM, Marshall Eubanks wrote:

Dear John;

Do you know where I can get an on line version of the CWC reference :

[CWC] Kohno, T., Viega, J. and Whiting, D. "A Carter-Wegman
and Counter-Based Dual-Use Mode (CWC)". Manuscript,
February, 2003.

Or is this the shortly to appear paper you refer to ?

Regards
Marshall Eubanks

On Tuesday, April 15, 2003, at 10:52 PM, John Viega wrote:

Nice work! I'd also like to point people to another new authenticated
encryption mode called CWC:

http://www.ietf.org/internet-drafts/draft-irtf-cfrg-cwc-00.txt

The main thing that CWC offers that other such modes don't is
that is that it is simultaneously patent-free, provably-secure and
parallelizable (meaning that it will be suitable for securing data over
10 gigabit/sec links).

We will be releasing the full version of our paper (including security
proofs) shortly.

There are some minor issues we'll fix in the next version of the draft,
such as using bit lengths to refer to CWC instances, instead of octet
lengths (i.e., AES-CWC-256 instead of AES-CWC-32).

John

_______________________________________________
Cfrg mailing list
Cfrg@ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg
T.M. Eubanks
Multicast Technologies, Inc.
e-mail : tme@multicasttech.com
http://www.multicasttech.com

Test your network for multicast :
http://www.multicasttech.com/mt/

_______________________________________________
Cfrg mailing list
Cfrg@ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg

--

Alex Alten
Alten@ATTBI.com



_______________________________________________
Cfrg mailing list
Cfrg@ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg


_______________________________________________
Cfrg mailing list
Cfrg@ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg