IETF Logo Mail Archive

Re: [Cfrg] RG Last Call - draft-irtf-cfrg-ocb-00

Ted Krovetz <ted@krovetz.net> Tue, 05 February 2013 22:17 UTC

Return-Path: <ted@krovetz.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 788B021F84D9 for <cfrg@ietfa.amsl.com>; Tue, 5 Feb 2013 14:17:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.8
X-Spam-Level:
X-Spam-Status: No, score=-2.8 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, SARE_SUB_RAND_LETTRS4=0.799]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w7yelDuuk6Mj for <cfrg@ietfa.amsl.com>; Tue, 5 Feb 2013 14:17:33 -0800 (PST)
Received: from mail-pa0-f42.google.com (mail-pa0-f42.google.com [209.85.220.42]) by ietfa.amsl.com (Postfix) with ESMTP id CCF8321F84CE for <cfrg@irtf.org>; Tue, 5 Feb 2013 14:17:33 -0800 (PST)
Received: by mail-pa0-f42.google.com with SMTP id kq12so403680pab.15 for <cfrg@irtf.org>; Tue, 05 Feb 2013 14:17:33 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:content-type:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=40KqQB0eKXlMIN+0rtHgqiTTbX5oMcbRCILHYqbJsOk=; b=dzm4EPJSDxYpsQWpx1THhdZcIVKKD+SRiD68pf18JSVPKQhL8DOfi+ph4zoAuYTY6i KDasoBpcZnVPxDfOuYCb1gERitX+o6h/p+1T+Yw/52Sug2EZdMCOszokacSyHP6ZyZuR Cd4qFCKbyThNR+Td4TMI8gIJeX6KImPZ9fvAypNtxu0Mbv7+iEYhboPDQ2bumBX9La2w jLW7rrqPm3RQn8XKVQcL15QLVfRbUFvAdJbc28Ot2Z0jL8ucgN6WhkTWBLUW0hJ/C1HV fY/09mYoU42R3+3XEhz1d4tx8Gc1x84ZIalzW9cjYLGCMuRI9FjvS8EsOqxcgwEalp1V Uyeg==
X-Received: by 10.66.81.166 with SMTP id b6mr68403146pay.7.1360102653111; Tue, 05 Feb 2013 14:17:33 -0800 (PST)
Received: from [192.168.1.73] (c-67-166-145-119.hsd1.ca.comcast.net. [67.166.145.119]) by mx.google.com with ESMTPS id b3sm29817108pax.14.2013.02.05.14.17.31 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 05 Feb 2013 14:17:32 -0800 (PST)
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Ted Krovetz <ted@krovetz.net>
In-Reply-To: <CD36D4B4.E927%uri@ll.mit.edu>
Date: Tue, 05 Feb 2013 14:17:30 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <9BBAB802-CF3A-4DA0-B092-4F45B202C54F@krovetz.net>
References: <CD36D4B4.E927%uri@ll.mit.edu>
To: cfrg@irtf.org
X-Mailer: Apple Mail (2.1499)
X-Gm-Message-State: ALoCoQlBjnzJwXWPiNY0l0MiLZZv5rac4FIUDbMZcsfCLF7kS0lu9JoOnWA0ctiHr3Hsnd6sDsQJ
Subject: Re: [Cfrg] RG Last Call - draft-irtf-cfrg-ocb-00
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Feb 2013 22:17:34 -0000

Phil has issued broad licenses for OCB, allowing open-source software implementations and software implementations in non-military contexts and non-commercial non-military hardware implementations. The licenses are at

  http://www.cs.ucdavis.edu/~rogaway/ocb/license.htm

It is my understanding -- correct me if I'm wrong -- that IP disclosures do not go directly in the RFC but instead get disclosed to the IETF along with the RFC submission. This has been done and the disclosures are at 

  https://datatracker.ietf.org/ipr/search/?option=document_search&id_document_tag=draft-krovetz-ocb

There is a study of OCB performance vs other AE schemes which includes AES-NI on Westmere hardware.

  http://www.cs.ucdavis.edu/~rogaway/ocb/ocb-doc.htm
  http://www.cs.ucdavis.edu/~rogaway/ocb/performance

These have not been updated for Sandy Bridge or Ivy Bridge. I can tell you that under Sandy Bridge OCB takes just 0.87 cycles per byte when processing 4KB messages. The fastest GHASH implementation I know about is Andy Polyakov's OpenSSL implementation that runs at 2.0 cycles per byte (just for GCM's hashing, you'd have to add the cost of encryption to get GCM's overall speed). Sandy Bridge and Ivy Bridge did not improve PCLMULQDQ performance but did improve AESENC performance, meaning that Sandy and Ivy improved OCB's performance much more than GCM's.

-Ted

v2.23.0 | Report a Bug | By Email