Columbia crypto box
Greg Rose
ggr at qualcomm.com
Mon Feb 10 21:32:01 EST 2003
At 06:12 PM 2/10/2003 -0500, Steven M. Bellovin wrote:
> >In any case, WEP would clearly look very different if it had been designed
> >by cryptographers, and it almost certainly wouldn't use RC4. Look at
> >CCMP, for instance: it is 802.11i's chosen successor to, and re-design
> >of, WEP. CCMP uses AES, not RC4, and I think that was a smart move.
> >
>
>A block cipher is clearly a better choice here. But there were some
>rational reasons for selecting RC4 (even though I think that on
>balance, the choice was very wrong).
I agree that on balance, the implementation of RC4 for WEP was very wrong.
But by your own numbers (and on the assumption that RC4 generates bytes
twice as fast as AES and that the cost of keying is equivalent to
generating 256 bytes) RC4 should win, computationally, on packets greater
than 256 bytes.
More modern stream ciphers such as SOBER-t32, SNOW2.0 and Turing, all of
which explicitly support Initialisation Vectors to generate distinct
streams, perform much better than AES for a job like this. I happen to have
the numbers to hand for a comparison of my implementation of Turing vs.
Brian Gladman's highly optimised AES (because the paper is being presented
in two weeks at FSE), and computationally speaking Turing overtakes at
about 100 bytes and generates bytes about 5 times faster from there on.
SNOW2.0 overtakes almost straight away, and generates bytes about 3 times
faster (haven't measured that myself, but I believe it). The combination of
Turing for encryption and HMAC-SHA-1 for MAC outperforms AES even in OCB
mode on my laptop.
(Lest anyone ask, no, I'm not suggesting adopting Turing or SNOW2.0...
they're too new. And I'm not trying to promote my own cipher particularly.
But...)
You said: "A block cipher is clearly a better choice here." This is almost,
for me, the canonical case for a stream cipher. What's clear to you isn't
clear to me. Can you elucidate, please?
regards,
Greg.
Greg Rose INTERNET: ggr at qualcomm.com
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/
Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list