Re: [Libaes-devel] Proposed API for libaes
Status: Pre-Alpha
Brought to you by:
nigel
Menu
▾
▴
Re: [Libaes-devel] Proposed API for libaes
|
From: Nigel M. <Nig...@de...> - 2002-01-28 13:04:38
|
On Fri, 2002-01-25 at 22:44, Sandy Harris wrote: > Nigel Metheringham wrote: > > - I am not > > currently intending to do anything to support weird intermediate key > > sizes (OK thats pejorative language, but are there any reasonable > > requirements for intermediate keysizes especially as it really hits > > efficiency at present). > > Why even consider it? Neither the original Rijndael nor the AES spec > have those, and you aren't doing research on cipher variations. You're > either implementing the cipher or providing a new interface for Brian > Gladwin's code. Either way, you have no business adding things. Actually the intermediate key sizes are from Brian Gladman's code. > The AES contest specified that all entries must use a 128-bit block > size. All the evaluation of Rijndael (security and speed) during the > AES process used that size, so much less is known about whether the > other sizes might have security weaknesses. The AES standard is for > a cipher with 128-bit block size, Rijndael minus the variable block > size feature. Last time I looked, that was all Brian Gladwin's code > supported as well. This had slipped past me but going back and looking at the AES spec (ie FIPS-197 - see http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf ), you are exactly right. > I think you should do only the one block size, unless someone can > turn up a compelling reason that the others are quite useful. Yes - libaes should be AES (Rijndael 128 bit block size) with 128/192/256 bit key sizes only. Also since FIPS-197 refers to AES-128, AES-192 and AES-256 as being Rijndael 128 bit block size with differing key lengths, my use of aes128/aes192/aes256 denoting different *block* sizes is highly confusing. > If you really want to do them all, then I think the names should be: > > aes 128-bit block > #ifdef REST_OF_RIJNDAEL > rijndael any block size > rijndael_128blk 128-bit block > rijndael_192blk 192-bit block > rijndael_256blk 256-bit block > #endif > > You cannot call it AES if it uses any block size other than 128. > > You need rijndeal_128blk, not just rijndael_128, to make it clear I think I'll look at splitting the non-AES stuff out into a different library - maybe built from the same source package, but work with an rijndael.h and a librijndael for those. In general I don't think there is a good case in efficiency terms for having separate calls for AES-128, AES-192, AES-256 (ie different key sizes) since the avoidable cost for a version that does all 3 key lengths over a per keylength implementation is 1 test and jump (those real speed demons may find that a pure assembler AES-128 implementation with no error checking at all has a 2 or 3% speed increase over the current.... I'll try that just to ensure my figures are right. BTW anyone know somewhere providing sourceforge like facilities but based outside the US? Currently I'm only using sourceforge for distribution since I don't want to potentially risk losing some control of the CVS tree should current US crypto policy blow in the wind again. Nigel. -- [ Nigel Metheringham Nig...@In... ] [ Phone: +44 1423 850000 Fax +44 1423 858866 ] [ - Comments in this message are my own and not ITO opinion/policy - ] |
