Re: [Cfrg] RG Last Call on draft-irtf-cfrg-gcmsiv-06

Ted Krovetz <ted@krovetz.net> Mon, 18 September 2017 19:14 UTC

Return-Path: <ted@krovetz.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 256B81243F6 for <cfrg@ietfa.amsl.com>; Mon, 18 Sep 2017 12:14:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.121
X-Spam-Level:
X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=krovetz-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5FxqbETGuXBl for <cfrg@ietfa.amsl.com>; Mon, 18 Sep 2017 12:14:54 -0700 (PDT)
Received: from mail-pg0-x236.google.com (mail-pg0-x236.google.com [IPv6:2607:f8b0:400e:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8CE513209C for <cfrg@irtf.org>; Mon, 18 Sep 2017 12:14:54 -0700 (PDT)
Received: by mail-pg0-x236.google.com with SMTP id 7so654864pgd.13 for <cfrg@irtf.org>; Mon, 18 Sep 2017 12:14:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=krovetz-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ishFbrxP2BMoUVqTDd7+4SYQJbLehYWZiOk1YG+g68o=; b=qOrbUHjwSljlILFOpQtg0jB0OCAkuw7BdXMXzjamu1sHyijCLDtwCV3hFHHP8LUB4G otmowtpC1vf4XVc82b3k2vo1v8az22DwXcO2Sf4l0yrmdC2at83DTo4xIv3+kUUskUQE 2/2AP4l0qcqXIIh2cUsfr1ZF/chULwSw1M/ZsLxScrA+P45foqBJ5MTxcmn7viENuv2+ vnk6QyiKacUZpf2fJ2OHHHei9ODMm+KdnWE8n+bnKKM2EL24xZVsUa2C8LiyqJ3q67Va y8Kr2i/OTv3FDP7drNolaDThSVQzdvL5n9LS+hVbUVZxW6WVNSz+VxI4JYpYTTzg7RMn iryA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ishFbrxP2BMoUVqTDd7+4SYQJbLehYWZiOk1YG+g68o=; b=AHTh3WWP/8+9zxX9jkg8hqzCUipdtSK2FsTFlmqnUZUSY4yVOA6QJsQ6PnO8YKiSh4 oBuBfqVJNZZL0WU7OgwpGeisEVLG7n0CMxIEyAqqp2GNZSmRftND1vRIveeBLCYglbM6 pjOSdCiPp+/7fuNDNjpyh78tJImoxHqlQIX8ZFu2zLko0OmcS1jbKUIxlJ6665yaXtlH qTH3v2v+z0oDc8cIq1l7556chvH64GBfOcd4Lwdp/Fb42eYtct7yqDi0i88dlHDrPOdh WaxcKF1qQzZy5hf1treScW45QZ0uzIgsACxMRFBsfg1eFtEodNANDqhhV8Pf/rebk2+X 1z9A==
X-Gm-Message-State: AHPjjUgtSCn2zjy1Unb0B3RhjsYnfREdqv5H6tKy+UJ0ZOSow6+/cUr7 2+G0iJvWBDNlq/oRDhZ0bA==
X-Google-Smtp-Source: ADKCNb6pnUG8KaDBXzd5o9yQhBQ7Ehv79F76Yo4lGWgjJOX+F4ra9Vjdvd5N1fXmmYtxjkh4eUqyCw==
X-Received: by 10.98.198.70 with SMTP id m67mr32577942pfg.237.1505762094090; Mon, 18 Sep 2017 12:14:54 -0700 (PDT)
Received: from cherwell.ecs.csus.edu ([130.86.68.216]) by smtp.gmail.com with ESMTPSA id w90sm239401pfi.80.2017.09.18.12.14.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 18 Sep 2017 12:14:52 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Ted Krovetz <ted@krovetz.net>
In-Reply-To: <71d10985-4c46-4a7c-e634-76a822102a61@openssl.org>
Date: Mon, 18 Sep 2017 12:14:51 -0700
Cc: Andy Polyakov <appro@openssl.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <B49301B4-B5E7-4102-A127-6B7B179A7744@krovetz.net>
References: <EA4347BF-D26F-4303-9A8D-E7B28986DE56@isode.com> <71d10985-4c46-4a7c-e634-76a822102a61@openssl.org>
To: cfrg@irtf.org
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/BiE89IQt4gKx_3cWUVdMNkx3Bqo>
Subject: Re: [Cfrg] RG Last Call on draft-irtf-cfrg-gcmsiv-06
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Sep 2017 19:14:56 -0000

For those unfamiliar with Andy's work, he is the primary contributor of assembly-language implementations to OpenSSL. For example, most of these were written by him and are first-rate.

https://github.com/openssl/openssl/tree/master/crypto/aes/asm
https://github.com/openssl/openssl/tree/master/crypto/modes/asm

If Andy says that there is likely no long-term performance benefit to using POLYVAL rather than GHASH, then I think this is probably right.

Before going further with the RFC, could the gcmsiv authors please address the long-term cost vs benefit of using POLYVAL and the modified CTR rather than GHASH and standard CTR?

Thanks,
Ted