Return-Path: <ted@krovetz.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id 256B81243F6
 for <cfrg@ietfa.amsl.com>; Mon, 18 Sep 2017 12:14:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.121
X-Spam-Level: 
X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_NEUTRAL=0.779]
 autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
 header.d=krovetz-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 5FxqbETGuXBl for <cfrg@ietfa.amsl.com>;
 Mon, 18 Sep 2017 12:14:54 -0700 (PDT)
Received: from mail-pg0-x236.google.com (mail-pg0-x236.google.com
 [IPv6:2607:f8b0:400e:c05::236])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id D8CE513209C
 for <cfrg@irtf.org>; Mon, 18 Sep 2017 12:14:54 -0700 (PDT)
Received: by mail-pg0-x236.google.com with SMTP id 7so654864pgd.13
 for <cfrg@irtf.org>; Mon, 18 Sep 2017 12:14:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=krovetz-net.20150623.gappssmtp.com; s=20150623;
 h=mime-version:subject:from:in-reply-to:date:cc
 :content-transfer-encoding:message-id:references:to;
 bh=ishFbrxP2BMoUVqTDd7+4SYQJbLehYWZiOk1YG+g68o=;
 b=qOrbUHjwSljlILFOpQtg0jB0OCAkuw7BdXMXzjamu1sHyijCLDtwCV3hFHHP8LUB4G
 otmowtpC1vf4XVc82b3k2vo1v8az22DwXcO2Sf4l0yrmdC2at83DTo4xIv3+kUUskUQE
 2/2AP4l0qcqXIIh2cUsfr1ZF/chULwSw1M/ZsLxScrA+P45foqBJ5MTxcmn7viENuv2+
 vnk6QyiKacUZpf2fJ2OHHHei9ODMm+KdnWE8n+bnKKM2EL24xZVsUa2C8LiyqJ3q67Va
 y8Kr2i/OTv3FDP7drNolaDThSVQzdvL5n9LS+hVbUVZxW6WVNSz+VxI4JYpYTTzg7RMn
 iryA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
 :content-transfer-encoding:message-id:references:to;
 bh=ishFbrxP2BMoUVqTDd7+4SYQJbLehYWZiOk1YG+g68o=;
 b=AHTh3WWP/8+9zxX9jkg8hqzCUipdtSK2FsTFlmqnUZUSY4yVOA6QJsQ6PnO8YKiSh4
 oBuBfqVJNZZL0WU7OgwpGeisEVLG7n0CMxIEyAqqp2GNZSmRftND1vRIveeBLCYglbM6
 pjOSdCiPp+/7fuNDNjpyh78tJImoxHqlQIX8ZFu2zLko0OmcS1jbKUIxlJ6665yaXtlH
 qTH3v2v+z0oDc8cIq1l7556chvH64GBfOcd4Lwdp/Fb42eYtct7yqDi0i88dlHDrPOdh
 WaxcKF1qQzZy5hf1treScW45QZ0uzIgsACxMRFBsfg1eFtEodNANDqhhV8Pf/rebk2+X
 1z9A==
X-Gm-Message-State: AHPjjUgtSCn2zjy1Unb0B3RhjsYnfREdqv5H6tKy+UJ0ZOSow6+/cUr7
 2+G0iJvWBDNlq/oRDhZ0bA==
X-Google-Smtp-Source: ADKCNb6pnUG8KaDBXzd5o9yQhBQ7Ehv79F76Yo4lGWgjJOX+F4ra9Vjdvd5N1fXmmYtxjkh4eUqyCw==
X-Received: by 10.98.198.70 with SMTP id m67mr32577942pfg.237.1505762094090;
 Mon, 18 Sep 2017 12:14:54 -0700 (PDT)
Received: from cherwell.ecs.csus.edu ([130.86.68.216])
 by smtp.gmail.com with ESMTPSA id w90sm239401pfi.80.2017.09.18.12.14.52
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Mon, 18 Sep 2017 12:14:52 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Ted Krovetz <ted@krovetz.net>
In-Reply-To: <71d10985-4c46-4a7c-e634-76a822102a61@openssl.org>
Date: Mon, 18 Sep 2017 12:14:51 -0700
Cc: Andy Polyakov <appro@openssl.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <B49301B4-B5E7-4102-A127-6B7B179A7744@krovetz.net>
References: <EA4347BF-D26F-4303-9A8D-E7B28986DE56@isode.com>
 <71d10985-4c46-4a7c-e634-76a822102a61@openssl.org>
To: cfrg@irtf.org
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/BiE89IQt4gKx_3cWUVdMNkx3Bqo>
Subject: Re: [Cfrg] RG Last Call on draft-irtf-cfrg-gcmsiv-06
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>,
 <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>,
 <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Sep 2017 19:14:56 -0000

For those unfamiliar with Andy's work, he is the primary contributor of =
assembly-language implementations to OpenSSL. For example, most of these =
were written by him and are first-rate.

https://github.com/openssl/openssl/tree/master/crypto/aes/asm
https://github.com/openssl/openssl/tree/master/crypto/modes/asm

If Andy says that there is likely no long-term performance benefit to =
using POLYVAL rather than GHASH, then I think this is probably right.

Before going further with the RFC, could the gcmsiv authors please =
address the long-term cost vs benefit of using POLYVAL and the modified =
CTR rather than GHASH and standard CTR?

Thanks,
Ted=