Re: [Cfrg] RG Last Call - draft-irtf-cfrg-ocb-00

"Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu> Tue, 05 February 2013 22:44 UTC

Return-Path: <prvs=5748726cfc=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40DD421F894C for <cfrg@ietfa.amsl.com>; Tue, 5 Feb 2013 14:44:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.402
X-Spam-Level:
X-Spam-Status: No, score=-4.402 tagged_above=-999 required=5 tests=[AWL=0.001, BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_MED=-4, SARE_SUB_RAND_LETTRS4=0.799, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9+wei2sWmIZO for <cfrg@ietfa.amsl.com>; Tue, 5 Feb 2013 14:44:17 -0800 (PST)
Received: from mx2.ll.mit.edu (MX2.LL.MIT.EDU [129.55.12.46]) by ietfa.amsl.com (Postfix) with ESMTP id 1B4D921F8941 for <cfrg@irtf.org>; Tue, 5 Feb 2013 14:44:17 -0800 (PST)
Received: from LLE2K7-HUB01.mitll.ad.local (LLE2K7-HUB01.mitll.ad.local) by mx2.ll.mit.edu (unknown) with ESMTP id r15MiGxL018451; Tue, 5 Feb 2013 17:44:16 -0500
From: "Blumenthal, Uri - 0558 - MITLL" <uri@ll.mit.edu>
To: Ted Krovetz <ted@krovetz.net>, "cfrg@irtf.org" <cfrg@irtf.org>
Date: Tue, 5 Feb 2013 17:44:12 -0500
Thread-Topic: [Cfrg] RG Last Call - draft-irtf-cfrg-ocb-00
Thread-Index: Ac4D8lMWLxqjc+cJSm2H5swAOKRGaw==
Message-ID: <CD36F024.E947%uri@ll.mit.edu>
In-Reply-To: <9BBAB802-CF3A-4DA0-B092-4F45B202C54F@krovetz.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.2.5.121010
acceptlanguage: en-US
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="B_3442931052_26276220"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.9.8327, 1.0.431, 0.0.0000 definitions=2013-02-05_07:2013-02-04, 2013-02-05, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=2 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=6.0.2-1211240000 definitions=main-1302050194
Subject: Re: [Cfrg] RG Last Call - draft-irtf-cfrg-ocb-00
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Feb 2013 22:44:18 -0000

Going to Phil's page gives the following. What is the relation between
"License 1" and "License 2"?


* License for Open-Source Software Implementations of OCB
<http://www.cs.ucdavis.edu/~rogaway/ocb/license1.pdf> (Jan 9, 2013) ‹
³License 1² 
Under this license, you are authorized to make, use, and distribute
open-source software implementations of OCB. This license terminates for
you if you sue someone over their open-source software implementation of
OCB claiming that you have a patent covering their implementation.
This is a non-binding summary of a legal document (the link above). The
parameters of the license are specified in the license document and that
document is controlling.

* General License for Non-Military Software Implementations OCB
<http://www.cs.ucdavis.edu/~rogaway/ocb/license2.pdf> (Jan 10, 2013). ‹
³License 2² 
This license does not authorize any military use of OCB. Aside from
military uses, you are authorized to make, use, and distribute (1) any
software implementation of OCB and (2) non-software implementations of OCB
for noncommercial or research purposes. You are required to include notice
of this license to users of your work so that they are aware of the
prohibition against military use. This license terminates for you if you
sue someone over an implementation of OCB authorized by this license
claiming that you have a patent covering their implementation.
This is a non-binding summary of a legal document (the link above). The
parameters of the license are specified in the license document and that
document is controlling.

P.S. GCM may be slower - but at least I don't need a law degree to figure
out what can be done with it.
P.P.S. My assembly skills are rusty, but I didn't find use of CLMUL in the
assembly code. Could you clarify whether only AES-NI instructions were
used, or CLMUL was used too? Tnx!

--
Regards,
Uri Blumenthal
<Disclaimer>



On 2/5/13 17:17 , "Ted Krovetz" <ted@krovetz.net> wrote:

>Phil has issued broad licenses for OCB, allowing open-source software
>implementations and software implementations in non-military contexts and
>non-commercial non-military hardware implementations. The licenses are at
>
>  http://www.cs.ucdavis.edu/~rogaway/ocb/license.htm
>
>It is my understanding -- correct me if I'm wrong -- that IP disclosures
>do not go directly in the RFC but instead get disclosed to the IETF along
>with the RFC submission. This has been done and the disclosures are at
>
>  
>https://datatracker.ietf.org/ipr/search/?option=document_search&id_documen
>t_tag=draft-krovetz-ocb
>
>There is a study of OCB performance vs other AE schemes which includes
>AES-NI on Westmere hardware.
>
>  http://www.cs.ucdavis.edu/~rogaway/ocb/ocb-doc.htm
>  http://www.cs.ucdavis.edu/~rogaway/ocb/performance
>
>These have not been updated for Sandy Bridge or Ivy Bridge. I can tell
>you that under Sandy Bridge OCB takes just 0.87 cycles per byte when
>processing 4KB messages. The fastest GHASH implementation I know about is
>Andy Polyakov's OpenSSL implementation that runs at 2.0 cycles per byte
>(just for GCM's hashing, you'd have to add the cost of encryption to get
>GCM's overall speed). Sandy Bridge and Ivy Bridge did not improve
>PCLMULQDQ performance but did improve AESENC performance, meaning that
>Sandy and Ivy improved OCB's performance much more than GCM's.
>
>-Ted
>
>
>_______________________________________________
>Cfrg mailing list
>Cfrg@irtf.org
>http://www.irtf.org/mailman/listinfo/cfrg