IETF Logo Mail Archive

Re: [Cfrg] RG Last Call on draft-irtf-cfrg-gcmsiv-06

Andy Polyakov <appro@openssl.org> Mon, 18 September 2017 21:13 UTC

Return-Path: <appro@openssl.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2832B133049 for <cfrg@ietfa.amsl.com>; Mon, 18 Sep 2017 14:13:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I-3yFLYCGKkq for <cfrg@ietfa.amsl.com>; Mon, 18 Sep 2017 14:13:49 -0700 (PDT)
Received: from mta.openssl.org (xmpp.openssl.org [IPv6:2001:608:c00:180::1:e6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42A9F13307F for <cfrg@irtf.org>; Mon, 18 Sep 2017 14:13:48 -0700 (PDT)
Received: from [127.0.0.1] (localhost [IPv6:::1]) by mta.openssl.org (Postfix) with ESMTP id 992C8E0381; Mon, 18 Sep 2017 21:13:44 +0000 (UTC)
To: Ted Krovetz <ted@krovetz.net>, cfrg@irtf.org
References: <EA4347BF-D26F-4303-9A8D-E7B28986DE56@isode.com> <71d10985-4c46-4a7c-e634-76a822102a61@openssl.org> <B49301B4-B5E7-4102-A127-6B7B179A7744@krovetz.net>
From: Andy Polyakov <appro@openssl.org>
Message-ID: <0f356f14-c51b-fa17-490d-5bbdc30882e6@openssl.org>
Date: Mon, 18 Sep 2017 23:13:49 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <B49301B4-B5E7-4102-A127-6B7B179A7744@krovetz.net>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/ej7-dpaZPmtZMlY1M4EigGyOIxk>
Subject: Re: [Cfrg] RG Last Call on draft-irtf-cfrg-gcmsiv-06
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Sep 2017 21:13:51 -0000

> If Andy says that there is likely no long-term performance benefit to using POLYVAL rather than GHASH, then I think this is probably right.

I don't feel that it's what I tried to say, not exactly. I said that
reported 20% improvement is rather anomaly than rule in the POLYVAL vs.
GHASH case, and it wouldn't be sustainable practice if decisions are
based on anomalies. Because anomalies tend to be resolved. In other
words long-run term of mental equation is rather how decisions are made,
than POLYVAL performance per se. As for POLYVAL per se. I'm not saying
that it doesn't offer *any* performance benefit, only that it doesn't on
some platforms, and that in non-anomalous cases it would be far from
"overwhelming". As additional couple of data points I've just collected
results for Cortex-A53, 6%, and Cortex-A57, 0%. It's common big.LITTLE
pair with A53 being "little". [Yes, equivalent of PCLMULQDQ was used. If
it wasn't, difference would be hardly measurable.]

> Before going further with the RFC, could the gcmsiv authors please address the long-term cost vs benefit of using POLYVAL and the modified CTR rather than GHASH and standard CTR?

In the context what I'm also trying to say/imply/suggest is that *mode*
specification is not necessarily right place to introduce primitives.

v2.23.0 | Report a Bug | By Email