[hiprg] A more byte efficient ESP suite

Robert Moskowitz <rgm@htt-consult.com> Wed, 09 February 2011 22:13 UTC

Return-Path: <rgm@htt-consult.com>
X-Original-To: hiprg@core3.amsl.com
Delivered-To: hiprg@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 842423A6826 for <hiprg@core3.amsl.com>; Wed, 9 Feb 2011 14:13:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id TKIhKfsl8Wr3 for <hiprg@core3.amsl.com>; Wed, 9 Feb 2011 14:13:35 -0800 (PST)
Received: from klovia.htt-consult.com (klovia.htt-consult.com []) by core3.amsl.com (Postfix) with ESMTP id 919CA3A67F6 for <hiprg@irtf.org>; Wed, 9 Feb 2011 14:13:35 -0800 (PST)
Received: from localhost (unknown []) by klovia.htt-consult.com (Postfix) with ESMTP id 6EFDB62ABF for <hiprg@irtf.org>; Wed, 9 Feb 2011 22:13:24 +0000 (UTC)
X-Virus-Scanned: amavisd-new at localhost
Received: from klovia.htt-consult.com ([]) by localhost (klovia.htt-consult.com []) (amavisd-new, port 10024) with ESMTP id FAA3hRiRx8+b for <hiprg@irtf.org>; Wed, 9 Feb 2011 17:13:14 -0500 (EST)
Received: from nc2400.htt-consult.com (nc2400.htt-consult.com []) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 530B762AB9 for <hiprg@irtf.org>; Wed, 9 Feb 2011 17:13:14 -0500 (EST)
Message-ID: <4D531179.1030404@htt-consult.com>
Date: Wed, 09 Feb 2011 17:13:13 -0500
From: Robert Moskowitz <rgm@htt-consult.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20101209 Fedora/3.1.7-0.35.b3pre.fc14 Thunderbird/3.1.7
MIME-Version: 1.0
To: "hiprg@irtf.org" <hiprg@irtf.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [hiprg] A more byte efficient ESP suite
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Feb 2011 22:13:36 -0000

I have been pushed by a number of engineers working in resource 
constrained networks to 'fix' the ESP per IP packet overhead.  Many just 
want to use dTLS, as (in theory) it could be spaning multiple IP 
datagrams (though I wonder if that is frequently true in these use 

So please help me with my analysis:

ESP takes at most 12 bytes:

4    SPI
4    Seq#
4    padding  (though I would really like to get a better understanding 
of padding overhead)

CCM (the primary candidate) takes:

8         IV
8-16    ICV

So ESP-CCM is 28-36 bytes.

But if your IV for CCM is a counter, and not a LFSR, and you use the ESP 
ESN, you 'compress' out the 8 byte IV from CCM for 20-28 bytes.

Now note that when we were first doing CCM for ESP, I proposed this and 
actually did a rough draft, but Steve Kent insisted that LFSR be 
supported as well and that the IV always be explicit, giving us the CCM 
cipher for ESP we have today.

8 bytes IS a big deal to constrained networks (10% of the datapayload on 
802.15.4).  Has there been any discussions anywhere on this sort of