Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
OpenOffice and document encryption portability
Posted Apr 3, 2012 2:05 UTC (Tue) by jzbiciak (✭ supporter ✭, #5246)
Posted Apr 3, 2012 2:14 UTC (Tue) by BradD (subscriber, #83895)
Posted Apr 3, 2012 3:49 UTC (Tue) by jzbiciak (✭ supporter ✭, #5246)
I wouldn't argue against that. It seems like in general it would offer more security as long as you could also prove there were no categorically bad S-boxes. (I believe that to be true for Blowfish, but I'm no cryptographer.)
In the original context of "bitslice optimizing an encryption algorithm," though, it appears Blowfish does not lend itself to this technique with a generic loop kernel. You might have to dynamically generate a kernel based on the specific S-boxes.
And, of course, bitslice algorithms can't help you at all with modes like cipher block chaining (CBC) or cipher feedback mode (CFB), where one encrypted block feeds into the next. Am I dreaming, or did Schneier also develop a tree-like structure for chaining that sought to keep the security but also allowed for more parallelism than CBC or CFB?
Posted Apr 3, 2012 4:07 UTC (Tue) by BradD (subscriber, #83895)
Posted Apr 3, 2012 5:09 UTC (Tue) by jzbiciak (✭ supporter ✭, #5246)
In other interesting news, while trying to research the topic of interleaved chaining modes further on Google, I discovered it has already updated its index to include your reply above in this thread.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds