Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Re: [P1619-2] bit-level vs. byte-level spec for EME2

To: P1619-2@xxxxxxxxxxxxxxxxx
Subject: Re: [P1619-2] bit-level vs. byte-level spec for EME2
From: David McGrew <mcgrew@xxxxxxxxx>
Date: Fri, 9 May 2008 12:13:47 -0700
In-Reply-To: <4821A970.3020709@alum.mit.edu>
List-Help: <http://listserv.ieee.org/cgi-bin/wa?LIST=P1619-2>, <mailto:LISTSERV@LISTSERV.IEEE.ORG?body=INFO%20P1619-2>
List-Owner: <mailto:P1619-2-request@LISTSERV.IEEE.ORG>
List-Subscribe: <mailto:P1619-2-subscribe-request@LISTSERV.IEEE.ORG>
List-Unsubscribe: <mailto:P1619-2-unsubscribe-request@LISTSERV.IEEE.ORG>
References: <4821A970.3020709@alum.mit.edu>
Reply-To: David McGrew <mcgrew@xxxxxxxxx>

Hi Shai,

I think that treating inputs and outputs as byte strings is fine,  
since it's simple and most (if not all) applications would use byte  
strings rather than bit strings.

As an aside, I think that it would be valuable for the crypto  
standards community to establish one or two conventions for bit/byte  
representations in an document that could be referenced in future  
standards work.  I think that Brian is the right person to write this  
document too ;-)

David

On May 7, 2008, at 6:06 AM, Shai Halevi wrote:

> I received the following comment from Brian Gladman, regarding the
> EME2 specification as in 1619.2-D2.
>
>> AES bit numbering puts bit sequence bits 8n .. 8n+7 in byte n and
>> puts bits with lower enumerations in _more_ numerically significant  
>> positions within bytes.  The field representation puts bit 8n .. 8n+7
>> in byte n and puts bits with lower enumerations in _less_  
>> numerically significant positions within bytes.  EME2 hence uses  
>> two different
>> bit to byte mapping conventions and this makes it necessary to  
>> specify
>> which of these is used for EME2 data inputs and outputs (this impacts
>> on where the padding bits go).
>
> Looking at the EME2 spec, I believe that he is right. My intention was
> to have EME2 specified completely at the byte level, but this is not
> how the spec is written right now. So my proposal is to modify the  
> EME2
> spec, eliminate all bit-level language and replacing it with byte- 
> level
> description instead.
>
> Please note that this change means that EME2 will only be specified
> for byte strings (i.e., strings that consist of integral number of
> bytes). For example, it cannot be applied to a 129-bit string. I think
> that for the application domain of 1619.2, this is not a problem (but
> let me know if you think otherwise).
>
> The other alternative would be to keep the current bit-level
> description, but then we will have to specify the convention for
> bit<->byte transformation. For example, right now the Mult-by-alpha
> is defined on 16-byte strings, but it is applied for example to
> Key_3, which is described as a 128-bit string.
>
> -- Shai

References:
- [P1619-2] bit-level vs. byte-level spec for EME2
  - From: Shai Halevi

Prev by Date: [P1619-2] Call for papers for the Security in Storage Workshop 2008, due May 30th
Next by Date: Re: [P1619-2] bit-level vs. byte-level spec for EME2
Prev by thread: Re: [P1619-2] bit-level vs. byte-level spec for EME2
Next by thread: [P1619-2] Meeting announcement for discussing SISWG Operating Procedures on May 14th
Index(es):
- Date
- Thread