[7942] in cryptography@c2.net mail archive
Re: Rijndael & Hitachi
daemon@ATHENA.MIT.EDU (Arnold G. Reinhold)
Tue Oct 10 17:42:43 2000
Mime-Version: 1.0
Message-Id: <v04210101b608fc1f04ec@[24.218.56.92]>
In-Reply-To: <4.2.2.20001008163631.00c6cc40@shell1.shore.net>
Date: Tue, 10 Oct 2000 13:44:13 -0400
To: Vin McLellan <vin@shore.net>
From: "Arnold G. Reinhold" <reinhold@world.std.com>
Cc: <coderpunks@toad.com>, cryptography@c2.net, cypherpunks@cyberpass.net
Content-Type: text/plain; charset="iso-8859-1" ; format="flowed"
Content-Transfer-Encoding: quoted-printable
Thanks for the summary. My only problem with Rijndael is that it is=20
still rather young. I recall reading that NSA takes seven years to=20
qualify a new cipher. It took at least that long for the open=20
cryptographic community to trust DES. If someone asked me what=20
cipher to use today in a new, very high value application, I would=20
have a hard time choosing between Rijndael and 3DES. Rijndael appears=20
to be a far superior design, but 3DES has enjoyed a lot more scrutiny.
I was thinking it might be useful to define a "Paranoid Encryption=20
Standard (PES)" that is a concatenation of all five AES finalists,=20
applied in alphabetical order, all with the same key (128-bit or=20
256-bit). If in fact RC6 is the only finalist still subject to=20
licensing by its developer, it could be replaced by DEAL=20
(alphabetized under "D"). Since DEAL is based on DES, it brings the=20
decades of testing and analysis DES has received to the party. DEAL=20
was dinged in the first round because "it is claimed that DEAL-192 is=20
no more secure than DEAL-128" and "equivalent keys are claimed for a=20
fraction (2**=AD64) of the 192-bit and 256-bit key spaces."=20
http://csrc.nist.gov/encryption/aes/round1/r1report.htm#sec2.3.1 I=20
don't think either issues is reason to exclude DEAL in this role,=20
though if there were tweaks to DEAL that resolved them, they might be=20
worth including.
PES would be intended for encrypting material of the highest value=20
while AES undergoes additional years of scrutiny. Given Rijndael's=20
outstanding performance, PES could prove 10-20 times slower than AES,=20
but that should not be a problem on modern PCs. User's of PES could=20
still face third-party patent claims, such as Hitachi's, whatever=20
validity they may have. To the extent that my ideas in this posting=20
are patentable, I would happily place them in the public domain.
Arnold Reinhold
At 2:17 AM -0400 10/10/2000, Vin McLellan wrote:
> Arnold G. Reinhold <reinhold@world.std.com> asked:
>
>> What is the licensing status of the other finalists? For example,=20
>>I seem to >recall reading that RC6 would be licensed to the public=20
>>at no charge if it won
>> the competition. What now?
>
> Since April, RC6 has being commercially licensed as part of=20
>RSA's BSAFE Crypto-C 5.0 and BSAFE Crypto-J 3.0 software developer=20
>toolkits. I don't expect that will change.
>
> (RSA said, however, that by the end of the year its regular=20
>support and maintenance procedures will add Rijndael to both of=20
>those SDKs. RSA also said it will adopt the AES as "a baseline=20
>encryption algorithm" for its Keon family of digital cert products.)
>
> Given RSA's market share, the eight BSAFE toolkits could be=20
>a major channel for distributing AES code to the developer=20
>community, particularly among OEMs.=20
><http://www.rsasecurity.com/products/bsafe/>
>
> Of the other three who made the finals in this "Crypto Olympics."
>
>MARS, while patented, is available world-wide under a royalty-free=20
>license from Tivoli Systems, an IBM subsidiary. (See=20
><http://www.tivoli.com>, although the Tivoli site doesn't seem to=20
>have anything but the press release.)
>
>Serpent is public domain, now under the GNU PUBLIC LICENSE (GPL),=20
>although Serpent website warns that "some comments in the code still=20
>say otherwise." <http://www.cl.cam.ac.uk/~rja14/serpent.html>
>
>Twofish is "unpatented, and the source code is uncopyrighted and=20
>license-free; it is free for all uses."=20
><http://www.counterpane.com/twofish.html>
>
> Suerte,
> _Vin
