[8261] in cryptography@c2.net mail archive
Re: IBM press release - encryption and authentication
daemon@ATHENA.MIT.EDU (Bram Cohen)
Mon Dec 11 17:55:18 2000
Date: Mon, 11 Dec 2000 02:23:40 -0800 (PST)
From: Bram Cohen <bram@gawth.com>
To: cryptography@c2.net
In-Reply-To: <5.0.0.25.2.20001210082053.031345c0@limbo.net>
Message-ID: <Pine.LNX.4.21.0012110217560.13652-100000@ultra.gawth.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Sun, 10 Dec 2000, Rodney Thayer wrote:
> P.s, when he spoke at Stanford I asked about patents and he said
> it was patented, and he said NIST is trying to get them to put it
> in the public domain.
There are slides for it online at
http://csrc.nist.gov/encryption/aes/modes/slides-jutla/index.htm
it's not hard to figure it out just from the slides - there are actually
two methods given, one which requires an extra lg(n) encryptions and one
which requires two extra encryptions but has a bunch of modular
arithmetic. Rijndael is so fast I suspect the second one might not prove
all that useful.
It really does, as advertized, offer MAC for almost no overhead, and
parallelization for free. It would be a shame for these modes to not get
used because of stupid patent bullshit.
-Bram Cohen
(who thinks doing the xors as a gray code instead of binary countup was a
nice touch.)
