[8271] in cryptography@c2.net mail archive
Re: IBM press release - encryption and authentication
daemon@ATHENA.MIT.EDU (Greg Rose)
Mon Dec 11 23:14:43 2000
Message-Id: <4.3.1.0.20001212134110.00b8ed28@127.0.0.1>
Date: Tue, 12 Dec 2000 13:54:42 +1100
To: nikitab@cs.berkeley.edu (Nikita Borisov)
From: Greg Rose <ggr@qualcomm.com>
Cc: cryptography@c2.net
In-Reply-To: <913u51$1kr$1@abraham.cs.berkeley.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
At 05:14 PM 12/11/2000 -0800, Nikita Borisov wrote:
>But in his examples, addition mod 2^128 - 159 can be implemented rather
>quickly:
>
>S_i = S_{i-1} + b [regular 128-bit addition]
>if (b > S_i) S_i += 159
Ahhh, yes, a classical example of premature optimisation. This is, of
course, a different definition of modular arithmetic than most people would
use.
Suppose that the result of the addition S_i falls into the range
[2^128-159 .. 2^128)
then his nice quick method gives an answer that isn't reduced at all,
whereas it really ought to be in the range [0 .. 159) by most people's
definitions of modular arithmetic.
So long as both ends use the broken method, or you aren't terribly unlucky
(since only about 1 in 2^121 calculations will hit this case), it will all
still work.
Greg.
Greg Rose INTERNET: ggr@qualcomm.com
Qualcomm Australia VOICE: +61-2-9181-4851 FAX: +61-2-9181-5470
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/
Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
