OCB Authenticated Encryption
At last month's Workshop on Real-World Cryptography at Stanford University, Phil Rogaway released a new license for OCB, granting free use for all open-source implementations. http://www.cs.ucdavis.edu/~rogaway/ocb/license1.pdf OCB is the fastest authenticated-encryption scheme that I know of, and I encourage OpenSSL to incorporate it. My C implementation achieves a rate of 0.87 CPU cycles per byte processed on Sandy Bridge processors, which is just slightly slower that CTR mode encryption and more than twice as fast as GCM. The difference is even greater on other architectures. On ARM, OCB's authentication overhead (ie, cost beyond CTR encryption) is reported to be 3.5 cpb whereas GCM's is at least 15 cpb (according to OpenSSL's notes in ghash-armv4.pl). More about OCB, including the C code, timing results, academic papers and a draft RFC, can be found at its website http://www.cs.ucdavis.edu/~rogaway/ocb I'd be happy to help with integration. Thank you, Ted Krovetz __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: OCB Authenticated Encryption
There are actually two licenses. The second allows all software (even closed), but only for non-military use. http://www.cs.ucdavis.edu/~rogaway/ocb/license.htm Does that make OCB any more acceptable? -Ted__ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: ./config magic?
My mistake... Anti-timing-attack code was deployed between 0.9.8 and 1.0.0 that accounts for the slowdown. It's documented in the assembly files, but I missed it. On Jun 7, 2010, at 5:13 PM, Ted Krovetz wrote: Hello, I love openssl's crypto library, but getting it to perform its best is befuddling me. I have an Intel Core 650 running amd64 debian squeeze with the openssl 0.9.8n package installed. When I run my benchmark that depends heavily on calls to AES_Encrypt I get i5 gcc -march=native -O2 -static ocb3bis.c -lcrypto -ldl i5 a.out Validation string: A1998382DABC73EB5302BC0809FF6206 Should be: A1998382DABC73EB5302BC0809FF6206 OCB 9.95 seconds. 15.55 cpb. When I compile and install a local copy of version 1.0.0a using ./config -march=native, I get a reasonable looking CFLAG CFLAG= -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -march=native - m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL _BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DWHIRLPOO L_ASM but, the result speed is half that of the debian package. i5 gcc -march=native -O2 -static ocb3bis.c -I/usr/local/ssl/include -L/usr/local/ssl/lib64 -lcrypto -ldl i5 a.out Validation string: A1998382DABC73EB5302BC0809FF6206 Should be: A1998382DABC73EB5302BC0809FF6206 OCB 20.85 seconds. 32.58 cpb. Are there some options that I should be passing along to ./config to make it faster? I looked hard for configuration and/or compiler options that might help, but couldn't find much of use. Thanks, Ted Krovetz __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
./config magic?
Hello, I love openssl's crypto library, but getting it to perform its best is befuddling me. I have an Intel Core 650 running amd64 debian squeeze with the openssl 0.9.8n package installed. When I run my benchmark that depends heavily on calls to AES_Encrypt I get i5 gcc -march=native -O2 -static ocb3bis.c -lcrypto -ldl i5 a.out Validation string: A1998382DABC73EB5302BC0809FF6206 Should be: A1998382DABC73EB5302BC0809FF6206 OCB 9.95 seconds. 15.55 cpb. When I compile and install a local copy of version 1.0.0a using ./config -march=native, I get a reasonable looking CFLAG CFLAG= -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -march=native - m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL _BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DWHIRLPOO L_ASM but, the result speed is half that of the debian package. i5 gcc -march=native -O2 -static ocb3bis.c -I/usr/local/ssl/include -L/usr/local/ssl/lib64 -lcrypto -ldl i5 a.out Validation string: A1998382DABC73EB5302BC0809FF6206 Should be: A1998382DABC73EB5302BC0809FF6206 OCB 20.85 seconds. 32.58 cpb. Are there some options that I should be passing along to ./config to make it faster? I looked hard for configuration and/or compiler options that might help, but couldn't find much of use. Thanks, Ted Krovetz__ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org