"Zooko O'Whielacronx" <zo...@zooko.com> writes: >Also, even if you did have a setting where the CPU cost of HMAC-SHA1 was a >significant part of your performance (at e.g. 12 cycles per byte [1]), then >you could always switch to Poly1305 or VMAC (at e.g. 2 cycles per byte), or >to an authenticated encryption mode (effectively zero cycles per byte?).
Uhh, when used for multimedia protection, what you've just described is known as "naive encryption" (see "An Empirical Study of Secure MPEG Video Transmission" by Li Gong). You could probably fill entire conference proceedings with methods that have been designed to get around having to encrypt/authenticate/whatever every byte of multimedia data, including endless analyses of how little you can get away with protecting vs. protection overhead vs. what an attacker can do with the unprotected bits. >So while the trade-off of giving up a little security in order to achieve >even lower CPU costs is theoretically interesting, in practical terms you can >get full security at a negligible CPU cost. Given the amount of work that's gone into the former, I'd say there's more than just a theoretical interest in it. I'm trying to think of some overview references for this sort of thing, perhaps the chapters "Multimedia Encryption" and "Multimedia Authentication" in the book "Multimedia Security Technologies for Digital Rights Management" would be a good start. It would help if the OP could indicate how much CPU budget they had available for encryption and/or authentication, just the two chapters referenced above contain ~120 references for different mechanisms and tradeoffs. Peter (who's had to plough through way too much of this stuff in the past). _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
