Suppose we have a key derivation function f, that, given a global key GK
and sector index i, generates a unique sector key K_i
f(GK, i) = K_i
that will be used to key e.g. LRW-AES.
In this case, LRW key scope is only a single sector (generally 32
blocks). Hence, the table based optimisation for multiplication in
GF(2^128) do not work -- multiplication table (as described in LRW draft
section 5.1) scope is also only 32 blocks. Also, the tweak increment
optimisation (ibid. 5.2.1) is useless for the same reason.
Are there ways to optimize multiplication in GF(2^128) even when key
scope is a single sector?
It has to be noted, that XEX as specified in
http://grouper.ieee.org/groups/1619/email/msg00610.html does not suffer
these drawbacks and it seems that XEX is considerably more efficient
than LRW in multiple key mode.
