Re-Keying AES is expensive (slow), so the idea of using different sector keys is not very appealing. This is why not the keys are tweaked, but the plain- and ciphertext. -Laszlo
> -------- Original Message -------- > Subject: Can LRW be optimized for multiple sector keys? > From: Mart Sõmermaa <[EMAIL PROTECTED]> > Date: Mon, January 16, 2006 9:00 am > To: stds-p1619@listserv.ieee.org > > Suppose we have a key derivation function f, that, given a global key GK > and sector index i, generates a unique sector key K_i > f(GK, i) = K_i > that will be used to key e.g. LRW-AES. > > In this case, LRW key scope is only a single sector (generally 32 > blocks). Hence, the table based optimisation for multiplication in > GF(2^128) do not work -- multiplication table (as described in LRW draft > section 5.1) scope is also only 32 blocks. Also, the tweak increment > optimisation (ibid. 5.2.1) is useless for the same reason. > > Are there ways to optimize multiplication in GF(2^128) even when key > scope is a single sector? > > It has to be noted, that XEX as specified in > http://grouper.ieee.org/groups/1619/email/msg00610.html does not suffer > these drawbacks and it seems that XEX is considerably more efficient > than LRW in multiple key mode.
