fast 386 DES code figures
Eric Hughes
hughes at ah.com
Sat Aug 6 09:54:18 PDT 1994
Phil Karn wonders where all the speed comes from in reports of fast
software DES.
I believe that the really fast DES variants use extremely large
computed-at-key-init S-box tables. As I recall, these implementations
tend to pay for it in terms of setup time, which makes them less that
completely appropriate for multiple IP encryption, each with its own
key and where only a few dozen encryptions are done per packet. The
cost to change keys is paid for either in use of memory for multiple
precomputed S-box sets (an attendant swapping) or in a high key-setup
to encryption ratio.
For a link cipher where the key doesn't change much, these fast
implementations are right. For a situation where keys change
frequently, they may not be a system win.
Thanks to Perry Metzger for alerting me to this issue.
Eric
More information about the cypherpunks-legacy
mailing list