dennis@CAnet.CA (Dennis Ferguson) (09/02/90)
Archive-name: destoo/01-Sep-90 Original-posting-by: dennis@CAnet.CA (Dennis Ferguson) Original-subject: Faster, more portable, DES for kerberos? Archive-site: gw.ccie.utoronto.ca [128.100.63.2] Archive-directory: /pub Reposted-by: emv@math.lsa.umich.edu (Edward Vielmetti) I once wrote a from-scratch DES implementation as part of the authentication subsystem in an NTP daemon. Since authentication is done in a real-time-critical part of the NTP daemon, it was important that the ECB routine run as quickly as possible given the size constraints (it was intended that the NTP code be EPROMable for a stand-alone application). Since NTP uses many keys to checksum relatively small things, the key permutation code was also carefully worked over for speed. Finally, since I wanted something that could be useful for authentication of network protocols in general, by programmers who didn't want to think much about DES, I tried to write this to be maximally portable without #ifdef's. At one point I began the work to turn this into a replacement DES library for kerberos (is there a better standard for a DES programming interface?), but tired of the project when I got to the routines whose algorithms weren't documented on the manual page. The availability of Eric Young's more complete library has, however, prompted me to package what I did in the form of replacement modules for his library. Anyway, my best effort can be found on gw.ccie.utoronto.ca, in pub/destoo.tar.Z. Included in there is a SunOS des(1) clone for testing. The code has no dependencies on byte ordering nor the ability to do unaligned loads and stores. It doesn't use bit fields. There are no #ifdef's. The tables it uses fit in less than 10 kb. On the one machine I tried it on, the CBC routine ran 80% faster than Eric Young's while the key permutation code was several times faster. The one data point I have with respect to the MIT kerberos library (on a VAX 3100 with the 4.3 Reno cc, I understand the MIT code compiles inline assembler for this) the CBC routine ran about 70% faster while the key schedule routine was several times faster. In both cases the test programs using my routines compiled slightly smaller. I have tried to ensure that this code is freely exportable (you can go to jail in Canada for re-exporting certain US encryption technology to third countries), though if you aren't in Canada I don't know how you are going to ftp this out of here without crossing the US. For political commentary I would add that I have no interest at all in DES, or cryptography in general, other than the fact that it is appearing with increasing frequency in authentication addendums for network protocols I would like to use and the US export restrictions make it difficult for me to just use someone else's DES code for this. Thus the effect of those restrictions in this case appear to have been to cause a foreigner, who otherwise would have much preferred to remain ignorant of the whole field, to gain some familiarity with at least one aspect of encryption technology. That it turned out to be not so difficult to produce a somewhat faster, more usable implementation than at least some of the stuff covered by the export restrictions seems just. Dennis Ferguson University of Toronto