RE: Security Use Requirements

[Michael Eisler <mre@zambeel.com>]

> At 04:55 PM 2/7/2001 -0800, Michael Eisler wrote:
> >Why use DES, which is slow for software implementations, when AES
> >is there, is fast, and has little dispute about its safety?
> >
> >draft-ietf-ipsec-ciph-aes-cbc-01.txt proposes a means
> >for using AES in IPsec.
> >
> >draft-ietf-tls-ciphersuite-03.txt proposes a means for
> >using AES in TLS.
> >
> >3DES is really, really slow for software to the point of being impractical.
> >While one can always mandate it for implementation, in practice I doubt any
> >customer using a software 3DES over ips will want to use it.
> 
> How fast is AES in hardware?  3DES is link-rate in hardware today and in 
> wide use by many products.  While software implementations are interesting 
> / value to some, most high-speed implementations, e.g. 1 / 10 GbE, will 
> require hardware acceleration and thus the preference is to focus on 
> hardware friendly solutions wherever possible.

One of the major criteria for NIST selecting the AES algorithm was hardware
friendliness.

I'd like to see a reference to 3DES hardware that encrypts at 10 gigabit/sec
in feedback mode.

http://bass.gmu.edu/crypto/AES_non_feedback.PDF compares AES (Riijndael) to
other AES candidates and 3DES on FPGAs. In feedback mode, AES did 414.2
mbit/sec, vs. 59.1 mbit/sec for 3DES.

In anoher paper, the same authors say
	http://ece.gmu.edu/crypto/AES_survey.pdf

that AES can do 1950 mbits/sec with an ASIC (page 27). 

	-mre