[3390] in cryptography@c2.net mail archive
Re: Fwd: Re: r.e. quality of IDEA...
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Mon Sep 28 18:39:19 1998
To: Greg Rose <ggr@qualcomm.com>
cc: "David G. Koontz" <koontz@ariolimax.com>, cryptography@c2.net
Date: Fri, 25 Sep 1998 18:41:53 -0400
From: "Steven M. Bellovin" <smb@research.att.com>
In message <199809252106.HAA11077@avalon.qualcomm.com>, Greg Rose writes:
>"David G. Koontz" writes:
>>A quick look at the source for IDEA shows that the key for IDEA doesn't
>>require
>>prescheduling.
>
>It is true that for encryption, there is relatively little benefit from
>the precomputed key schedule. For decryption, though... this is not
>entirely true. The decryption keys require the modular multiplication
>inverses. This can be done by lookup in a 128K table on the fly, but
>that's back to real estate. Or they can be computed on the fly, but that
>requires the extended Euclidean algorithm. There are probably tradeoffs
>in there between these approaches, but it might be worth caching the key
>schedules.
>
>Of course you could just encrypt all the time, and never decrypt... :-)
Y'know, I was about to say the same thing, but I decided I'd look at
the source first. And when I did, I was puzzled, because I didn't
see any calculation of inverses, but I knew they had to be there. Not
wanting to appear a fool, I held my mouth pending further investigation.
It took your tongue-in-cheek comment to make me realize exactly what
was going on. The routine I was looking at *was* just encrypting, even
in the decrypt routine, because it was the IDEA routine in ssh, which
uses CFB mode...
