Re: Cohen's paper on byte order
From: Brian Gladman (brg@gladman.plus.com)
Date: 04/07/03
- Next message: Mok-Kong Shen: "Re: Cohen's paper on byte order"
- Previous message: Matfys: "Re: Plz,more hints for this cipher"
- In reply to: Roger Schlafly: "Re: Cohen's paper on byte order"
- Next in thread: Mok-Kong Shen: "Re: Cohen's paper on byte order"
- Reply: Mok-Kong Shen: "Re: Cohen's paper on byte order"
- Reply: Eugene Starokoltsev: "Re: Cohen's paper on byte order"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Brian Gladman" <brg@gladman.plus.com> Date: Mon, 7 Apr 2003 21:26:04 +0100
From: "Roger Schlafly" <rogersc@mindspring.com>
Newsgroups: sci.crypt
Sent: Monday, April 07, 2003 7:40 PM
Subject: Re: Cohen's paper on byte order
> "Eugene Starokoltsev" <eugene_o@gmx.net> wrote
> > Yes. AES external interface is defined in terms of bit sequences only.
> > So to make the situation clear we should consider three alternatives:
> > 1. AES external interfase is defined in terms of bit sequences only
> > (what we see now).
> > 2. AES external interface is defined in terms of sequences of integers
> > in the range [0..255] only.
> > 3. AES external interface is defined in terms of bit _and_ byte
> > sequences.
> > The last possibility is the worst, as different current communication
> > protocols use different byte-to-bits mapping. ...
>
> The fact that some people number bits differently is all the more
> reason for AES to use a specific definition. Otherwise, some
> systems may fail to be interoperable.
But there _is_ a specific definition of the input, output and key values for
AES in the FIPS - see section 3.1.
Morover, the objects identified in section 3.1 of the FIPS can be encoded in
ASN.1 X.690 semantics as bitstrings (8.6) and hence I assume that they can
be exchanged without ambiguity. The specific bit numbering does not matter,
only the fact that they are ordered without left/right ambiguity (which I
assume is true of ASN.1 X.690 bitstrings).
For _encrypted_ AES blocks there is no valid concept of internal structure
since the only thing that has any meaning is the whole block. Hence a
bitstring representation is a sensible mapping for such entities. On the
plaintext side, if sensible data goes in, sensible data will come out unless
the encoding of the data on the two systems is different (and a failure here
cannot sensibly be blamed on the FIPS).
Although AES interface objects should technically be encoded and exchanged
as bitstrings, we seem to have evolved through _custom and practice_ a more
efficient and practical means of doing the same job using arrays of bytes.
There are small risks in this but I believe that these are bearable given
the convenience of this interface and the almost universal implicit
understanding of how it works.
If, on the other hand, people wish to bypass the specified AES interface
(3.1) and interface directly to objects that are defined only for internal
use (3.2), then they need to have access to the documentation of the
implementation in order to understand how these objects are represented
internally. And, of course, they are living dangerously in interfacing
directly to them.
Brian Gladman
- Next message: Mok-Kong Shen: "Re: Cohen's paper on byte order"
- Previous message: Matfys: "Re: Plz,more hints for this cipher"
- In reply to: Roger Schlafly: "Re: Cohen's paper on byte order"
- Next in thread: Mok-Kong Shen: "Re: Cohen's paper on byte order"
- Reply: Mok-Kong Shen: "Re: Cohen's paper on byte order"
- Reply: Eugene Starokoltsev: "Re: Cohen's paper on byte order"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
