Re: Cohen's paper on byte order
From: Paul Crowley (paul@JUNKCATCHER.ciphergoth.org)
Date: 04/08/03
- Next message: David Wilson: "Re: Thanks to everybody who gave me HINTS for school task:-)"
- Previous message: AE: "Re: File Encryption"
- In reply to: Brian Gladman: "Re: Cohen's paper on byte order"
- Next in thread: Mok-Kong Shen: "Re: Cohen's paper on byte order"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Paul Crowley <paul@JUNKCATCHER.ciphergoth.org> Date: Tue, 08 Apr 2003 12:25:25 GMT
"Brian Gladman" <brg@gladman.plus.com> writes:
> Ok, we agree but some have definitely said that the FIPS is
> ambiguous in a way that prevents interoperability. I apologise for
> wrongly associating you with their stance.
I'm not sure that "ambiguous in a way that prevents interoperability"
is a thing it would make sense to say about the AES FIPS.
You could say it about, say, a standard for USB nose hair trimmer
controls. You have to be able to plug it in and see it go. If the
standard is specific enough, it will work; if it's ambiguous, it may
fail.
But the AES FIPS isn't useful by itself; it's only useful when
referenced in another standard, one that defines a communication or
storage protocol. That standard will have to specify some things
about how AES is used, such as perhaps selection of chaining modes or
where the IV is and so forth. In that sense, AES implementations
can't interoperate - only standards based on AES can interoperate.
So I think what the uint8-ists are saying among us is that
overwhelmingly, those standards that reference the AES FIPS will be
handling uint8s on every level - the data they handle will be uint8s,
the communication mechanism will carry uint8s, and so forth. As
things stand, if those protocols don't say anything about the ordering
of the bits in a uint8, then they are strictly ambiguous -
implementors will be relying on informed guesses and common practice
to get it right. If someone makes an implementation that goes the
other way, there won't be a part of either standard anyone can quote
to say that the implementation is wrong, which runs counter to the
whole purpose of standards.
In other words, as things stand, the burden of defining the
bits<->uint8 mapping has been pushed onto every standard that uses the
AES FIPS. It doesn't seem unreasonable to hope that a future revision
of the FIPS could fix this situation by defining the mapping itself.
We would be in almost exactly the same situation if AES were defined
on, say, sequences of 32-bit unsigned integers: it wouldn't be
ambiguous as such, but every standard that used it would have to
define a mapping betwen 32-bit ints and the data they had to encode,
which would probably be uint8s.
Obviously different standards will have different needs, and AES can't
be expected to meet all of them. But it's a fact about the world that
uint8s are the *overwhelmingly* prevalent lingua franca, and so a
standard that specifies how to use them is vastly more useful.
-- __ Paul Crowley \/ o\ sig@paul.ciphergoth.org /\__/ http://www.ciphergoth.org/
- Next message: David Wilson: "Re: Thanks to everybody who gave me HINTS for school task:-)"
- Previous message: AE: "Re: File Encryption"
- In reply to: Brian Gladman: "Re: Cohen's paper on byte order"
- Next in thread: Mok-Kong Shen: "Re: Cohen's paper on byte order"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
