Re: Cohen's paper on byte order
From: Brian Gladman (brg@gladman.plus.com)
Date: 04/09/03
- Next message: Jennifer Eastman: "Hi does anyone have any idea what kind of algorithm FileOpen's WebPublisher2 uses?."
- Previous message: Lassi Hippeläinen : "Re: Saddam Done In By Thuraya Satellite Phone Encryption Break?"
- In reply to: Mok-Kong Shen: "Re: Cohen's paper on byte order"
- Next in thread: Mok-Kong Shen: "Re: Cohen's paper on byte order"
- Reply: Mok-Kong Shen: "Re: Cohen's paper on byte order"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Brian Gladman" <brg@gladman.plus.com> Date: Wed, 9 Apr 2003 08:51:38 +0100
"Mok-Kong Shen" <mok-kong.shen@t-online.de> wrote in message
news:3E936094.F761E4C3@t-online.de...
>
> Brian Gladman wrote:
> >
> > "Brian Gladman" <brg@gladman.plus.com> wrote:
>
> > > The problem is that the _external_ AES interface is only defined in
terms
> > of
> > > bit sequences. This is not a problem in principle but processors
**do**
> >
> > Oops that should have been 'don't'.
> >
> > > generally provide instructions to process bit sequences as a whole so
they
> > > have to be broken up into chunks. ......
> [snip]
>
> As an addendum to my previous post, I like to mention
> that the fact that in C one could define a data structure
> to access the individual bits clearly indicates that
> the physical bits in hardware has a natural numerical
> ordering. Therefore in any 8-bit chunk of hardware
> there is a bit with the lowerest address. This bit is
> clearly the unique candidate to be designated as the
> bit 0 of the chunk in my conviction.
Sadly not.
The smallest bit that has an address on most machines is an 8-bit byte.
Although C bit-fields allow individual bits to be accessed, compiler writers
are free to define this in any way they choose and this makes it useless for
interoperability purposes. If we tried to use this meachanism to solve the
problem we are now debating, I suspect people on both sides of the debate
would agree that total chaos would ensue.
In principle there are two common ways of identifying bits in registers -
numbering them or using numeric significance. But these are not always in
line because some systems number bits from the least significant bit upwards
while others do so from the most significant bit downwards.
These are both entirely sound ways of identifying bits on an individual
machine and either could have been used as the basis for exchanging bytes
(one or the other has to be preserved when moving bytes between machines
since they cannot both be preserved).
But since the world has agreed (at least for all practical purposes) to
exchange _bytes_ in a way that preserves numeric significance rather than
bit numbers, we have to use this approach if we want to exploit the massive
support there now is for moving bytes in this form between machines.
And this means that _for the purposes of exchanging bytes_ we are better off
thinking of them as integers rather than as numbered bit sequences.
And this causes a subtle problem for the AES specification. The issue in
AES is that the _internal_ byte semantics of the algorithm are those of
finite fields and the bits in this representation do not have numeric
significance (interestingly, in view of other parts of this debate, they
could be said to have 'polynomial significance'). And purists (including
me) will object to any attempt to directly associate numeric properties with
these internal objects since this might be used by some to imply that these
objects actually possess such properties.
But there is no difficulty in associating numeric byte semantics with the
_external_ interface (in addition to what we have now) and this makes a lot
of sense given the massive support that exists for moving numeric bytes
around. Hence, in my view, we need a small change in section 3.1 of the
FIPS.
I really don't think that I can much more than this so I hope that this
answers all your questions.
Brian Gladman
PS: Much of the above is a repeat of what has been said by others so I hope
they will forgive me for not specifically acknowledging their contributions.
- Next message: Jennifer Eastman: "Hi does anyone have any idea what kind of algorithm FileOpen's WebPublisher2 uses?."
- Previous message: Lassi Hippeläinen : "Re: Saddam Done In By Thuraya Satellite Phone Encryption Break?"
- In reply to: Mok-Kong Shen: "Re: Cohen's paper on byte order"
- Next in thread: Mok-Kong Shen: "Re: Cohen's paper on byte order"
- Reply: Mok-Kong Shen: "Re: Cohen's paper on byte order"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
