[Botan-devel] Key generation for SEAL stream cipher

Jack Lloyd lloyd at randombit.net
Mon Oct 10 19:50:27 EDT 2005

SEAL has the ability to seek within the cipher stream, at least to a limited
degree. The member function is seek(u32bit where); basically, a call of
seal_obj->seek(N) puts SEAL at the Nth byte of the cipherstream which is
defined by whatever key you set. So you can use the packet number to index into
a single cipherstream (up to 4 gigabytes of one, at least); just make sure none
of your packets overlap. One way to do this, if you know the maximum packet
size you will encrypt is N, is to encrypt each packet by seeking to
seq_number*N, which ensures that you never use any keystream twice.

An alternate method is to use different keys each time, with each packet being
encrypted with a key equal to SHA(seq_number || master_key), or something like
that. However, SEAL's key schedule is very expensive computationally speaking,
so that wouldn't work too well.

Unless you are tied to SEAL, I would recommend looking at WiderWake4+1. For
one, SEAL is patented by IBM, and AFAIK you may need to acquire a patent
license for certain uses of it within the United States. Also, WiderWake4+1 is
usually either as fast or faster than SEAL, depending on the platform/compiler,
and it supports a fast resync operation that takes a 64-bit input. That also
means you don't have to worry about overlapping keystreams, etc, as the way
WiderWAKE does it, the keystream generated by some IV has no (distinguishable)
relationship with a keystream generated using IV+1.

Hope this helps.


On Mon, Oct 10, 2005 at 07:01:02PM -0400, Carlton Davis wrote:
> I would like to use SEAL stream cipher in a secure MANET routing
> protocol. Ideally, I would like to generate the symmetric keys for SEAL
> using a pre-shared secret and a non-secret value (for example a packet's
> sequence number); such that a pair of nodes which share a secret value
> can generate the same encryption/decryption key using the shared secret
> and a packet's sequence number. Does Botan provides this functionality?
> If so what routines can I use to do this?
> Thanks much and best regards,
> -Carlton
> _______________________________________________
> botan-devel mailing list
> botan-devel at randombit.net
> http://www.randombit.net/mailman/listinfo/botan-devel

More information about the botan-devel mailing list