[Botan-devel] Re: Key generation for SEAL stream cipher

Carlton Davis carlton at cs.mcgill.ca
Tue Oct 11 16:10:37 EDT 2005


Thanks Jack for your response. It was very helpful.
My concern about WiderWake4+1 is that it has not been
given much  scrutiny, and considering that it is
based on a similar design principle as Wake, which
is known to be susceptible to chosen plaintext and chosen
ciphertext attacks, I am wondering how secure it is.

In any case, the patent issue with SEAL might be a problem.
Thanks for bringing this to my attention.
I will likely need to consider using WiderWake4+1 or
another stream cipher.


Best regards,

-Carlton

> Date: Mon, 10 Oct 2005 19:01:02 -0400 (EDT)
> From: Carlton Davis <carlton at cs.mcgill.ca>
> Subject: [Botan-devel] Key generation for SEAL stream cipher
> To: botan-devel at randombit.net
> Message-ID: <20051010184506.N57218 at axon.CS.McGill.CA>
> Content-Type: TEXT/PLAIN; charset=US-ASCII
>
> I would like to use SEAL stream cipher in a secure MANET routing
> protocol. Ideally, I would like to generate the symmetric keys for SEAL
> using a pre-shared secret and a non-secret value (for example a packet's
> sequence number); such that a pair of nodes which share a secret value
> can generate the same encryption/decryption key using the shared secret
> and a packet's sequence number. Does Botan provides this functionality?
> If so what routines can I use to do this?
>
> Thanks much and best regards,
>
> -Carlton
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 10 Oct 2005 19:50:27 -0400
> From: Jack Lloyd <lloyd at randombit.net>
> Subject: Re: [Botan-devel] Key generation for SEAL stream cipher
> To: botan-devel at randombit.net
> Message-ID: <20051010235027.GJ28646 at randombit.net>
> Content-Type: text/plain; charset=us-ascii
>
>
> SEAL has the ability to seek within the cipher stream, at least to a limited
> degree. The member function is seek(u32bit where); basically, a call of
> seal_obj->seek(N) puts SEAL at the Nth byte of the cipherstream which is
> defined by whatever key you set. So you can use the packet number to index into
> a single cipherstream (up to 4 gigabytes of one, at least); just make sure none
> of your packets overlap. One way to do this, if you know the maximum packet
> size you will encrypt is N, is to encrypt each packet by seeking to
> seq_number*N, which ensures that you never use any keystream twice.
>
> An alternate method is to use different keys each time, with each packet being
> encrypted with a key equal to SHA(seq_number || master_key), or something like
> that. However, SEAL's key schedule is very expensive computationally speaking,
> so that wouldn't work too well.
>
> Unless you are tied to SEAL, I would recommend looking at
WiderWake4+1. For
> one, SEAL is patented by IBM, and AFAIK you may need to acquire a patent
> license for certain uses of it within the United States. Also, WiderWake4+1 is
> usually either as fast or faster than SEAL, depending on the platform/compiler,
> and it supports a fast resync operation that takes a 64-bit input. That also
> means you don't have to worry about overlapping keystreams, etc, as the way
> WiderWAKE does it, the keystream generated by some IV has no (distinguishable)
> relationship with a keystream generated using IV+1.
>
> Hope this helps.
>
> Jack
>
> On Mon, Oct 10, 2005 at 07:01:02PM -0400, Carlton Davis wrote:
> > I would like to use SEAL stream cipher in a secure MANET routing
> > protocol. Ideally, I would like to generate the symmetric keys for SEAL
> > using a pre-shared secret and a non-secret value (for example a packet's
> > sequence number); such that a pair of nodes which share a secret value
> > can generate the same encryption/decryption key using the shared secret
> > and a packet's sequence number. Does Botan provides this functionality?
> > If so what routines can I use to do this?
> >
> > Thanks much and best regards,
> >
> > -Carlton
> > _______________________________________________
> > botan-devel mailing list
> > botan-devel at randombit.net
> > http://www.randombit.net/mailman/listinfo/botan-devel
>
>
> ------------------------------
>
> _______________________________________________
> botan-devel mailing list
> botan-devel at randombit.net
> http://www.randombit.net/mailman/listinfo/botan-devel
>
>
> End of botan-devel Digest, Vol 11, Issue 4
> ******************************************
>



More information about the botan-devel mailing list