[cryptography] "stream MAC" - does anything like it exist?

Zooko O'Whielacronx zooko at zooko.com
Tue Sep 14 11:54:36 EDT 2010

On Mon, Sep 13, 2010 at 11:01 AM, mheyman at gmail.com <mheyman at gmail.com> wrote:
> The 50,000 ft view is that IPsec HMAC-SHA1
> costs about the same amount of processing as TCP.
> Even with the heaviest
> authentication (HMAC-SHA1) the video was completely intelligible with
> only the occasional stutter.

Also, even if you did have a setting where the CPU cost of HMAC-SHA1
was a significant part of your performance (at e.g. 12 cycles per byte
[1]), then you could always switch to Poly1305 or VMAC (at e.g. 2
cycles per byte), or to an authenticated encryption mode (effectively
zero cycles per byte?).

So while the trade-off of giving up a little security in order to
achieve even lower CPU costs is theoretically interesting, in
practical terms you can get full security at a negligible CPU cost.

(The cost of including the MAC tag bytes in each packet is a different matter.)



[1] http://cryptopp.com/benchmarks.html

More information about the cryptography mailing list