Cost of initialization
Page 1 of 1
Cost of initialization
Hi,
I looked at SW implementation of ZUC, and it looks to me that initialization sequence will consume a significant portion of CPU time. In reality we have 33 rounds spent at initialization (i.e. rounds not generating key stream, pure state init): 32 in Initialization() function plus one more in GenerateKeystream(). For small packets like 40B, initialization will consume about 76% of processing time if executed for every packet [40B = 10 rounds 4B each]. For 64B packets 66% of entire encryption time will be purely spent in ZUC's state setup as well. Of course for larger packets that ratio will change in favor of pure key stream generation.
I'm neither LTE nor crypto/security expert, and please correct me if I'm wrong but my understanding is that the Key value is constant across packets from the same flow, but Iv changes per packet - am I right? But since ZUC's initialization requires Key and Iv, then entire LFSR setup has to be repeated for every new packet. On the other hand if Iv was used during the key stream generation only, and only Key was used at full LFSR setup time one could have a pretty fast streaming cipher - for sure in SW. Was ZUC designed with small packets performance in mind? What range of packet sizes one expect to encrypt using 128-EEA3?
I looked at SW implementation of ZUC, and it looks to me that initialization sequence will consume a significant portion of CPU time. In reality we have 33 rounds spent at initialization (i.e. rounds not generating key stream, pure state init): 32 in Initialization() function plus one more in GenerateKeystream(). For small packets like 40B, initialization will consume about 76% of processing time if executed for every packet [40B = 10 rounds 4B each]. For 64B packets 66% of entire encryption time will be purely spent in ZUC's state setup as well. Of course for larger packets that ratio will change in favor of pure key stream generation.
I'm neither LTE nor crypto/security expert, and please correct me if I'm wrong but my understanding is that the Key value is constant across packets from the same flow, but Iv changes per packet - am I right? But since ZUC's initialization requires Key and Iv, then entire LFSR setup has to be repeated for every new packet. On the other hand if Iv was used during the key stream generation only, and only Key was used at full LFSR setup time one could have a pretty fast streaming cipher - for sure in SW. Was ZUC designed with small packets performance in mind? What range of packet sizes one expect to encrypt using 128-EEA3?
yanek- Posts : 1
Join date : 2011-08-15
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum