Code Poetry
and Text Adventures

by catid posted (>30 days ago) 1:31am Thu. Apr 5th 2012 PDT
For LibCat's Tunnel Authenticated Encryption "Calico" protocol, I have replaced HMAC-MD5 with a custom VMAC-ChaCha implementation, which is a much more efficient Wegman-Carter-based MAC.  It now takes about 5-6 usec to do short message encryption/decryption in the TEST_ECC demo app, whereas it used to take 8-9 usec.

Here's it running on my laptop:

Key Pair Generation time = 139.738 usec
Client: Initialization time = 37.7253 usec
Server: Signature generation time = 126.649 usec
Client: Verifying signature time = 140.123 usec
Client: Filling challenge message time = 123.955 usec
Server: Processing challenge took 191.706 usec
Client: Processing answer time = 260.228 usec
Client: Message 0 construction time = 7.69905 usec
Server: Decryption time = 7.3141 usec
Server: Encryption time = 5.00438 usec
Client: Decryption overhead time = 5.38933 usec
Client: Message 2 construction time = 5.38933 usec
Server: Decryption time = 5.77428 usec
Server: Encryption time = 8.084 usec
Client: Decryption overhead time = 5.38933 usec
Client: Message 3 construction time = 5.38933 usec
Server: Decryption time = 5.77428 usec
Server: Encryption time = 5.38933 usec
Client: Decryption overhead time = 5.38933 usec
Client: Message 4 construction time = 7.31409 usec
Server: Decryption time = 8.084 usec
Server: Encryption time = 5.38933 usec
Client: Decryption overhead time = 5.38933 usec
Client: Message 5 construction time = 7.31409 usec
Server: Decryption time = 5.00438 usec
Server: Encryption time = 5.00438 usec
Client: Decryption overhead time = 5.38933 usec

  Mostly copied from the original VHASH implementation
  by Ted Krovetz (tdk@acm.org) and Wei Dai
  Last modified: 17 APR 08, 1700 PDT

  I stripped out everything that I didn't need, including VMAC in order
  to get at the VHASH algorithm directly.  In my own library I am using
  it integrated tightly with the ChaCha cipher, and only with 8 bytes
  of output.  I stripped out a lot of the beautiful optimization work
  done by the original authors to keep my version simple.

    The VHash algorithm is an exceptionally fast combinatorial hash
  that has properties sufficient for a reasonable guarantee that
  different inputs produce different hashes.  It is not a particularly
  good hash for data integrity checking.  It is also not at all a secure
  hash like SHA-256.  It is especially efficient, however, when used
  for Wegman-Carter message authentication.

    With a good encryption algorithm it can produce a Message
  Authentication Code (MAC).  I intend to use it for implementing
  VMAC-ChaCha, which is realized by adding the VHash output to zero
  bytes after they have been encrypted.

    So it will work like this:

    Step 1: Produce message IV, and use it to set up ChaCha, write it.
    Step 2: Write out 8 bytes of zeroes, and the message to encrypt.
    Step 3: Encrypt the 8 bytes of zeroes + the message with ChaCha.
    Step 4: Compute VHash for the encrypted message bytes.
    Step 5: XOR it into the encrypted zero bytes.

  This is essentially the same as encrypting VHash of the ciphertext
  since ChaCha is a stream cipher that XOR combines with plaintext.

  With this construction, the hash function is keyed, and you can
  think of VHash as a randomly-chosen hash from a family of hashes.
  An attacker would have to guess which hash is being used, and since
  the output is always encrypted, very few hints are dropped about
  the hash function key.

  Normal VMAC-AES will add the output of keyed AES to VHash as I
  understand it.  So I am basically just replacing AES with ChaCha,
  and generating some more keystream from ChaCha to cover the VHash.

The latest version is in libcat:

128-bit math support code:
http://code.google.com/p/libcatid/source/browse/trunk/include/cat/math/BigMath.hpp

VHash header:
http://code.google.com/p/libcatid/source/browse/trunk/include/cat/crypt/hash/VHash.hpp

VHash source:
http://code.google.com/p/libcatid/source/browse/trunk/src/crypt/hash/VHash.cpp
last edit by catid edited (>30 days ago) 1:32am Thu. Apr 5th 2012 PDT