[Semi-]off-line encryption
Michael StJohns
mstjohns at comcast.net
Thu Sep 29 16:49:48 UTC 2016
On 9/29/2016 11:28 AM, Andrew Haley wrote:
> GCM allows most of the work in an encryption to be done offline (and
> ahead of time) by other processors, reducing latency and increasing
> throughput. It'd be lovely if we could do this in Java, but I can't
> really see a way to fit this in to the platform security framework.
> We don't want to do this eagerly, because we don't know that more data
> will be encrypted and we don't want to speculate.
>
> However, if we had a hint that (say) a large stream would need to
> encrypt a megabyte of data at some time in the future we could
> precompute a megabyte of keystream. Has anyone considered this?
>
> Andrew.
Um. No. You can make this work with CTR, but you can't with GCM.
With CTR, you just encrypt a stream of zeroes to get an encryption
stream and then XOR the encryption stream later with your actual plain
text. GCM (and CCM) tend to compute the integrity tag in parallel with
calculating the encryption stream. You'd have to still process all of
the plain text (or cipher text) to get the integrity tag.
Mike
More information about the security-dev
mailing list