1995-12-28 - New! Improved! CryptoLib 1.1 now available.

Header Data

From: Matt Blaze <mab@research.att.com>
To: cypherpunks@toad.com
Message Hash: 45110f88b8005b5b3a4607862621b29323847bfc91b2c897485c8815af1ee98e
Message ID: <199512280557.AAA19317@nsa.tempo.att.com>
Reply To: N/A
UTC Datetime: 1995-12-28 14:32:28 UTC
Raw Date: Thu, 28 Dec 1995 22:32:28 +0800

Raw message

From: Matt Blaze <mab@research.att.com>
Date: Thu, 28 Dec 1995 22:32:28 +0800
To: cypherpunks@toad.com
Subject: New! Improved!  CryptoLib 1.1 now available.
Message-ID: <199512280557.AAA19317@nsa.tempo.att.com>
MIME-Version: 1.0
Content-Type: text/plain


[Note:  This is posted on behalf of Jack Lacy, whose news posting
software is hopelessly broken; please direct responses to him at
cryptolib@research.att.com.  Jack spent the better part of the last
two weeks getting a new release of CryptoLib out the door.  This version,
which should be stable for a while, fixes a few x86 problems, improves
the interfaces to some of the functions, and now allows you to use your
own random number generator to create key material.  If you don't
already have CryptoLib, be the first nerd on your block to get the
new release.  -matt]
========

Announcing CryptoLib - Release 1.1		12/21/95
   Jack Lacy, AT&T Bell Labs

CryptoLib is a portable and efficient library of primitives
for building cryptographic applications.  It runs under most versions
of Unix as well as DOS, Windows and Windows-NT (and 95).

We are pleased to make CryptoLib source code available without charge
to researchers and developers in the US and Canada.  (Because of export
restrictions on cryptographic software, we are only able to make the
software available within the US and Canada to US and Canadian citizens
and US permanent residents.)

CryptoLib is intended for research and experimental use, and is
distributed without warranty or support.  In particular, please
note the following license conditions:

 *              Copyright (c) 1995 by AT&T.
 * Permission to use, copy, and modify this software without fee
 * is hereby granted, provided that this entire notice is included in
 * all copies of any software which is or includes a copy or
 * modification of this software and in all copies of the supporting
 * documentation for such software.
 *
 * This software may be subject to export controls.
 *
 * NOTE:
 * Some of the algorithms in cryptolib may be covered by patents.
 * It is the responsibility of the user to ensure that any required
 * licenses are obtained.
 *
 * SOME PARTS OF CRYPTOLIB MAY BE RESTRICTED UNDER UNITED STATES EXPORT
 * REGULATIONS.
 *
 *
 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED
 * WARRANTY.  IN PARTICULAR, NEITHER THE AUTHORS NOR AT&T MAKE ANY
 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY
 * OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE.

The attached describes the library and some timing results.

To obtain source code send electronic mail to:

	cryptolib@research.att.com

with a statement of the following form:

	"I am a U.S. or Canadian citizen or a legal permanent resident of the
	U.S. and am aware that some parts of CryptoLib may be restricted under
	United States Export regulations and may be covered under various
	US and/or foreign patents.  I have read and understand the
	CryptoLib license."

	Name:
	Location:
	E-mail:
	Are you licensed to use the RSA patent?
	   If yes, give name of licensed organization:
		
===============================================================================

CryptoLib includes the following:

	arbitrary length bignums.

	bigmath package:
		bigAdd, bigSubtract, bigMultiply, bgiDivide,
		bigLeftShift, bigRightShift,
		bigAnd, bigOr, bigXor, bigCopy,
		Euclid's extended GCD,
		modular reduction and exponentiation

	crypto primitives
		DES and 3DES + modes
		Diffie-Hellman
		DSA (Signing and verification roughly equally efficient)
		El Gamal
		Rabin's scheme
		Random Number generation (PSEUDO and TRUE)
		MD[2,4,5]
		Prime generation
		RSA (provided only if you convince me that you have a license)
		SHA
		truerand (For Unix, NT and 95)
		quantization (Defense against Kocher's timing attack)
		quantized RSA, DSA and El Gamal private key operations.
		
	support functions
		asn1.c
		ioutils.c
		netIface.c

Some timing information:

All times assume 32X32 bit assembly of multiplication primitives.

bigPow times (a^b mod c with a,b,c the same length)

		512 bits	1024 bits
		--------	---------
bigPow		0.12s		0.72s		Sparc II Brickell bigpow
		0.43s		3.0s		Sparc II with asm (gcc)
		0.12s		0.78s		Sparc 10 with asm
		0.03s		0.17s		Sparc 10 with asm (Brickell)
		0.084s		0.45s		SGI Indigo (150MHz)
		0.109s		0.75s		100 MHz Pentium (gcc under DOS)

Strong Prime Generation -- ProbTestAttempts = 5
100 primes generated in each test.  Times below are:
(total test time)/100 = avg. time per prime generated.
Using Gordon's strong prime algorithm.

    256		512	1024	Machine
    ---		---	----	-------
    2.8s	24.0s	5.11m	Sparc II 
    .45s	2.7s	77s	100 MHz pentium
	


	RSA Times (64 bit public exponent, message encrypted is full length)
	---------

		512	768	1024 bits	machine
		---	---	---------	-------
encrypt		30ms	50ms	80ms		sparc II
decrypt		160ms	480ms	930ms

encrypt		15ms	33ms	56ms		100 MHz Pentium (Under NT)
decrypt		38ms	104ms	214ms


	DSA Times
	---------

		512	768	1024 bits	machine
		---	---	---------	-------
sign		99ms	166ms	216ms		sparc II (Brickell speedup)
verify		156ms	316ms	416ms

sign		21ms	38ms	49ms		100 MHz Pentium (Under NT)
verify		27ms	43ms	71ms







Thread