3

If we have a very performance critical interactive session, like a video game, running on a trusted platform (video game console).

If our goal is to prevent exfiltration of up to date information (enemy locations, health etc) and malicious commands sent to server in a small time frame (aim botting), say ~1000ms through 1h, to prevent MITM cheating, it seems that 128 bits of protection is excessive for our threat model.

Also are there any decent, modern ciphers with a key size of 64 bits that might actually be faster than AES-NI?

Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323
Daniel Hill
  • 140
  • 6

1 Answers1

2

I believe that ciphers of low bitwidth still have a place for sensor data and likely, video game data. Mainly, this is due to the nature of the data. In the case of a sensor, cryptography generally buys you very little in the practical sense outside of verifying a message, and the same is true in video games. Your data is "stale" in a matter of seconds, and as long as the scheme takes minutes to brute force, you are likely to be fine.

If you have access of AES-NI, or an equivalent instruction set, you will not be able to make anything faster. Let's make the assumption that you are not worried about side-channel attacks, do not have cryptographic hardware on your CPU, and just are interested in speed.

I use SIMON in my embedded hardware, and SPECK in software when I cannot get something else to fit in the space. SPECK is about as fast as you get on an IC without explicit cryptographic hardware. The cryptographic community while give you a difficult time for these ciphers as the NSA created them, but I know of nothing better. SPECK64/96 has 26 rounds, on a MIPS 32-bit MIPS core, it takes me 51 instructions (after I expand the keys) to encrypt the block.

b degnan
  • 5,110
  • 1
  • 27
  • 49