Werner Dittmann adds Skein One-Pass MAC to SRTP

One of the major features of Skein is that it has a hashing mode that is a one-pass MAC. Normally, HMACs are used with hash functions, but generating an HMAC requires two hashes. In protocols that send a lot of short messages (like VOIP and other media services), a one-pass MAC effectively halves the amount of computes needed. Werner writes of his work:

Date: Wed, 29 Dec 2010 10:56:17 -0600
To: Bruce Schneier
From: Werner Dittmann
Subject: Skein and Threefish - yet another contribution

Dear Bruce, dear Skein team,

here is yet another source contribution to Skein and Threefish.
I started this activity because I needed a Skein MAC
implementation in C and Java with simple to use API and
sufficiently fast.

Currently I use these C and the Java Skein implementations
in my Secure Real-time Transport Protocol (SRTP) software
to generate the MAC over a SRTP packet. Usually a SRTP packet
is short (less than 200 byte for audio and a good codec) and
usually sent every 20ms (50 packets/s).

While Skein MAC is not standard for SRTP I use it because
Phil Zimmermann's ZRTP protocol offers it as an alternative
SRTP MAC to the standard SHA1 HMAC. IMHO for low power CPUs and
frequent usage a Skein MAC is better than SHA1 HMAC.

While doing this implementation I cleaned up my code, added some
documentation and put it in a public repository at github. The
software can be used right now. Java is fairly advanced and stable,
the C stuff is in a stable beta state.

I named it Skein3Fish suite (similar to Alberto Fajardo's
SkeinFish, see below why) and you can find it at

https://github.com/wernerd

then go to the Skein3Fish repository.

Some notable features of this software suite are:

* All three state sizes of Skein and Threefish: 256, 512, and
1024 bits
* Support of Skein MAC and Skein hash
* Variable length of hash and MAC output (numbers of bits)
* Supports bit padding (partial bytes for messages)
* Supports full message length as defined in the Skein paper
(2^96 -1 bytes, not just a meager 4 GiB :-), currently for Java
only, C will follow )
* Skein tested with the official test vectors that are part of the
NIST CD (skein_golden_kat.txt, except Tree hashes)
* The standalone Threefish was tested with test vectors extracted
from skein_golden_kat_internals.txt

* The Java interface uses the well known Bouncy Castle lightweight
crypto library design, thus easy to use for Java programmers.
Because of the Bouncy Castle design the usual cipher modes are
available.
* The C API follows in general the lower level openSSL model. Cipher
modes are not yet available, will follow, most probably the openSSL
way.

I used some open source and public domain sources to implement and
compile this suite. Most notably are the Skein C reference and
Skein C optimized implementations of the Skein team and a very well
written C# implementation from Alberto Fajardo.

License is public domain.

Best regards,
Werner