Re: Don't use S-boxes!

From: David Wagner (daw_at_taverner.cs.berkeley.edu)
Date: 11/15/04


Date: Mon, 15 Nov 2004 07:45:51 +0000 (UTC)

Douglas A. Gwyn wrote:
>David Wagner wrote:
>> Sorry; I think I asked the wrong question. I meant, can one implement
>> AES efficiently in software using bitslice (or similar) strategies?
>
>I guess what you are suggesting is a special-purpose
>periphral "crypto machine" that has a simple architecture.

Nope. I'm referring to a particular implementation strategy,
in software only (using only whatever standard CPU you already have
access to), for implementing block ciphers. This implementation strategy
is distinguished by its use of logical bitwise operations (OR, AND, XOR,
NOT, etc.) on the microprocessor to perform 32 logical operations in
parallel (on a 32-bit microprocessor). Serpent is a famous example
of a cipher amenable to this implementation strategy. I was curious
whether there are any efficient ways to implement AES using this
kind of approach.