Re: Don't use S-boxes!
karl_m_at_acm.org
Date: 11/20/04
- Previous message: Michael Brown: "Re: world of warcraft encryption"
- In reply to: David Wagner: "Re: Don't use S-boxes!"
- Next in thread: D. J. Bernstein: "Re: Don't use S-boxes!"
- Reply: D. J. Bernstein: "Re: Don't use S-boxes!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 19 Nov 2004 15:00:38 -0800
David Wagner wrote:
> >The specific values of cycles-per-byte for the encryption function
with
> >a pre-expanded key increased from 375 to 750 cycles per byte on my
> >reference implementations.
>
> That counts as extremely slow -- so slow as to render this
> implementation strategy pretty useless, most likely.
Well, I guess it would be worthwile to study more. When I first saw
Professor Burnstein's "Summary of AES" I skipped over it. Now that
I've read it, and see that it's a highly optimized implementation that
expands the SBoxes from 256 into thousands of bytes. No wonder there's
a cache-timing attack.
So my proposed re-layout to the 256 byte S-Box is totally unnecessary,
and in fact my original implementation is immune to simple timing
attacks. That's why I get random numbers from the timing attack on it.
I'll look at optimizing the 227 (relatively constant) cycles per byte
using the simple 256 byte S-Box table.
Thanks, karl m
- Previous message: Michael Brown: "Re: world of warcraft encryption"
- In reply to: David Wagner: "Re: Don't use S-boxes!"
- Next in thread: D. J. Bernstein: "Re: Don't use S-boxes!"
- Reply: D. J. Bernstein: "Re: Don't use S-boxes!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
