Re: Don't use S-boxes!
From: BRG (brg_at_nowhere.org)
Date: Mon, 22 Nov 2004 19:43:55 +0000
> BRG wrote:
>>My published AES code can be configured to use tables from 256 bytes
>>upwards - that is 256 bytes for encrypt and 256 bytes for decrypt.
>>256 byte tables are very slow but 1024 byte tables provide good
>>performance with greater resistance to this sort of timing attack.
> Do you have the necessary RDTSC instrumentation in place to produce
> cycles-per-byte figures? On the insistance of Professor Wagner, I
> recently added these to the REFERENCE IMPLEMENTATION I maintain at
> Feel free to lift the relevant sections if you need them.
In short, yes, I produce cycles/byte figures using a standard timing
harness that uses the RDTSC on the x86.
My timing code is available on my site but, more recently, Christophe
Devine and I developed the AES timing code that he has made available here: