Re: Don't use S-boxes!

From: BRG (brg_at_nowhere.org)
Date: 11/22/04


Date: Mon, 22 Nov 2004 19:43:55 +0000

karl_m@acm.org wrote:
> BRG wrote:
>
>
>>My published AES code can be configured to use tables from 256 bytes
>>upwards - that is 256 bytes for encrypt and 256 bytes for decrypt.
>>
>>256 byte tables are very slow but 1024 byte tables provide good
>>performance with greater resistance to this sort of timing attack.
>
>
> Do you have the necessary RDTSC instrumentation in place to produce
> cycles-per-byte figures? On the insistance of Professor Wagner, I
> recently added these to the REFERENCE IMPLEMENTATION I maintain at
> www.geocities.com/malbrain/aestable.html
> Feel free to lift the relevant sections if you need them.

In short, yes, I produce cycles/byte figures using a standard timing
harness that uses the RDTSC on the x86.

My timing code is available on my site but, more recently, Christophe
Devine and I developed the AES timing code that he has made available here:

   http://www.cr0.net:8040/code/crypto/aesbench.tgz

    Brian Gladman