Re: Don't use S-boxes!
karl_m_at_acm.org
Date: 11/24/04
- Next message: karl_m_at_acm.org: "Re: Don't use S-boxes!"
- Previous message: karl_m_at_acm.org: "Re: Don't use S-boxes!"
- In reply to: Stefan Tillich: "Re: Don't use S-boxes!"
- Next in thread: karl_m_at_acm.org: "Re: Don't use S-boxes!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 24 Nov 2004 09:41:46 -0800
Stefan Tillich wrote:
> karl_m@acm.org schrieb:
>
> > D. J. Bernstein wrote:
> >
> >>Erwann ABALEA wrote:
> >>
> >>>I ran the time.c program along with the 6 AES implementations
> >
> > present
> >
> >>>in aesbench.tgz (devine, gladman, mks, openssl, gpg, tom), on
> >
> > several
> >
> >>>machines, one of them is a dual Celeron 560. Patterns also appear
> >
> > on
> >
> >>>this machine.
> >>
> >>Thanks for the report.
> >>
> >>
> >>>The "worst" case was the "devine" implementation on a Pentium III.
> >
> > 50%
> >
> >>>of the key bytes showed a repetitive pattern.
> >>
> >>You shouldn't compare implementations based on how badly they flunk
> >
> > this
> >
> >>very simple test. Even if you don't take the serious
cryptographer's
> >>attitude that leaking a single key byte is a disaster, you should
> >
> > assume
> >
> >>that slightly more sophisticated attacks will obtain all the key
> >
> > bits.
> >
> > This certainly wasn't the view when DES was designed. Every EIGHTH
KEY
> > BIT WAS REDUNDANTLY UTILIZED. With the smallest AES configuration
some
> > key distribution redundancy is necessary in PRACTICAL APPLICATION.
>
> Could you explain what you mean by "key distribution redundancy of
AES-128"?
A mechanism to ensure that both parties are talking about the same
thing. karl m
- Next message: karl_m_at_acm.org: "Re: Don't use S-boxes!"
- Previous message: karl_m_at_acm.org: "Re: Don't use S-boxes!"
- In reply to: Stefan Tillich: "Re: Don't use S-boxes!"
- Next in thread: karl_m_at_acm.org: "Re: Don't use S-boxes!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
