Re: Successful remote AES key extraction

From: D. J. Bernstein (djb_at_cr.yp.to)
Date: 04/17/05 

Date: Sat, 16 Apr 2005 22:47:54 +0000 (UTC)

BRG wrote:
> Nevertheless you compare your assembler code with other people's C code,
> which is unsound since compiler performance becomes a significant factor
> in any such comparison.

The objectives are (1) top speed and (2) no timing leaks. It's hard
enough to reach these objectives with a sensible choice of programming
tools. If the objectives are even more difficult to reach with a bad
choice of programming tools, that's something that should be emphasized,
not covered up.

> Moreover comparing AES code designed for high key agility (on the fly
> key expansion) with code designed for static keying (pre computed key
> schedule) is bound to be misleading if the testing regime favours one
> design approach rather than the other.

One problem is to compute AES_k(n) from n and k. Another problem is to
compute AES_k(n) from n and an expanded version of k. Both problems show
up in practice. If the optimal solutions are different, that's again
something that should be emphasized, not covered up.

Anyway, compressed tables are beneficial for both problems. Since I
haven't seen your code, I don't know why you were seeing big slowdowns
from compressed tables.

---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago

Relevant Pages

  • Re: /played time for your characters?
    ... Boris UK wrote: ... Anyone else got times/ objectives they like to compare? ... or am i having a sad day?? ...
    (alt.games.warcraft)
  • Re: /played time for your characters?
    ... Anyone else got times/ objectives they like to compare? ... or am i having a sad day?? ... early time is spent running around the starting areas. ...
    (alt.games.warcraft)
Quantcast