Re: Successful remote AES key extraction

From: BRG (brg_at_nowhere.org)
Date: 04/17/05

• Next message: Andrew Swallow: "Re: DNA-Allele Analysis"
• Previous message: C. Bond: "Re: Factoring, SF, and transforms"
• In reply to: D. J. Bernstein: "Re: Successful remote AES key extraction"
• Next in thread: D. J. Bernstein: "Re: Successful remote AES key extraction"
• Reply: D. J. Bernstein: "Re: Successful remote AES key extraction"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 17 Apr 2005 01:03:56 +0100

D. J. Bernstein wrote:
> BRG wrote:
>
>>Nevertheless you compare your assembler code with other people's C code,
>>which is unsound since compiler performance becomes a significant factor
>>in any such comparison.
>
> The objectives are (1) top speed and (2) no timing leaks. It's hard
> enough to reach these objectives with a sensible choice of programming
> tools. If the objectives are even more difficult to reach with a bad
> choice of programming tools, that's something that should be emphasized,
> not covered up.

Whether C or assembler is the better choice for implementation will be
determined by the applications context.

I am simply pointing out that in comparing the speed of your assembler
code with the speed of other people's C code you are not comparing like
with like. Its not a great revelation to find that assembler turns out
to be faster than C.

>>Moreover comparing AES code designed for high key agility (on the fly
>>key expansion) with code designed for static keying (pre computed key
>>schedule) is bound to be misleading if the testing regime favours one
>>design approach rather than the other.
>
> One problem is to compute AES_k(n) from n and k. Another problem is to
> compute AES_k(n) from n and an expanded version of k. Both problems show
> up in practice. If the optimal solutions are different, that's again
> something that should be emphasized, not covered up.

I have always seen this as obvious and I don't know of any attempts to
cover this up.

> Anyway, compressed tables are beneficial for both problems. Since I
> haven't seen your code, I don't know why you were seeing big slowdowns
> from compressed tables.

  Brian Gladman

---

• Next message: Andrew Swallow: "Re: DNA-Allele Analysis"
• Previous message: C. Bond: "Re: Factoring, SF, and transforms"
• In reply to: D. J. Bernstein: "Re: Successful remote AES key extraction"
• Next in thread: D. J. Bernstein: "Re: Successful remote AES key extraction"
• Reply: D. J. Bernstein: "Re: Successful remote AES key extraction"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: WhichAsm.html ... of" when comparing to FASM, which is by far the fastest Assembler ... on Apps around 500 Ko (there _are_ some for RosAsm and FASM, ... (alt.lang.asm) Re: [crit] Fallen ... It's very close to assembler... ... by the compiler for what purpose, ... But, comparing mathematical ... programming to systems-level programming is a fairly apples/oranges ... (rec.arts.sf.composition) Re: Successful remote AES key extraction ... >>I am simply pointing out that in comparing the speed of your assembler ... >>code with the speed of other people's C code you are not comparing like ... > for implementors choosing programming tools. ... > Pentium III cycles per round with compressed tables, ... (sci.crypt) Re: Unicode Support ... strings can contain the full unicode set. ... many good arguments to convince assembler authors to go for a change. ... | Even notepad.exe in Windows XP supports unicode! ... Even the use of UTF for programming tools seems not to be required, ... (alt.lang.asm)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)