Re: Tiny table AES implementation

From: "karl malbrain" <malbrain@xxxxxxxxx>
Date: 20 Apr 2006 16:24:42 -0700

tomstde...@xxxxxxxxx wrote:

karl malbrain wrote:

I've posted a new tiny table (512 bytes encrypt, 1280 bytes decrypt)
AES implementation in C that is immune to the DJB timing attack:
www.geocities.com/malbrain/aestable_c.html

The improved timing is 105 cycles/byte encryption, 147 decryption.

I applied the DJB attack against LTC. It works. I then enabled
LTC_SMALL_CODE and it doesn't work.

Are you sure it's not working?

Yesterday I posted a small table (1K bytes) version that shifts and
discovered that it was still leaking 3 or 4 bits per byte. E.g. the
output for one of the 1024 rows is:
26 46 36 16 27 17 06 d7 b6
which is a leakage of 3 bits per byte.

karl m

.

Follow-Ups:
- Re: Tiny table AES implementation
  - From: tomstdenis

References:
- Tiny table AES implementation
  - From: karl malbrain
- Re: Tiny table AES implementation
  - From: tomstdenis

Prev by Date: Re: Tiny table AES implementation
Next by Date: Re: Quickly finding large primes
Previous by thread: Re: Tiny table AES implementation
Next by thread: Re: Tiny table AES implementation
Index(es):
- Date
- Thread

Relevant Pages

Re: Tiny table AES implementation
... AES implementation in C that is immune to the DJB timing attack: ... The improved timing is 105 cycles/byte encryption, 147 decryption. ...
(sci.crypt)
Re: Tiny table AES implementation
... AES implementation in C that is immune to the DJB timing attack: ... The improved timing is 105 cycles/byte encryption, 147 decryption. ...
(sci.crypt)