Re: Tiny table AES implementation




tomstdenis@xxxxxxxxx wrote:
karl malbrain wrote:
The 4th line leaks the most and I see

04 00256 loops: 4d c6 af d2 62 bc 88 23 77 c7

I wouldn't expect much from the 256 lines. How about the 1024 or above
lines????
karl m

04 01024 loops: af 7d 52 5c fd 82 bf 77 56 4b

I downloaded and compiled (MSVC /O2 /D LTC_SMALL_CODE) your aes code
and got the following results:

00, 01024 loops: 75 a6 b5 76 26 96 a6 44 56 a5
01, 01024 loops: 0b 7a 52 85 f1 b2 36 2d 64 d9
02, 01024 loops: de 52 13 5d 98 ab 23 84 f4 af
03, 01024 loops: 1d c7 ee 97 6d d5 cd cb 15 5d
04, 01024 loops: 41 cd d5 7b ae fe bd f4 29 8c
05, 01024 loops: 89 ac fc f1 d6 8d c5 f2 7f de
06, 01024 loops: 8e ee ce 2d 4e cd 84 ae 0d fe
07, 01024 loops: 72 d9 c5 43 b0 83 f2 74 41 40
08, 01024 loops: c8 47 a7 38 88 a8 17 d8 c8 b0
09, 01024 loops: 7a bd 37 77 1d cc 9b ef d3 0f
10, 01024 loops: 0f 10 45 10 90 df 3f 8f af 8f
11, 01024 loops: 95 64 b9 7a d7 27 9e d4 a7 b4
12, 01024 loops: 52 b0 bd 66 7c 10 ff 1f fc 8c
13, 01024 loops: f3 0d 79 fe 30 16 b6 df 30 1f
14, 01024 loops: ad 6d bb 6d 7d 8e bd a0 c0 4d
15, 01024 loops: 4a 85 27 bb b3 3e a0 e6 4a fb

Several lines are leaking key bits to the DJB attack. Can you post the
test bed you run the attack under?

karl m

.