[Cryptography] How can I make use of the AES hardware on new CPUs?

Alexander Klimov alserkli at inbox.ru
Mon Mar 17 11:55:03 EDT 2014

On Sun, 16 Mar 2014, Bear wrote:
> I only "mostly" trust the silicon.  What I'm writing will do 
> bisimulation about 1% of the time to make sure the dedicated and 
> non-dedicated silicon come up with the same answers.

It makes no sense to subvert hardware AES implementation by not doing 
AES correctly, since most likely the user will immediately see that he 
cannot decrypt the encrypted. 

A reasonable attack is to save or communicate the key thru a covert 
channel. This attack cannot be prevented if you also encrypt 1% of 
data with software AES. On the contrary, the hardware AES may be less 
susceptible to side-channel attacks (SCA), while 1% of software AES 
may reveal enough data for SCA to succeed.


More information about the cryptography mailing list