[Cryptography] How can I make use of the AES hardware on new CPUs?
alserkli at inbox.ru
Mon Mar 17 11:55:03 EDT 2014
On Sun, 16 Mar 2014, Bear wrote:
> I only "mostly" trust the silicon. What I'm writing will do
> bisimulation about 1% of the time to make sure the dedicated and
> non-dedicated silicon come up with the same answers.
It makes no sense to subvert hardware AES implementation by not doing
AES correctly, since most likely the user will immediately see that he
cannot decrypt the encrypted.
A reasonable attack is to save or communicate the key thru a covert
channel. This attack cannot be prevented if you also encrypt 1% of
data with software AES. On the contrary, the hardware AES may be less
susceptible to side-channel attacks (SCA), while 1% of software AES
may reveal enough data for SCA to succeed.
More information about the cryptography