[Cryptography] updating a counter
dj at deadhat.com
dj at deadhat.com
Mon May 19 14:22:44 EDT 2014
>
> Last but not least, there is the issue of block cipher
> (in counter mode) versus hash function (in counter mode).
> The cipher has the advantage that it can be re-keyed.
> Rekeying AES is remarkably fast. There is some value
> in doing that, not on every count, but maybe every 1000
> counts or so.
>
Hardware AES can include an inline key schedule, so you don't need to
re-key. You just present the new key and the key schedule is computed
inline as you go through each round.
If you run AES with the same key many times, you leave yourself open to
side channel attacks and fault injection attacks. A system or mode which
updates the key on every AES invocation mitigates these attacks.
The SP800-90B AES-CTR-DRBG uses the same key up to 3 times before updating
it, which isn't too shabby, but a simple transformation of the key every
invocation of AES would improve side channel attack resistance.
DJ
More information about the cryptography
mailing list