[Cryptography] Best AES candidate brokenby the way that
Krisztián Pintér
pinterkr at gmail.com
Sun Jul 5 16:19:25 EDT 2015
>> Except there's one problem with that assertion... Rijndael is easily
>> broken by.... cache timing,
> But it is important to distinguish between algorithm failures and
> implementation failures.
to be fair, AES was intended to be implemented with lookup tables.
granted, the original paper is a beautiful piece of math, but nobody
ever envisioned those calculations to be ever implemented in any real
life software. AES was created with the widespread implementation in
mind.
let's see this table:
nist p256 naive implementation nist p256 timing resistant impl
AES literal implementation AES intended implementation
both algorithms have a modern, safe but slow implementation and a fast
but vulnerable one. the fact that AES comes with a safe implementaton,
so you don't have to work it out, is nice and all, but bears very
minor practical relevance.
More information about the cryptography
mailing list