[Cryptography] Best AES candidate broken
pinterkr at gmail.com
Sun Jul 5 16:25:28 EDT 2015
Tony Arcieri (at Sunday, July 5, 2015, 7:47:04 PM):
> The real solution to cache timing attacks is to eliminate those
> secret-dependent table lookups entirely, as seen in e.g. Salsa20 / ChaCha20.
it is an interesting question what is cache timing (or other side
channel) resistant. in particular, salsa is ARX, which means it has
addition (32 bit). addition is a rather complex operation, and
on very low end systems, it might not be constant time, or can be
vulnerable to power analysis.
so it is pretty much a question of how far we are going to go. for
example keccak surpasses salsa in that regard.
More information about the cryptography