[Cryptography] Best AES candidate broken

Krisztián Pintér pinterkr at gmail.com
Sun Jul 5 16:25:28 EDT 2015

Tony Arcieri (at Sunday, July 5, 2015, 7:47:04 PM):

> The real solution to cache timing attacks is to eliminate those
> secret-dependent table lookups entirely, as seen in e.g. Salsa20 / ChaCha20.

it is an interesting question what is cache timing (or other side
channel) resistant. in particular, salsa is ARX, which means it has
addition (32 bit). addition is a rather complex operation, and
on very low end systems, it might not be constant time, or can be
vulnerable to power analysis.

so it is pretty much a question of how far we are going to go. for
example keccak surpasses salsa in that regard.

More information about the cryptography mailing list