[Cryptography] Best AES candidate broken
Jack Lloyd
lloyd at randombit.net
Mon Jul 6 13:26:50 EDT 2015
On Sun, Jul 05, 2015 at 10:47:04AM -0700, Tony Arcieri wrote:
> Serpent in particular uses S-boxes just like AES (or for that matter,
> Lucifer/DES), which makes it just as difficult to implement in software
> with secret independent timing
Serpent uses sboxes, but ones intentionally designed to be implemented
using bitslicing rather than table lookups. I'm not aware of any
non-toy Serpent implementation that actually does 4->4 bit lookups,
rather than evaluating all 16 lookups in parallel using bitwise operations
whose sequence does not depend on any secret data. Do you?
Cheers,
Jack
More information about the cryptography
mailing list