[Cryptography] Best AES candidate broken

Jack Lloyd lloyd at randombit.net
Mon Jul 6 13:26:50 EDT 2015

On Sun, Jul 05, 2015 at 10:47:04AM -0700, Tony Arcieri wrote:

> Serpent in particular uses S-boxes just like AES (or for that matter,
> Lucifer/DES), which makes it just as difficult to implement in software
> with secret independent timing

Serpent uses sboxes, but ones intentionally designed to be implemented
using bitslicing rather than table lookups. I'm not aware of any
non-toy Serpent implementation that actually does 4->4 bit lookups,
rather than evaluating all 16 lookups in parallel using bitwise operations
whose sequence does not depend on any secret data. Do you?


More information about the cryptography mailing list