Re: AES Timing Attack Implementation & Karl Malbrain code...

Mike Amling wrote:
> karl malbrain wrote:
>>
>> I implemented a 1K table C version (it shifts a single table) which
>> requires 57 cycles per byte, but it's still vulnerable to the DJB
>> attack: www.geocities.com/malbrain/aesfast2_c.html
>>
>> (it leaks partial key bytes)
>>
>> Is your assembly version also vulnerable? karl m
>
> I'm starting to wonder if a Biham-like bitslice AES has been done in
> software. Without tables, and with the instruction sequence depending on
> neither the key nor the data, if my understanding is correct, such an
> implementation should be immune to timing attacks.

I have done this but I have not published the code (and won't do so).

The danger of discussions like this is that they can give people the
impression that this attack has widespread or universal significance,
something that I don't believe is true.

   Brian Gladman
Received on Mon May 1 02:02:28 2006