Faster and timing-attack resistant AES-GCM

Add to your list(s) Download to your calendar using vCal

• Emilia Kasper, KU Leuven
• Friday 28 August 2009, 16:00-16:30
• Computer Laboratory, William Gates Building, Room FW11.

If you have a question about this talk, please contact Markus Kuhn.

This talk discusses implementation strategies for (authenticated) AES encryption to achieve resistance against cache-timing attacks without a penalty in performance.

Namely, we present a bitsliced implementation of AES encryption in counter mode for 64-bit Intel processors. Running at 7.59 cycles/byte on a Core 2, it is up to 25% faster than previous implementations, while simultaneously offering protection against timing attacks. In particular, it is the only cache-timing-attack resistant implementation offering competitive speeds for stream as well as for packet encryption: for 576-byte packets, we improve performance over previous bitsliced implementations by more than a factor of 2. We also report more than 30% improved speeds for lookup-table based Galois/Counter mode authentication, achieving 10.68 cycles/byte for authenticated encryption. Furthermore, we present the first constant-time implementation of AES -GCM that has a reasonable speed of 21.99 cycles/byte, thus offering a full suite of timing-analysis resistant software for authenticated encryption.

This is joint work with Peter Schwabe from TU Eindhoven.

This talk is part of the Computer Laboratory Security Group meeting presentations series.

This talk is included in these lists:

• All Talks (aka the CURE list)
• Cambridge talks
• Computer Laboratory Security Group meeting presentations
• Computer Laboratory, William Gates Building, Room FW11
• Department of Computer Science and Technology talks and seminars
• Interested Talks
• School of Technology
• Security-related talks
• Trust & Technology Initiative - interesting events
• bld31

Note that ex-directory lists are not shown.