University of Cambridge > > Computer Laboratory Security Group meeting presentations > Faster and timing-attack resistant AES-GCM

Faster and timing-attack resistant AES-GCM

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Markus Kuhn.

This talk discusses implementation strategies for (authenticated) AES encryption to achieve resistance against cache-timing attacks without a penalty in performance.

Namely, we present a bitsliced implementation of AES encryption in counter mode for 64-bit Intel processors. Running at 7.59 cycles/byte on a Core 2, it is up to 25% faster than previous implementations, while simultaneously offering protection against timing attacks. In particular, it is the only cache-timing-attack resistant implementation offering competitive speeds for stream as well as for packet encryption: for 576-byte packets, we improve performance over previous bitsliced implementations by more than a factor of 2. We also report more than 30% improved speeds for lookup-table based Galois/Counter mode authentication, achieving 10.68 cycles/byte for authenticated encryption. Furthermore, we present the first constant-time implementation of AES -GCM that has a reasonable speed of 21.99 cycles/byte, thus offering a full suite of timing-analysis resistant software for authenticated encryption.

This is joint work with Peter Schwabe from TU Eindhoven.

This talk is part of the Computer Laboratory Security Group meeting presentations series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.


© 2006-2024, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity