• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..03-May-2022-

COPYINGH A D29-Apr-20201.1 KiB2217

README.mdH A D29-Apr-20201.2 KiB4227

bench.cH A D29-Apr-20204.9 KiB171152

ctaes.cH A D29-Apr-202017.6 KiB557428

ctaes.hH A D29-Apr-20201.5 KiB4226

test.cH A D29-Apr-20205 KiB11196

README.md

1ctaes
2=====
3
4Simple C module for constant-time AES encryption and decryption.
5
6Features:
7* Simple, pure C code without any dependencies.
8* No tables or data-dependent branches whatsoever, but using bit sliced approach from https://eprint.iacr.org/2009/129.pdf.
9* Very small object code: slightly over 4k of executable code when compiled with -Os.
10* Slower than implementations based on precomputed tables or specialized instructions, but can do ~15 MB/s on modern CPUs.
11
12Performance
13-----------
14
15Compiled with GCC 5.3.1 with -O3, on an Intel(R) Core(TM) i7-4800MQ CPU, numbers in CPU cycles:
16
17| Algorithm | Key schedule | Encryption per byte | Decryption per byte |
18| --------- | ------------:| -------------------:| -------------------:|
19| AES-128   |         2.8k |                 154 |                 161 |
20| AES-192   |         3.1k |                 169 |                 181 |
21| AES-256   |         4.0k |                 191 |                 203 |
22
23Build steps
24-----------
25
26Object code:
27
28    $ gcc -O3 ctaes.c -c -o ctaes.o
29
30Tests:
31
32    $ gcc -O3 ctaes.c test.c -o test
33
34Benchmark:
35
36    $ gcc -O3 ctaes.c bench.c -o bench
37
38Review
39------
40
41Results of a formal review of the code can be found in http://bitcoin.sipa.be/ctaes/review.zip
42