[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor and AES-NI acceleration , and Tor profiling

On 11/08/2011 12:28 AM, Jacob Appelbaum wrote:
On 11/07/2011 09:29 PM, coderman wrote:
On Sun, Nov 6, 2011 at 5:57 PM, Moritz Bartl<moritz@xxxxxxxxxxxxxx>  wrote:
[notice] Using OpenSSL engine Intel AES-NI engine [aesni] for AES
however, you
are getting not only 3x-10x+ performance improvement in AES ops, but
also avoiding nearly all side channel attacks against AES!

Aren't you really just replacing them with hardware specific side
channel attacks against their implementation of AES? :)

I wouldn't think so.

My understanding is that the problem with AES is that a straightforward implementation performs lots of table lookups and the access pattern is dependent on the secret key. This leaks information via cache timing.

AES-NI converts this to a single instruction which is said to operate in constant time. So that would be a back door, not a side channel attack. :-)

- Marsh
tor-talk mailing list