The blockchain that provides the digital content namespace for the LBRY protocol

Find a file

Pieter Wuille 8501bedd75 Squashed 'src/crypto/ctaes/' changes from cd3c3ac..003a4ac 003a4ac Merge #5: fix typo 5254f14 [trivial] Fix typo e7c0aab Merge #4: Fix some comments d07cead Fix some comments git-subtree-dir: src/crypto/ctaes git-subtree-split: 003a4acfc273932ab8c2e276cde3b4f3541012dd		2016-12-08 17:09:07 -08:00
bench.c	Squashed 'src/crypto/ctaes/' content from commit cd3c3ac	2016-05-11 19:36:38 +02:00
COPYING	Squashed 'src/crypto/ctaes/' content from commit cd3c3ac	2016-05-11 19:36:38 +02:00
ctaes.c	Squashed 'src/crypto/ctaes/' changes from cd3c3ac..003a4ac	2016-12-08 17:09:07 -08:00
ctaes.h	Squashed 'src/crypto/ctaes/' content from commit cd3c3ac	2016-05-11 19:36:38 +02:00
README.md	Squashed 'src/crypto/ctaes/' content from commit cd3c3ac	2016-05-11 19:36:38 +02:00
test.c	Squashed 'src/crypto/ctaes/' changes from cd3c3ac..003a4ac	2016-12-08 17:09:07 -08:00

ctaes

Simple C module for constant-time AES encryption and decryption.

Features:

Simple, pure C code without any dependencies.
No tables or data-dependent branches whatsoever, but using bit sliced approach from https://eprint.iacr.org/2009/129.pdf.
Very small object code: slightly over 4k of executable code when compiled with -Os.
Slower than implementations based on precomputed tables or specialized instructions, but can do ~15 MB/s on modern CPUs.

Performance

Compiled with GCC 5.3.1 with -O3, on an Intel(R) Core(TM) i7-4800MQ CPU, numbers in CPU cycles:

Algorithm	Key schedule	Encryption per byte	Decryption per byte
AES-128	2.8k	154	161
AES-192	3.1k	169	181
AES-256	4.0k	191	203

Object code:

$ gcc -O3 ctaes.c -c -o ctaes.o

Tests:

$ gcc -O3 ctaes.c test.c -o test

Benchmark:

$ gcc -O3 ctaes.c bench.c -o bench

Results of a formal review of the code can be found in http://bitcoin.sipa.be/ctaes/review.zip