diff options
author | Pieter Wuille <pieter.wuille@gmail.com> | 2016-05-11 19:36:38 +0200 |
---|---|---|
committer | Pieter Wuille <pieter.wuille@gmail.com> | 2016-05-11 19:37:02 +0200 |
commit | cd2be4419e9d8c6445fecc877b50198dc918a81f (patch) | |
tree | 4e490121ea95decee565f00e97110cfc560cabd7 /src/crypto/ctaes/README.md | |
parent | 423ca302a3ee87000530da3c105f269b8fabece7 (diff) | |
parent | a545127fbccef4ee674d18d43732ce00ba97f782 (diff) |
Merge commit 'a545127fbccef4ee674d18d43732ce00ba97f782' as 'src/crypto/ctaes'
Diffstat (limited to 'src/crypto/ctaes/README.md')
-rw-r--r-- | src/crypto/ctaes/README.md | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/src/crypto/ctaes/README.md b/src/crypto/ctaes/README.md new file mode 100644 index 0000000000..0e7fe17751 --- /dev/null +++ b/src/crypto/ctaes/README.md @@ -0,0 +1,41 @@ +ctaes +===== + +Simple C module for constant-time AES encryption and decryption. + +Features: +* Simple, pure C code without any dependencies. +* No tables or data-dependent branches whatsoever, but using bit sliced approach from https://eprint.iacr.org/2009/129.pdf. +* Very small object code: slightly over 4k of executable code when compiled with -Os. +* Slower than implementations based on precomputed tables or specialized instructions, but can do ~15 MB/s on modern CPUs. + +Performance +----------- + +Compiled with GCC 5.3.1 with -O3, on an Intel(R) Core(TM) i7-4800MQ CPU, numbers in CPU cycles: + +| Algorithm | Key schedule | Encryption per byte | Decryption per byte | +| --------- | ------------:| -------------------:| -------------------:| +| AES-128 | 2.8k | 154 | 161 | +| AES-192 | 3.1k | 169 | 181 | +| AES-256 | 4.0k | 191 | 203 | + +Build steps +----------- + +Object code: + + $ gcc -O3 ctaes.c -c -o ctaes.o + +Tests: + + $ gcc -O3 ctaes.c test.c -o test + +Benchmark: + + $ gcc -O3 ctaes.c bench.c -o bench + +Review +------ + +Results of a formal review of the code can be found in http://bitcoin.sipa.be/ctaes/review.zip |