aboutsummaryrefslogtreecommitdiff
path: root/src/crypto/ctaes/README.md
diff options
context:
space:
mode:
authorPieter Wuille <pieter.wuille@gmail.com>2016-05-11 19:36:38 +0200
committerPieter Wuille <pieter.wuille@gmail.com>2016-05-11 19:37:02 +0200
commitcd2be4419e9d8c6445fecc877b50198dc918a81f (patch)
tree4e490121ea95decee565f00e97110cfc560cabd7 /src/crypto/ctaes/README.md
parent423ca302a3ee87000530da3c105f269b8fabece7 (diff)
parenta545127fbccef4ee674d18d43732ce00ba97f782 (diff)
Merge commit 'a545127fbccef4ee674d18d43732ce00ba97f782' as 'src/crypto/ctaes'
Diffstat (limited to 'src/crypto/ctaes/README.md')
-rw-r--r--src/crypto/ctaes/README.md41
1 files changed, 41 insertions, 0 deletions
diff --git a/src/crypto/ctaes/README.md b/src/crypto/ctaes/README.md
new file mode 100644
index 0000000000..0e7fe17751
--- /dev/null
+++ b/src/crypto/ctaes/README.md
@@ -0,0 +1,41 @@
+ctaes
+=====
+
+Simple C module for constant-time AES encryption and decryption.
+
+Features:
+* Simple, pure C code without any dependencies.
+* No tables or data-dependent branches whatsoever, but using bit sliced approach from https://eprint.iacr.org/2009/129.pdf.
+* Very small object code: slightly over 4k of executable code when compiled with -Os.
+* Slower than implementations based on precomputed tables or specialized instructions, but can do ~15 MB/s on modern CPUs.
+
+Performance
+-----------
+
+Compiled with GCC 5.3.1 with -O3, on an Intel(R) Core(TM) i7-4800MQ CPU, numbers in CPU cycles:
+
+| Algorithm | Key schedule | Encryption per byte | Decryption per byte |
+| --------- | ------------:| -------------------:| -------------------:|
+| AES-128 | 2.8k | 154 | 161 |
+| AES-192 | 3.1k | 169 | 181 |
+| AES-256 | 4.0k | 191 | 203 |
+
+Build steps
+-----------
+
+Object code:
+
+ $ gcc -O3 ctaes.c -c -o ctaes.o
+
+Tests:
+
+ $ gcc -O3 ctaes.c test.c -o test
+
+Benchmark:
+
+ $ gcc -O3 ctaes.c bench.c -o bench
+
+Review
+------
+
+Results of a formal review of the code can be found in http://bitcoin.sipa.be/ctaes/review.zip