More on block ciphers, S-boxes, and AES-NI

In Lecture 2 I mentioned the T-table approach to implementing AES, where the whole round function is basically just a bunch table lookups from a few precomputed tables. Here's a real-world example of this implementation strategy: https://github.com/libtom/libtomcrypt/blob/develop/src/ciphers/aes/aes_tab.c
Leo Perrin has some really interesting findings regarding the design of the S-box used in the Russian-standardized block cipher Kuznyechik (link). TL;DR: basically, the designers of Kuznyechik claim that it was chosen at random from the set of all possible invertible 8-bit S-boxes (which has what size?). However, Perrin has shown that this is veeeeeeeeeeeery unlikely (like 1 in 2¹⁶⁰¹ chance). Instead, the S-box can be shown to have a lot of mathematical structure. The question is: does this structure hide a backdoor?
If you want to benchmark AES on your own computer like I showed in class, you can run the following commands in your terminal if you are on a Linux-like machine:

w/AES-NI:
openssl speed -elapsed -evp aes-128-cbc

wo/AES-NI:
OPENSSL_ia32cap=”~0x200000200000000″ openssl speed -elapsed -evp aes-128-cbc

If you are on Windows 10 you can do the same by enabling the Windows Subsystem for Linux (WSL) and running it in the WSL terminal.

Published Sep. 2, 2020 7:18 PM - Last modified Sep. 3, 2020 1:47 PM