BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:Faster and timing-attack resistant AES-GCM - Emilia Kasper\, KU Le
 uven
DTSTART:20090828T150000Z
DTEND:20090828T153000Z
UID:TALK19438@talks.cam.ac.uk
CONTACT:Markus Kuhn
DESCRIPTION:This talk discusses implementation strategies for (authenticat
 ed) AES encryption to achieve resistance against cache-timing attacks with
 out a penalty in performance.\n\nNamely\, we present a bitsliced implement
 ation of AES encryption in counter mode for 64-bit Intel processors. Runni
 ng at 7.59 cycles/byte on a Core 2\, it is up to 25% faster than previous 
 implementations\, while simultaneously offering protection against timing 
 attacks. In particular\, it is the only cache-timing-attack resistant impl
 ementation offering competitive speeds for stream as well as for\npacket e
 ncryption: for 576-byte packets\, we improve performance over previous bit
 sliced implementations by more than a factor of 2. We also report more tha
 n 30% improved speeds for lookup-table based Galois/Counter mode authentic
 ation\, achieving 10.68 cycles/byte for authenticated encryption. Furtherm
 ore\, we present the first constant-time\nimplementation of AES-GCM that h
 as a reasonable speed of 21.99 cycles/byte\, thus offering a full suite of
  timing-analysis resistant software for\nauthenticated encryption.\n\nThis
  is joint work with Peter Schwabe from TU Eindhoven.
LOCATION:Computer Laboratory\, William Gates Building\, Room FW11
END:VEVENT
END:VCALENDAR