[tor-talk] Tor and AES-NI acceleration , and Tor profiling
Marsh Ray
marsh at extendedsubset.com
Tue Nov 8 16:33:31 UTC 2011
On 11/08/2011 12:28 AM, Jacob Appelbaum wrote:
> On 11/07/2011 09:29 PM, coderman wrote:
>> On Sun, Nov 6, 2011 at 5:57 PM, Moritz Bartl<moritz at torservers.net> wrote:
>>> ...
>>> [notice] Using OpenSSL engine Intel AES-NI engine [aesni] for AES
>> however, you
>> are getting not only 3x-10x+ performance improvement in AES ops, but
>> also avoiding nearly all side channel attacks against AES!
>
> Aren't you really just replacing them with hardware specific side
> channel attacks against their implementation of AES? :)
I wouldn't think so.
My understanding is that the problem with AES is that a straightforward
implementation performs lots of table lookups and the access pattern is
dependent on the secret key. This leaks information via cache timing.
AES-NI converts this to a single instruction which is said to operate in
constant time. So that would be a back door, not a side channel attack. :-)
- Marsh
More information about the tor-talk
mailing list