Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change update function to use decryption rather than encryption. #173

Merged
merged 4 commits into from
Oct 23, 2023

Conversation

tkaitchuck
Copy link
Owner

Because the AES decrypt and encrypt operations are symmetric, it seems like it should not matter which is used. However in the context of thinking about how one could theoretically extend attacks like #163 to be more general, there is a critical difference. If one attempts to cancel a differential after an AES round, it changes the canceling change from being all in one word vs one byte in each of 4 words. This matters in terms of how it interacts with the addition on the other half of the state. The spread out update is harder for an attacker to control and subsequently cancel, both because of carries and because it means operating on both 64byte halves of the added state at the same time.

Signed-off-by: Tom Kaitchuck <[email protected]>
Signed-off-by: Tom Kaitchuck <[email protected]>
Signed-off-by: Tom Kaitchuck <[email protected]>
@tkaitchuck tkaitchuck merged commit 20d87ea into master Oct 23, 2023
15 checks passed
@tkaitchuck tkaitchuck deleted the dec branch October 23, 2023 21:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant