[ View menu ]

A byte-oriented AES-256 implementation

As you may know, I do cryptographic perversions occasionally. Recently I’ve been asked for a compact implementation of AES-256. Code size must be as small as possible, speed is not important and (here is the catch) no assembler. The requesters have tried various public available implementations before, none were fit. So I did mine. It is a straightforward and rather naïve byte-oriented portable C implementation, where all the lookup tables replaced with “on-the-fly” calculations. Certainly it is slower and more subjective to side-channel attacks in general by nature. But this implementation is exactly what was wanted and it made everybody happy.

So, if you want it then there is the source code:

Reddit this / Add to del.icio.us / Digg this!

7 Comments

  1. Paul says:

    The source code is not correct, I have checked it against AES256 test vectors and the result is completely different !

    November 21, 2007 @ 8:55 pm

  2. Ilya says:

    So you’ve checked it wrong, check again. The demo.c in zip archive is exactly the test vector for AES-256 from FIPS-197, Appendix C.3

    November 22, 2007 @ 3:38 am

  3. Ruptor says:

    Hey, buddy! I’ve looked at the source code… What a nightmare! How did you do it? I am beginning to like EnRUPT even more! Wanna see how many minutes it will take you to put together its 8-bit implementation? ;-)

    March 7, 2008 @ 5:15 am

  4. Ilya says:

    Ugh, must admit that it was annoying enough :)
    I’ve been busy recently, still need to find a time to put my hands on EnRUPT.

    March 18, 2008 @ 4:50 am

  5. PaulHolland says:

    Hi, I also tried this code and indeed its NOT correct, simply compiled it in C30 (microchip) and the result is noncense. sorry !.

    March 22, 2008 @ 11:43 am

  6. Ilya says:

    Ugh… Once again:
    a) this is AES-256, not AES-128
    b) demo.c is a bloody test vector from FIPS-197
    I’ve no idea on how and where you have mistested it, but you’ve tested it wrong. So the nonsense result is all yours. Sorry.

    March 22, 2008 @ 11:55 am

  7. Kryptoblog » Blog Archive » En mycket liten AES-implementation says:

    […] Ilyas implementation av AES är Byte-orienterad, vilket gör att den enkelt går att kompilera för 8-bits MCU:er. En annan udda sak med den här implementationen är att den inte innehåller en tabell för S-boxen. Istället räknar programmet ut korrekt substitutionsbyte under körning. Detta tar naturligvis tid, men eliminerar 256 Bytes. Tyvärr öppnar detta troligen även för sidoattacker. […]

    May 5, 2008 @ 8:18 pm

RSS feed Comments | TrackBack URI

Write Comment

 


 
XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>