Module fixslice

Fixsliced implementations of AES-128, AES-192 and AES-256 (64-bit) adapted from the C implementation.

All implementations are fully bitsliced and do not rely on any Look-Up Table (LUT).

See the paper at https://eprint.iacr.org/2020/1123.pdf for more details.

Author (original C code)

Alexandre Adomnicai, Nanyang Technological University, Singapore alexandre.adomnicai@ntu.edu.sg

Originally licensed MIT. Relicensed as Apache 2.0+MIT with permission.

Macros

• define_mix_columns 🔒
  Computation of the MixColumns transformation in the fixsliced representation, with different rotations used according to the round number mod 4.

Functions

• add_round_constant_bit 🔒
• add_round_key 🔒
  XOR the round key to the internal state. The round keys are expected to be pre-computed and to be packed in the fixsliced representation.
• aes128_decrypt 🔒
  Fully-fixsliced AES-128 decryption (the InvShiftRows is completely omitted).
• aes128_encrypt 🔒
  Fully-fixsliced AES-128 encryption (the ShiftRows is completely omitted).
• aes128_key_schedule 🔒
  Fully bitsliced AES-128 key schedule to match the fully-fixsliced representation.
• aes192_decrypt 🔒
  Fully-fixsliced AES-192 decryption (the InvShiftRows is completely omitted).
• aes192_encrypt 🔒
  Fully-fixsliced AES-192 encryption (the ShiftRows is completely omitted).
• aes192_key_schedule 🔒
  Fully bitsliced AES-192 key schedule to match the fully-fixsliced representation.
• aes256_decrypt 🔒
  Fully-fixsliced AES-256 decryption (the InvShiftRows is completely omitted).
• aes256_encrypt 🔒
  Fully-fixsliced AES-256 encryption (the ShiftRows is completely omitted).
• aes256_key_schedule 🔒
  Fully bitsliced AES-256 key schedule to match the fully-fixsliced representation.
• bitslice 🔒
  Bitslice four 128-bit input blocks input0, input1, input2, input3 into a 512-bit internal state.
• delta_swap_1 🔒
• delta_swap_2 🔒
• inv_bitslice 🔒
  Un-bitslice a 512-bit internal state into four 128-bit blocks of output.
• inv_mix_columns_0 🔒
• inv_mix_columns_1 🔒
• inv_mix_columns_2 🔒
• inv_mix_columns_3 🔒
• inv_shift_rows_1 🔒
• inv_shift_rows_2 🔒
• inv_shift_rows_3 🔒
• inv_sub_bytes 🔒
  Note that the 4 bitwise NOT (^= 0xffffffffffffffff) are accounted for here so that it is a true inverse of ‘sub_bytes’.
• memshift32 🔒
  Copy 32-bytes within the provided slice to an 8-byte offset
• mix_columns_0 🔒
• mix_columns_1 🔒
• mix_columns_2 🔒
• mix_columns_3 🔒
• ror 🔒
• ror_distance 🔒
• rotate_rows_1 🔒
• rotate_rows_2 🔒
• rotate_rows_and_columns_1_1 🔒
• rotate_rows_and_columns_1_2 🔒
• rotate_rows_and_columns_1_3 🔒
• rotate_rows_and_columns_2_2 🔒
• shift_rows_1 🔒
  Applies ShiftRows once on an AES state (or key).
• shift_rows_2 🔒
  Applies ShiftRows twice on an AES state (or key).
• shift_rows_3 🔒
  Applies ShiftRows three times on an AES state (or key).
• sub_bytes 🔒
  Bitsliced implementation of the AES Sbox based on Boyar, Peralta and Calik.
• sub_bytes_nots 🔒
  NOT operations that are omitted in S-box
• xor_columns 🔒
  XOR the columns after the S-box during the key schedule round function.

Type Aliases

• BatchBlocks 🔒
• FixsliceBlocks 🔒
  AES block batch size for this implementation
• FixsliceKeys128 🔒
  AES-128 round keys
• FixsliceKeys192 🔒
  AES-192 round keys
• FixsliceKeys256 🔒
  AES-256 round keys
• State 🔒
  512-bit internal state