On 22 September 2013 13:12, Jussi Kivilinna <jussi.kivilinna@xxxxxx> wrote: [...] > Decryption can probably be made faster by implementing InvMixColumns slightly > differently. Instead of implementing inverse MixColumns matrix directly, use > preprocessing step, followed by MixColumns as described in section "4.1.3 > Decryption" of "The Design of Rijndael: AES - The Advanced Encryption Standard" > (J. Daemen, V. Rijmen / 2002). > > In short, the MixColumns and InvMixColumns matrixes have following relation: > | 0e 0b 0d 09 | | 02 03 01 01 | | 05 00 04 00 | > | 09 0e 0b 0d | = | 01 02 03 01 | x | 00 05 00 04 | > | 0d 09 0e 0b | | 01 01 02 03 | | 04 00 05 00 | > | 0b 0d 09 0e | | 03 01 01 02 | | 00 04 00 05 | > > Bit-sliced implementation of the 05-00-04-00 matrix much shorter than 0e-0b-0d-09 > matrix, so even when combined with MixColumns total instruction count for > InvMixColumns implemented this way should be nearly half of current. > That is a very useful tip, thank you. I will have a go at it and follow up later. Regards, Ard. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
