Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use 4 AES rounds for program generation #46

merged 3 commits into from Jun 1, 2019

Use 4 AES rounds for program generation #46

merged 3 commits into from Jun 1, 2019


Copy link

@tevador tevador commented May 27, 2019

This improves the quality of the RNG without any measurable impact on performance.

Note: Scratchpad initialization still uses only 1 round for performance reasons.

state1 = aesenc<softAes>(state1, key0);
state2 = aesdec<softAes>(state2, key0);
state3 = aesenc<softAes>(state3, key0);

Copy link

@SChernykh SChernykh May 27, 2019

state0 is encrypted with k0->k0->...->k0->k0->k1->k2->k3->k0->k1->... sequence
state1 is encrypted with k1->k1->...->k1->k0->k1->k2->k3->k0->k1->... sequence
state2 is encrypted with k2->k2->...->k2->k0->k1->k2->k3->k0->k1->... sequence
state3 is encrypted with k3->k3->...->k3->k0->k1->k2->k3->k0->k1->... sequence

It doesn't seem safe to me that k1 is used twice in "k1->k0->k1" sequence for example. I prefer to separate two uses of the same key when we start filling entropy. Maybe change key sequences so they don't all reset to k0 at the same iteration, i.e. do

	state0 = aesdec<softAes>(state0, key0);
	state1 = aesenc<softAes>(state1, key1);
	state2 = aesdec<softAes>(state2, key2);
	state3 = aesenc<softAes>(state3, key3);

	state0 = aesdec<softAes>(state0, key1);
	state1 = aesenc<softAes>(state1, key2);
	state2 = aesdec<softAes>(state2, key3);
	state3 = aesenc<softAes>(state3, key0);

and so on.

Copy link
Owner Author

@tevador tevador May 27, 2019

OK, we can rotate the keys, but I don't think there is any difference in security. The 1-round generator always reuses the same key anyways.

Or we could generate a completely new set of 4 round keys for this generator.

Copy link
Owner Author

@tevador tevador May 29, 2019

I changed AesGenerator4R to use a different set of round keys than AesGenerator1R.

Redefined all AES constants using simpler rules
@tevador tevador merged commit f7c99c5 into master Jun 1, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants