1

I have to develop a program using a "secret" locally stored encoded program for a school project. For this I have to decipher the code on the fly to use it. The project recommend the use of AES 256 in CBC mode, but for better performance any suggestion is welcome.

So I have two questions:

  1. I made my own implementation of AES (I know it's not recommended but it's mandatory in the project) and I'm looking to compare it to the fastest software implementation, any idea where to find it?

  2. I was looking for faster cipher but more or less "as secure" than AES to suggest and implement. So far I found quite a few: CLEFIA, Threefish, Salsa20 and LWC:PRESENT, LEA, ASCON(AEAD?). I understand that the security on LWC is far less than standard cryptography(even though the difference is not really clear between SC and LWC) but they don't seem to be broken. Should they be used for my purpose? If not any other suggestion?

Thank you

Job Valère
  • 11
  • 2

2 Answers2

2

If you are writing your own implementation of AES, and can use the AES-NI instruction set, then you will end up with a cipher that is mathematically secure and fast. Very fast... AES in hardware is generally going to be faster than the storage device.

You may also fall into the trap of equating a mathematically secure cipher with a large keysize to a secure implementation of that cipher. Without the use of CPU instructions or a special coding like masking that WILL make your implementation slow and complex, it is not easy to make a secure AES implementation. If part of the grading is how secure your DRM scheme is, and it is obviously crackable despite your use of a secure block cipher, that may not bode well for your grade.

A cipher that is both fast and secure, even without hardware acceleration instructions, will be ChaCha8. It is a counter mode stream cipher and can be substantially faster than unaccelerated AES while also being far more securely implemented. It may even be as fast as AES with hardware acceleration if you can use vector instructions.

If you are looking for integrity protection it is commonly paired with the Poly1305 MAC, though you can use HMAC as well which may be less complex to implement but generally slower, as long as you have the option of generating more key material.

Finally, consider that if you are using a block cipher with a key, how those keys are stored, managed, and created. Many DRM schemes have been foiled simply due to poor key creation or management. Using a 128-bit cipher will not provide security if there are only 1000 unique input keys.

Richie Frame
  • 13,278
  • 1
  • 26
  • 42
0

Try OpenSSL. It has assembly language routines which take advantage of CPU specific instructions that are intended to speed up AES. The assembly routines do have to be enabled when building OpenSSL.

When Oracle added similar to support to Java they got performance increases of a couple of orders of magnitude. Now that's Java, not C, so it's not surprising that the increase was very large and you won't see that kind of increase with OpenSSL. See this for some details.

Swashbuckler
  • 2,126
  • 11
  • 8