Tag Archives: skein

Do not use AES in a context where timing attacks are possible
Pascal Cuoq on 31 December 2011

Justification There recently was a thread in the Frama-C mailing list on verifying the Rijndael cipher, standardized and better-known as AES. Nowadays, AES is mostly famous for being sensitive to timing attacks. An attacker measuring the time it takes to encrypt known plaintext with an unknown key can deduce the...

Read More

Skein tutorial, part 7: not dead, but resting
Pascal Cuoq on 2 June 2011

Do you remember the Skein tutorial? It went off to a good start (it started this blog) and then was never really completed. I blame laziness. Looking back at that first post, I notice that indeed, before Boron, we were shipping software without documentation (just think! Ahem). At the time,...

Read More

Value analysis tutorial, part 5: jumping to conclusions
Pascal Cuoq on 22 November 2010

This post is in two parts, both of them independently good fits for the title, and still not completely without relation to each other, but that's probably a coincidence. Methodology In this thread, we aim at the verification of low-level properties for the functions in Skein. In the last post,...

Read More

Value analysis tutorial, part 4: one solution to second quiz
Pascal Cuoq on 21 November 2010

This post offers one answer to the second quiz from part 2. For context here are links to part 1 and part 3. The question was: how should we get rid of the last alarm below and conclude that Skein-256 is indeed safe from run-time errors when used in the...

Read More