intel/tinycrypt

AES implementation vulnerable to side-channel attacks #1

Opened this issue · 2 comments

TinyCrypt is not considering cache timing attacks and we also suggest you use AES-NI.

Fixing cache-timing attacks is not trivial for AES. As you can see in [1], the issue comes from AES design itself.
[1]: Bernstein, Daniel J. "Cache-timing attacks on AES." (2005).