regardless of the key or plaintext values. There are no data-dependent branches or memory accesses that could leak information through timing.
Copyright
Copyright © 2025, Dejan Lekić
License
BSD-3-Clause
AES (Rijndael) Block Cipher - Constant-Time Implementation.
This implementation uses a boolean circuit for the S-box computation instead of table lookups, providing resistance against cache-timing side-channel attacks.
Security
regardless of the key or plaintext values. There are no data-dependent branches or memory accesses that could leak information through timing.
Implementation of the AES block cipher (FIPS 197).
Supports 128, 192, and 256-bit keys.
Constant-Time Implementation: This class uses a boolean circuit to compute the S-box, eliminating table lookups that are vulnerable to cache-timing attacks. All operations execute in constant time regardless of the data being processed.
private int _roundsprivate uint[] _roundKeysprivate ubyte[256] SBOXprivate ubyte[256] INV_SBOXprivate uint[11] RCONvoid encrypt(const(ubyte)[] input, ubyte[] output)Encrypts a single 16-byte block.void decrypt(const(ubyte)[] input, ubyte[] output)Decrypts a single 16-byte block.void expandKey(const(ubyte)[] key)void addRoundKey(ref ubyte[16] state, int round)void subBytes(ref ubyte[16] state) staticSubBytes transformation using constant-time S-box computation.void invSubBytes(ref ubyte[16] state) staticInverse SubBytes using constant-time inverse S-box computation.ubyte gfMul2(ubyte a) static pure nothrow @nogc @safeMultiply by 2 in GF(2^8) - constant time.ubyte gfMul3(ubyte a) static pure nothrow @nogc @safeMultiply by 3 in GF(2^8) - constant time.ubyte gfMul(ubyte a, ubyte b) static pure nothrow @nogc @safeGeneral GF(2^8) multiplication - constant time.ubyte sboxCompute(uint input) static pure nothrow @nogc @safeComputes the AES S-box in constant time.ubyte invSboxCompute(uint input) static pure nothrow @nogc @safeComputes the inverse AES S-box in constant time.this(const(ubyte)[] key)Constructs a new AES cipher with the given key.