You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Pieter Wuille 760765d5a9 Update ctaes 4 years ago
COPYING Merge commit 'a545127fbccef4ee674d18d43732ce00ba97f782' as 'src/crypto/ctaes' 5 years ago Merge commit 'a545127fbccef4ee674d18d43732ce00ba97f782' as 'src/crypto/ctaes' 5 years ago
bench.c Merge commit 'a545127fbccef4ee674d18d43732ce00ba97f782' as 'src/crypto/ctaes' 5 years ago
ctaes.c Update ctaes 4 years ago
ctaes.h Merge commit 'a545127fbccef4ee674d18d43732ce00ba97f782' as 'src/crypto/ctaes' 5 years ago
test.c Fix some typos 4 years ago


Simple C module for constant-time AES encryption and decryption.


  • Simple, pure C code without any dependencies.
  • No tables or data-dependent branches whatsoever, but using bit sliced approach from
  • Very small object code: slightly over 4k of executable code when compiled with -Os.
  • Slower than implementations based on precomputed tables or specialized instructions, but can do ~15 MB/s on modern CPUs.


Compiled with GCC 5.3.1 with -O3, on an Intel® Core™ i7-4800MQ CPU, numbers in CPU cycles:

Algorithm Key schedule Encryption per byte Decryption per byte
AES-128 2.8k 154 161
AES-192 3.1k 169 181
AES-256 4.0k 191 203

Build steps

Object code:

$ gcc -O3 ctaes.c -c -o ctaes.o


$ gcc -O3 ctaes.c test.c -o test


$ gcc -O3 ctaes.c bench.c -o bench


Results of a formal review of the code can be found in