Document that AltiVec vperm AES is also available

author: Jack Lloyd <[email protected]> 2019-09-09 19:50:53 -0400
committer: Jack Lloyd <[email protected]> 2019-09-09 19:50:53 -0400
commit: 019d1f5f3ee1cfea1eec123f720c5c8f43b0c06f (patch)
tree: c1e86cc88cd2fb2094929c9daa3cdaae6f28484b /doc/side_channels.rst
parent: 0bc7891753849684171c4743ef447fe6bb53d894 (diff)
1 files changed, 3 insertions, 4 deletions
diff --git a/doc/side_channels.rst b/doc/side_channels.rst
index fa42d94ac..3880b9c75 100644
--- a/doc/side_channels.rst
+++ b/doc/side_channels.rst
@@ -245,10 +245,9 @@ are fast and are thought to be side channel silent. These instructions
 are used when available.
 
 On CPUs which do not have hardware AES instructions but do support SIMD vectors
-with a byte shuffle (including x86's SSSE3 and ARM's NEON), a version of AES is
-implemented which is side channel silent. This version is based on code by Mike
-Hamburg [VectorAes], see aes_vperm.cpp. This same technique could be applied
-with AltiVec, and the paper suggests some optimizations for the AltiVec shuffle.
+with a byte shuffle (including x86's SSSE3, ARM's NEON and PowerPC AltiVec), a
+version of AES is implemented which is side channel silent. This implementation
+is based on code by Mike Hamburg [VectorAes], see aes_vperm.cpp.
 
 On all other processors, a table lookup version (T-tables) is used.  This
 approach is relatively fast, but known to be very vulnerable to side
author	Jack Lloyd <[email protected]>	2019-09-09 19:50:53 -0400
committer	Jack Lloyd <[email protected]>	2019-09-09 19:50:53 -0400
commit	019d1f5f3ee1cfea1eec123f720c5c8f43b0c06f (patch)
tree	c1e86cc88cd2fb2094929c9daa3cdaae6f28484b /doc/side_channels.rst
parent	0bc7891753849684171c4743ef447fe6bb53d894 (diff)