FACE : Fast AES CTR mode Encryption Techniques based on the Reuse of Repetitive Data
|
|
- Suzanna Lawson
- 5 years ago
- Views:
Transcription
1 : Fast AES CTR mode Encryption Techniques based on the Reuse of Repetitive Data Jin Hyung Park and Dong Hoon Lee Center for Information Security Technologies, Korea University
2 Introduction 1 IV(Counter) The counter is incremented for each block + (i 1) K Block Cipher Encryption K Block Cipher Encryption K Block Cipher Encryption Plaintext 0 Ciphertext 0 Plaintext 1 Ciphertext 1 Plaintext i-1 Ciphertext i-1 1 st block 2 nd block i th block
3 Introduction 2 IV(Counter) The counter is incremented for each block + (i 1) K Block Cipher Encryption K Block Cipher Encryption K Block Cipher Encryption Plaintext 0 Ciphertext 0 Plaintext 1 Ciphertext 1 Plaintext i-1 Ciphertext i-1 1 st block 2 nd block i th block
4 Introduction 2 1 st block 2 nd block CTR 0 : 0x 0x 0x 0x 01 CTR 1 : 0x 0x 0x 0x Round Key 8A 48 ED AC 02 Round Key 8A 48 ED AC 4F 7B F 7B E BA 6A 50 5E BA 6A 50 8A 48 ED AC 59 B3 C4 38 8A 48 ED AC 59 B3 C4 38 4F 7B F 7B E BA 6A 50 5E BA 6A B3 C B3 C4 3A < Initial Whitening phase of AES >
5 Introduction 2 CTR 0 : 0x 0x 0x 0x 01 CTR 1 : 0x 0x 0x 0x Round Key 02 Round Key 01 Counter-mode Caching** *
6 Round Function - 4 Transformations 3 [0] [4] [8] [12] [0] [4] [8] [12] [0] [4] [8] [12] [1] [5] [9] [13] [1] [5] [9] [13] [5] [9] [13] [1] [2] [3] [6] [7] [10] [11] [14] [15] S-Box [2] [3] [6] [7] [10] [11] [14] [15] Shift [10] [14] [2] [6] [15] [3] [7] [11] [0] [4] [8] [12] [5] [9] [13] [1] [10] [14] [2] [6] [15] [3] [7] [11] [0] [4] [8] [12] [5] [9] [13] [1] [10] [14] [2] [6] [15] [3] [7] [11] [0] [4] [8] [12] [5] [9] [13] [1] [10] [14] [2] [6] [15] [3] [7] [11] Round Key [0] [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15]
7 AES Implementation Methods 4 static const u32 Te0[256] = { 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, 0x U, 0x U, 0xce6767a9U, 0x562b2b7dU, 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, }; static const u32 Te3[256] = { 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, 0x U, 0x U, 0x6767a9ceU, 0x2b2b7d56U, 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU, 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, }; s0 = GETU32(in ) ^ rk[0]; s1 = GETU32(in + 4) ^ rk[1]; s2 = GETU32(in + 8) ^ rk[2]; s3 = GETU32(in + 12) ^ rk[3]; < OpenSSL > /* round 1: */ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
8 AES Implementation Methods 4 static const u32 Te0[256] = { 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, 0x U, 0x U, 0xce6767a9U, 0x562b2b7dU, 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, }; static const u32 Te3[256] = { 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, 0x U, 0x U, 0x6767a9ceU, 0x2b2b7d56U, 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU, 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, }; s0 = GETU32(in ) ^ rk[0]; s1 = GETU32(in + 4) ^ rk[1]; s2 = GETU32(in + 8) ^ rk[2]; s3 = GETU32(in + 12) ^ rk[3]; < OpenSSL > Vulnerable to Cache timing attack /* round 1: */ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
9 AES Implementation Methods 5 < 8 plaintext blocks > Block 0 : MSB b 0 b 1 b 2 b 3 b 12 b 13 b 14 Block 1 : b 0 b 1 b 2 b 3 b 12 b 13 b Block 2 : b 0 b 1 b 2 b 3 b 12 b 13 b Block 3 : b 0 b 1 b 2 b 3 b 12 b 13 b Block 4 : b 0 b 1 b 2 b 3 b 12 b 13 b Block 5 : b 0 b 1 b 2 b 3 b 12 b 13 b Block 6 : b 0 b 1 b 2 b 3 b 12 b 13 b Block 7 : b 0 b 1 b 2 b 3 b 12 b 13 b LSB < 8 [128-bits] registers > MSB Register 0 : Register 1 : Register 2 : Register 3 : Register 4 : Register 5 : Register 6 : Register 7 : LSB < bitsliced form transformation (OpenSSL implementation based on [1]) >
10 AES Implementation Methods 6 Instruction AESENC AESENCLAST AESDEC AESDECLAST AESKEYGENASSIST AESIMC PCLMULQDQ Description Perform one round of an AES encryption flow Perform the last round of an AES encryption flow Perform one round of an AES decryption flow Perform the last round of an AES decryption flow Assist in AES round key generation Assist in AES Inverse Mix Columns Carryless multiply < Crypto++ > *block = _mm_xor_si128( *block, skeys[0] ) ; /* round 1: */ *block = _mm_aesenc_si128 ( *block, skeys[1] ) ;
11 AES Implementation Methods 7 Method Performance (Cycles per Byte) Test Environment Reference Table-based α (not for CTR) Core 2 Quad Q66 INDOCRYPT 28 [1] Bitslicing 9.32 Core 2 Quad Q Core 2 Quad Q9550 CHES 29 [2] AES-NI Westmere Processor INTEL whitepaper [3] 0.57 Skylake Core i5 Crypto++ Benchmark [4] [1] : Daniel J. Bernstein and Peter Schwabe, New AES software speed records, INDOCRYPT 28 [2] : Emilia Käsper and Peter Schwabe, Faster and Timing-Attack Resistant AES-GCM, CHES 29 [3] : Shay Gueron, Intel Advanced Encryption Standard (AES) New Instructions Set, May, 2010 ( The first Westmere-based processors (that supports AES-NI) were launched on Jan, ) [4] : Crypto Benchmarks,
12 Problem 8 Bitslice AES-NI aesenc xmm15, xmm1 only 1 instruction performs round operation During a format conversion, each byte of input is sliced bitwise. And the sliced bits are spread in the corresponding positions of each register Necessary input bytes to calculate the rest are spread to whole register Almost the whole instructions of previous implementation should be performed with additional operations (save, load, merge) Adding some operations to calculate the rest becomes a considerable burden even if instruction latency and throughput differ from each instruction Such operations (for the rest) should be composed of several instructions
13 Our Work (FACE) 9 Extends the counter-mode caching FACE FACE The first to combine counter-mode caching with bitsliced implementation The first to apply counter-mode caching up to the round transformations of AES-NI FACE the highest throughput
14 Fast AES Counter mode Encryption 10 FACE (Fast AES Counter Mode Encryption) - 12 bytes bytes bytes K - 4K
15 Fast AES Counter mode Encryption 11 FACE rd0 Initialization Vector (128 bits Counter Value) : Different Part : Available Part of Cache Block-to- Transformation Round 0(Initial Whitening) 1 st Block : 256 block The difference last 1 byte Block-to- Transformation 1 st block s Counter Value + Interval Round 0(Initial Whitening) 2 nd Block :
16 Fast AES Counter mode Encryption 11 FACE rd0 Block-to- Transformation Initialization Vector (128 bits Counter Value) Round 0(Initial Whitening) Round Key : Different Part : Available Part of Cache 1 st Block : 256 block The difference 1 st block s Counter Value + Interval last 1 byte Block-to- Transformation Round 0(Initial Whitening) Round Key 2 nd Block :
17 Fast AES Counter mode Encryption 11 FACE rd0 Initialization Vector (128 bits Counter Value) : Different Part : Available Part of Cache Block-to- Transformation Round 0(Initial Whitening) Round Key 1 st Block : First Block 256 block The difference last 1 byte Block-to- Transformation 1 st block s Counter Value + Interval Round 0(Initial Whitening) 1 Byte Difference Cache 3 columns 2 nd Block : Round Key Second Block
18 Fast AES Counter mode Encryption 12 FACE rd1 The difference last 1 byte 1 ST Block : Round 0 : Different Part : Correlation of transformation with bytes : Available Part of Cache Round 0 2 nd Block :
19 MixColumns FACE Fast AES Counter mode Encryption 12 FACE rd1 Round 0 The difference 1 ST Block : : Different Part : Correlation of transformation with bytes : Available Part of Cache last 1 byte SubBytes ShiftRows AddRoundKey This difference spreads Round 0 MixColumns 2 nd Block : SubBytes ShiftRows AddRoundKey
20 MixColumns FACE Fast AES Counter mode Encryption 12 FACE rd1 Round 0 The difference 1 ST Block : : Different Part : Correlation of transformation with bytes : Available Part of Cache last 1 byte This difference spreads SubBytes ShiftRows AddRoundKey First Block 3 columns Round 0 MixColumns 4 Byte Difference Cache 2 nd Block : SubBytes ShiftRows AddRoundKey Second Block 255
21 Fast AES Counter mode Encryption 13 FACE rd1+ lookup table Pre-computation 1 ST Block : Round 0 : Different Part : Correlation of transformation with bytes : Byte that is used as index SubBytes ShiftRows AddRoundKey Round 0 MixColumns 2 nd Block : SubBytes ShiftRows AddRoundKey ctr[15] xor Round 0 s rk[15] MixColumns
22 Fast AES Counter mode Encryption 13 FACE rd1+ lookup table Pre-computation 1 ST Block : Round 0 : Different Part : Correlation of transformation with bytes : Byte that is used as index _in 0,0 [3] SubBytes ShiftRows AddRoundKey in 12 in 13 in 14 in 15 First Block 2 40 Round 0 MixColumns _in 1,0 [3] in 12 2 nd Block : in 13 in 14 in 15 Second Block SubBytes ShiftRows AddRoundKey Lookup Table lookup index last byte of the counter Index Cached MixColumns
23 Fast AES Counter mode Encryption 14 Leverage FACE rd1 & FACE rd1+ Counter b 0 b 1 b 2 b 3 b 4 b 5 b 6 b 7 b 8 b 9 b 10 b 11 b 12 b 13 b 14 b 15 Counter Initial whitening (Round 0) 1 Caching Procedure () Round 0 SubBytes( ) Saved (FACE rd1 ) ShiftRows( ) MixColumns( ) AddRoundKey( ) Complete (Up to ) after memory load and merge 1 Index(b 15 ) Value(4 Bytes) 0 0x64E2F9C x 0x1A83B211 0x73816F1F 0x6C8EB21D Look-up Table
24 Fast AES Counter mode Encryption 15 FACE rd2 : Different Part : Correlation of transformation with bytes : Available Part of Cache The difference 1 ST Block : the first column 4 bytes 2 nd Block :
25 Fast AES Counter mode Encryption 15 FACE rd2 : Different Part : Correlation of transformation with bytes : Available Part of Cache The difference Round 3 1 ST Block : the first column 4 bytes This difference spreads all s SubBytes ShiftRows AddRoundKey MixColumns Round 3 2 nd Block : SubBytes ShiftRows AddRoundKey MixColumns
26 Fast AES Counter mode Encryption 15 FACE rd2 : Different Part : Correlation of transformation with bytes : Available Part of Cache The difference the first column 4 bytes This difference spreads all s 1 ST Block : SubBytes ShiftRows AddRoundKey Round 3 [ The case of [0] ] = Round Key Round Key MixColumns 16 bytes intermediate result 2 nd Block : SubBytes ShiftRows AddRoundKey Round Round Key Cache Round Key = MixColumns
27 Fast AES Counter mode Encryption 16 FACE rd2+ lookup table Pre-computation 1 ST Block : Round 3 : Different Part : Correlation of transformation with bytes : Byte that is used as index SubBytes ShiftRows AddRoundKey MixColumns Round 3 2 nd Block : SubBytes ShiftRows AddRoundKey MixColumns
28 Fast AES Counter mode Encryption 16 FACE rd2+ : Different Part : Correlation of transformation with bytes Round 3 lookup table Pre-computation 1 ST Block : SubBytes ShiftRows AddRoundKey [ The case of [0] ] Round Key Round Key = MixColumns Round 3 2 nd Block : SubBytes ShiftRows AddRoundKey Round Key Round Key By FACErd1+, ctr[15] determines = MixColumns
29 Fast AES Counter mode Encryption 16 FACE rd2+ lookup table Pre-computation 1 ST Block : Round 3 : Different Part : Correlation of transformation with bytes : Byte that is used as index [ The case of [0] ] SubBytes ShiftRows AddRoundKey _in 0,0 [3] in MixColumns Round 3 _in 1,0 [3] in 12 in 13 in 14 in 15 FACE rd2 FACE rd2 First Block [0] 2 nd Block : in 13 in 14 in 15 Second Block [0] SubBytes ShiftRows AddRoundKey Lookup Table lookup index last byte of the counter Index Cached MixColumns
30 Fast AES Counter mode Encryption 16 FACE rd2+ lookup table Pre-computation 1 ST Block : Round 3 : Different Part : Correlation of transformation with bytes : Byte that is used as index [ The case of [0] ] SubBytes ShiftRows AddRoundKey _in 0,0 [3] in MixColumns Round 3 _in 1,0 [3] in 12 in 13 in 14 in 15 FACE rd2 FACE rd2 First Block [0] 2 nd Block : in 13 in 14 in 15 Second Block [0] lookup index last byte of the counter SubBytes ShiftRows AddRoundKey The whole operations up to round 2 can be done by 2 memory load and 1 XOR operations only! MixColumns Index Cached Lookup Table
31 Cache timing Attacks ** ARMageddon, USENIX cached non-cached < Cache timing variation > fixed-time instructions does not use conditional branches does not use memory access patterns depend on secret data depend on secret data depend on secret data
32 Cache timing Attacks ** ARMageddon, USENIX cached non-cached < Cache timing variation > fixed-time instructions does not use conditional branches does not use memory access patterns depend on secret data depend on secret data depend on secret data Our method looks like vulnerable to timing attacks (the use of lookup tables) But, FACE has no operations that depend on secret data - In case of FACE rd0, FACE rd1, and FACE rd2, the size of cache is small and the indices are fixed (i.e. constant data) - In case of FACE rd1+ and FACE rd2+, the index is merely a part of counter that does not need to be secret and the index increases linearly
33 Evaluations 18 BS08 KS09 Test Env_1 Test Env_2 Test Env_3 CPU Intel Core 2 Quad Q9550 Intel Core i7 4770K Intel Core i7 87K Frequency 2.8 GHz 3.5 GHz 3.7 GHz RAM 4 GB 8 GB 16 GB OS Linux x86_64 * Linux x86_64 Linux x86_64
34 Evaluations 19 Test Env_1 Test Env_2 Test Env_3 Intel Core 2 Quad Q9550 Intel Core i7 4770K Intel Core i7 87K 2.8 GHz 3.5 GHz 3.7 GHz 4 GB 8 GB 16 GB Linux x86_64 Linux x86_64 Linux x86_64
35 Conclusion 20
36 Conclusion 20 Thank you for your attention! Any Questions?
Intel s New AES Instructions
Intel s New AES Instructions Enhanced Performance and Security Shay Gueron - Intel Corporation, Israel Development Center, Haifa, Israel - University of Haifa, Israel 1 Overview AES basics Performance
More informationSide-Channel Cryptanalysis. Joseph Bonneau Security Group
Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers will always cheat xkcd #538 What is side channel cryptanalysis? Side Channels: whatever the designers ignored
More informationImplementing AES : performance and security challenges
Implementing AES 2000-2010: performance and security challenges Emilia Käsper Katholieke Universiteit Leuven SPEED-CC Berlin, October 2009 Emilia Käsper Implementing AES 2000-2010 1/ 31 1 The AES Performance
More informationThe Intel AES-NI and the SHA-3 Candidates
The Intel AES-NI and the SHA-3 Candidates
More informationSIMON and SPECK. Ciphers for Constrained Platforms. Louis Wingers National Security Agency Trusted Systems Research Group
SIMON and SPECK Ciphers for Constrained Platforms Louis Wingers National Security Agency Trusted Systems Research Group RAIN RFID Alliance Meeting June 24-25, 2015 Ciphers and Technology Encryption algorithms
More informationHigh-Performance Cryptography in Software
High-Performance Cryptography in Software Peter Schwabe Research Center for Information Technology Innovation Academia Sinica September 3, 2012 ECRYPT Summer School: Challenges in Security Engineering
More informationAll the AES You Need on Cortex-M3 and M4 Peter Schwabe and Ko Stoffelen
All the AES You Need on Cortex-M3 and M4 Peter Schwabe and Ko Stoffelen More AES software implementations? AES on AVR [OBSC10] AES on SPARC [BS08] AES on PowerPC [BS08] AES on NVIDIA GPU [OBSC10] AES on
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Secret Key Cryptography Block cipher DES 3DES
More informationVortex. A New Family of One-Way Hash Functions. Based on AES Rounds and Carry-less Multiplication. Intel Corporation, IL
Vortex A New Family of One-Way Hash Functions Based on AES Rounds and Carry-less Multiplication Shay Gueron Michael E. Kounavis Intel Corporation, IL Intel Corporation, US and University of Haifa, IL Information
More informationSurvey results. CS 6354: Memory Hierarchy I. Variety in memory technologies. Processor/Memory Gap. SRAM approx. 4 6 transitors/bit optimized for speed
Survey results CS 6354: Memory Hierarchy I 29 August 2016 1 2 Processor/Memory Gap Variety in memory technologies SRAM approx. 4 6 transitors/bit optimized for speed DRAM approx. 1 transitor + capacitor/bit
More informationCS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University
CS 4770: Cryptography CS 6750: Cryptography and Communication Security Alina Oprea Associate Professor, CCIS Northeastern University February 8 2018 Review CPA-secure construction Security proof by reduction
More informationEncryption Details COMP620
Encryption Details COMP620 Encryption is a powerful defensive weapon for free people. It offers a technical guarantee of privacy, regardless of who is running the government It s hard to think of a more
More informationHardware-Focused Performance Comparison for the Standard Block Ciphers AES, Camellia, and Triple-DES
Hardware-ocused Performance Comparison for the Standard Block Ciphers AES, Camellia, and Triple-DES Akashi Satoh and Sumio Morioka Tokyo Research Laboratory IBM Japan Ltd. Contents Compact and High-Speed
More information3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some
3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption
More informationCS 6354: Memory Hierarchy I. 29 August 2016
1 CS 6354: Memory Hierarchy I 29 August 2016 Survey results 2 Processor/Memory Gap Figure 2.2 Starting with 1980 performance as a baseline, the gap in performance, measured as the difference in the time
More informationSoftware Benchmarking of the 2 nd round CAESAR Candidates
Software Benchmarking of the 2 nd round CAESAR Candidates Ralph Ankele 1, Robin Ankele 2 1 Royal Holloway, University of London, UK 2 University of Oxford, UK October 20, 2016 SPEED-B, Utrecht, The Netherlands
More informationBlock Ciphers. Secure Software Systems
1 Block Ciphers 2 Block Cipher Encryption function E C = E(k, P) Decryption function D P = D(k, C) Symmetric-key encryption Same key is used for both encryption and decryption Operates not bit-by-bit but
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 5 Advanced Encryption Standard Advance Encryption Standard Topics Origin of AES Basic AES Inside Algorithm Final Notes Origins
More informationFew Other Cryptanalytic Techniques
Few Other Cryptanalytic Techniques Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Boomerang Attack
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 6: Advanced Encryption Standard (AES) Ion Petre Department of IT, Åbo Akademi University 1 Origin of AES 1999: NIST
More informationSecret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General Considerations:
Secret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General Considerations: Secret Key Systems Encrypting a small block of text (say 64 bits) General Considerations: 1. Encrypted
More informationBlock Ciphers Introduction
Technicalities Block Models Block Ciphers Introduction Orr Dunkelman Computer Science Department University of Haifa, Israel March 10th, 2013 Orr Dunkelman Cryptanalysis of Block Ciphers Seminar Introduction
More informationFundamentals of Cryptography
Fundamentals of Cryptography Topics in Quantum-Safe Cryptography June 23, 2016 Part III Data Encryption Standard The Feistel network design m m 0 m 1 f k 1 1 m m 1 2 f k 2 2 DES uses a Feistel network
More informationAdvanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50
Advanced Encryption Standard and Modes of Operation Foundations of Cryptography - AES pp. 1 / 50 AES Advanced Encryption Standard (AES) is a symmetric cryptographic algorithm AES has been originally requested
More informationSecurity against Timing Analysis Attack
International Journal of Electrical and Computer Engineering (IJECE) Vol. 5, No. 4, August 2015, pp. 759~764 ISSN: 2088-8708 759 Security against Timing Analysis Attack Deevi Radha Rani 1, S. Venkateswarlu
More informationAES Cryptosystem Acceleration Using Graphics Processing Units. Ethan Willoner Supervisors: Dr. Ramon Lawrence, Scott Fazackerley
AES Cryptosystem Acceleration Using Graphics Processing Units Ethan Willoner Supervisors: Dr. Ramon Lawrence, Scott Fazackerley Overview Introduction Compute Unified Device Architecture (CUDA) Advanced
More informationECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos
ECE596C: Handout #7 Analysis of DES and the AES Standard Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract. In this lecture we analyze the security properties of DES and
More informationSide channel attack: Power Analysis. Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut
Side channel attack: Power Analysis Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut Conventional Cryptanalysis Conventional cryptanalysis considers crypto systems as mathematical objects Assumptions:
More informationSharing Resources Between AES and the SHA-3 Second Round Candidates Fugue and Grøstl
Sharing Resources Between AES and the SHA-3 Second Round Candidates Fugue and Grøstl Kimmo Järvinen Department of Information and Computer Science Aalto University, School of Science and Technology Espoo,
More informationAES Advanced Encryption Standard
AES Advanced Encryption Standard AES is iterated block cipher that supports block sizes of 128-bits and key sizes of 128, 192, and 256 bits. The AES finalist candidate algorithms were MARS, RC6, Rijndael,
More informationAES Core Specification. Author: Homer Hsing
AES Core Specification Author: Homer Hsing homer.hsing@gmail.com Rev. 0.1.1 October 30, 2012 This page has been intentionally left blank. www.opencores.org Rev 0.1.1 ii Revision History Rev. Date Author
More informationDigital Logic Design using Verilog and FPGA devices Part 2. An Introductory Lecture Series By Chirag Sangani
Digital Logic Design using Verilog and FPGA devices Part 2 An Introductory Lecture Series By A Small Recap Verilog allows us to design circuits, FPGAs allow us to test these circuits in real-time. The
More informationSecret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design:
Secret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design: Secret Key Systems (block encoding) Encrypting a small block of text (say 64
More informationArea Optimization in Masked Advanced Encryption Standard
IOSR Journal of Engineering (IOSRJEN) ISSN (e): 2250-3021, ISSN (p): 2278-8719 Vol. 04, Issue 06 (June. 2014), V1 PP 25-29 www.iosrjen.org Area Optimization in Masked Advanced Encryption Standard R.Vijayabhasker,
More informationSymmetric Key Encryption. Symmetric Key Encryption. Advanced Encryption Standard ( AES ) DES DES DES 08/01/2015. DES and 3-DES.
Symmetric Key Encryption Symmetric Key Encryption and 3- Tom Chothia Computer Security: Lecture 2 Padding Block cipher modes Advanced Encryption Standard ( AES ) AES is a state-of-the-art block cipher.
More informationApache Commons Crypto: Another wheel of Apache Commons. Dapeng Sun/ Xianda Ke
Apache Commons Crypto: Another wheel of Apache Commons Dapeng Sun/ Xianda Ke About us Dapeng Sun @Intel Apache Commons Committer Apache Sentry PMC Xianda Ke @Intel Apache Commons Crypto Apache Pig(Pig
More informationLecture 2B. RTL Design Methodology. Transition from Pseudocode & Interface to a Corresponding Block Diagram
Lecture 2B RTL Design Methodology Transition from Pseudocode & Interface to a Corresponding Block Diagram Structure of a Typical Digital Data Inputs Datapath (Execution Unit) Data Outputs System Control
More informationCourse Business. Midterm is on March 1. Final Exam is Monday, May 1 (7 PM) Allowed to bring one index card (double sided) Location: Right here
Course Business Midterm is on March 1 Allowed to bring one index card (double sided) Final Exam is Monday, May 1 (7 PM) Location: Right here 1 Cryptography CS 555 Topic 18: AES, Differential Cryptanalysis,
More informationContent of this part
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 5 More About Block Ciphers Israel Koren ECE597/697 Koren Part.5.1 Content of this
More informationDEMYSTIFYING INTEL IVY BRIDGE MICROARCHITECTURE
DEMYSTIFYING INTEL IVY BRIDGE MICROARCHITECTURE Roger Luis Uy College of Computer Studies, De La Salle University Abstract: Tick-Tock is a model introduced by Intel Corporation in 2006 to show the improvement
More informationMasking as a Side-Channel Countermeasure in Hardware
Masking as a Side-Channel Countermeasure in Hardware 6. September 2016 Ruhr-Universität Bochum 1 Agenda Physical Attacks and Side Channel Analysis Attacks Measurement setup Power Analysis Attacks Countermeasures
More informationUNIT - II Traditional Symmetric-Key Ciphers. Cryptography & Network Security - Behrouz A. Forouzan
UNIT - II Traditional Symmetric-Key Ciphers 1 Objectives To define the terms and the concepts of symmetric key ciphers To emphasize the two categories of traditional ciphers: substitution and transposition
More information18-642: Cryptography 11/15/ Philip Koopman
18-642: Cryptography 11/15/2017 Cryptography Overview Anti-Patterns for Cryptography Using a home-made cryptographic algorithm Using private key when public key is required Not considering key distribution
More informationChapter 7 Advanced Encryption Standard (AES) 7.1
Chapter 7 Advanced Encryption Standard (AES) 7.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 7 Objectives To review a short history of AES To define
More informationImplementation of Full -Parallelism AES Encryption and Decryption
Implementation of Full -Parallelism AES Encryption and Decryption M.Anto Merline M.E-Commuication Systems, ECE Department K.Ramakrishnan College of Engineering-Samayapuram, Trichy. Abstract-Advanced Encryption
More informationAES as A Stream Cipher
> AES as A Stream Cipher < AES as A Stream Cipher Bin ZHOU, Kris Gaj, Department of ECE, George Mason University Abstract This paper presents implementation of advanced encryption standard (AES) as a stream
More informationWeek 5: Advanced Encryption Standard. Click
Week 5: Advanced Encryption Standard Click http://www.nist.gov/aes 1 History of AES Calendar 1997 : Call For AES Candidate Algorithms by NIST 128-bit Block cipher 128/192/256-bit keys Worldwide-royalty
More informationCompact Dual Block AES core on FPGA for CCM Protocol
Compact Dual Block AES core on FPGA for CCM Protocol João Carlos C. Resende Ricardo Chaves 1 Compact Dual Block AES core on FPGA for CCM Protocol João CC Resende & Ricardo Chaves Outline Introduction &
More informationComparison of Performance of AES Standards Based Upon Encryption /Decryption Time and Throughput
Comparison of Performance of AES Standards Based Upon Encryption /Decryption Time and Throughput Miss Navraj Khatri Mr Jagtar Singh Mr Rajeev dhanda NCCE,Israna,K.U Senior lecturer,ncce,israna,k.u Assistant
More informationBYTE SLICING GRØSTL Optimized Intel AES-NI and 8-bit Implementations of the SHA-3 Finalist Grøstl
BYTE SLICING GRØSTL Optimized Intel AES-NI and 8-bit Implementations of the SHA-3 Finalist Grøstl Kazumaro Aoki 1, Günther Roland 2, Yu Sasaki 1 and Martin Schläffer 2 1 NTT Corporation, Japan 2 IAIK,
More informationContent of this part
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 4 The Advanced Encryption Standard (AES) Israel Koren ECE597/697 Koren Part.4.1
More informationElastic Block Ciphers: The Feistel Cipher Case
Elastic Block Ciphers: The Feistel Cipher Case Debra L. Cook Moti Yung Angelos D. Keromytis Department of Computer Science Columbia University, New York, NY dcook,moti,angelos @cs.columbia.edu Technical
More informationGoals for Today. Substitution Permutation Ciphers. Substitution Permutation stages. Encryption Details 8/24/2010
Encryption Details COMP620 Goals for Today Understand how some of the most common encryption algorithms operate Learn about some new potential encryption systems Substitution Permutation Ciphers A Substitution
More informationBlock Cipher Modes of Operation
Block Cipher Modes of Operation Luke Anderson luke@lukeanderson.com.au 23 rd March 2018 University Of Sydney Overview 1. Crypto-Bulletin 2. Modes Of Operation 2.1 Evaluating Modes 2.2 Electronic Code Book
More informationCryptographic Implementations In Digital Design
EECS 151 Spring 2018 Cryptographic Implementations In Digital Design 1 Cryptography and Digital Implementations Cryptography has long been a "typical" application for digital design A large repetitive
More informationDaniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven
Goals of authenticated encryption Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven More details, credits: competitions.cr.yp.to /features.html Encryption sender
More informationSide-Channel Protections for Cryptographic Instruction Set Extensions
Side-Channel Protections for Cryptographic Instruction Set Extensions Sami Saab, Pankaj Rohatgi, and Craig Hampel Rambus Cryptography Research Division 425 Market St Fl 11 San Francisco CA 94105 2496 {firstname}.{lastname}@cryptography.com
More informationA Novel Approach of Area Optimized and pipelined FPGA Implementation of AES Encryption and Decryption
International Journal of Scientific and Research Publications, Volume 3, Issue 9, September 2013 1 A Novel Approach of Area Optimized and pipelined FPGA Implementation of AES Encryption and Decryption
More informationB L O C K C I P H E R S
4 B L O C K C I P H E R S During the Cold War, the US and Soviets developed their own ciphers. The US government created the Data Encryption Standard (DES), which was adopted as a federal standard from
More informationCSCI 454/554 Computer and Network Security. Topic 3.1 Secret Key Cryptography Algorithms
CSCI 454/554 Computer and Network Security Topic 3.1 Secret Key Cryptography Algorithms Outline Introductory Remarks Feistel Cipher DES AES 2 Introduction Secret Keys or Secret Algorithms? Security by
More informationA New hybrid method in watermarking using DCT and AES
International Journal of Engineering Research and Development e-issn: 2278-067X, p-issn: 2278-800X, www.ijerd.com Volume 10, Issue 11 (November 2014), PP.64-69 A New hybrid method in watermarking using
More informationLow area implementation of AES ECB on FPGA
Total AddRoundkey_3 MixCollumns AddRoundkey_ ShiftRows SubBytes 1 Low area implementation of AES ECB on FPGA Abstract This project aimed to create a low area implementation of the Rajindael cipher (AES)
More informationFAULT DETECTION IN THE ADVANCED ENCRYPTION STANDARD. G. Bertoni, L. Breveglieri, I. Koren and V. Piuri
FAULT DETECTION IN THE ADVANCED ENCRYPTION STANDARD G. Bertoni, L. Breveglieri, I. Koren and V. Piuri Abstract. The AES (Advanced Encryption Standard) is an emerging private-key cryptographic system. Performance
More information18-642: Cryptography
18-642: Cryptography 4/16/2018 Cryptography [without system integrity] is like investing in an armored car to carry money between a customer living in a cardboard box and a person doing business on a park
More informationDesign of an Efficient Architecture for Advanced Encryption Standard Algorithm Using Systolic Structures
Design of an Efficient Architecture for Advanced Encryption Standard Algorithm Using Systolic Structures 1 Suresh Sharma, 2 T S B Sudarshan 1 Student, Computer Science & Engineering, IIT, Khragpur 2 Assistant
More informationCryptography Functions
Cryptography Functions Lecture 3 1/29/2013 References: Chapter 2-3 Network Security: Private Communication in a Public World, Kaufman, Perlman, Speciner Types of Cryptographic Functions Secret (Symmetric)
More informationFaster and Timing-Attack Resistant AES-GCM
Faster and Timing-Attack Resistant AES-GCM Emilia Käsper 1 and Peter Schwabe 2 1 Katholieke Universiteit Leuven, ESAT/COSIC Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium emilia.kasper@esat.kuleuven.be
More informationHOST Cryptography III ECE 525 ECE UNM 1 (1/18/18)
AES Block Cipher Blockciphers are central tool in the design of protocols for shared-key cryptography What is a blockcipher? It is a function E of parameters k and n that maps { 0, 1} k { 0, 1} n { 0,
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 7 September 23, 2015 CPSC 467, Lecture 7 1/1 Advanced Encryption Standard AES Alternatives CPSC 467,
More informationImplementation and Performance analysis of Skipjack & Rijndael Algorithms. by Viswnadham Sanku ECE646 Project Fall-2001
Implementation and Performance analysis of Skipjack & Rijndael Algorithms by Viswnadham Sanku ECE646 Project Fall-2001 TABLE OF CONTENTS TABLE OF CONTENTS 2 1. OBJECTIVE 3 2. SKIPJACK CIPHER 3 2.1 CIPHER
More informationAnalyzing the Generation and Optimization of an FPGA Accelerator using High Level Synthesis
Paper Analyzing the Generation and Optimization of an FPGA Accelerator using High Level Synthesis Sebastian Kaltenstadler Ulm University Ulm, Germany sebastian.kaltenstadler@missinglinkelectronics.com
More informationASIC Performance Comparison for the ISO Standard Block Ciphers
ASIC Performance Comparison for the ISO Standard Block Ciphers Takeshi Sugawara 1, Naofumi Homma 1, Takafumi Aoki 1, and Akashi Satoh 2 1 Graduate School of Information Sciences, Tohoku University Aoba
More informationH must be collision (2n/2 function calls), 2nd-preimage (2n function calls) and preimage resistant (2n function calls)
What is a hash function? mapping of: {0, 1} {0, 1} n H must be collision (2n/2 function calls), 2nd-preimage (2n function calls) and preimage resistant (2n function calls) The Merkle-Damgård algorithm
More informationFaster and Timing-Attack Resistant AES-GCM
Faster and Timing-Attack Resistant AES-GCM Emilia Käsper 1 and Peter Schwabe 2, 1 Katholieke Universiteit Leuven, ESAT/COSIC Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium emilia.kasper@esat.kuleuven.be
More informationBlock Ciphers: Fast Implementations on x86-64 Architecture
Block Ciphers: Fast Implementations on x86-64 Architecture University of Oulu Department of Information Processing Science Master s Thesis Jussi Kivilinna May 20, 2013 Abstract Encryption is being used
More informationCryptography Symmetric Cryptography Asymmetric Cryptography Internet Communication. Telling Secrets. Secret Writing Through the Ages.
Telling Secrets Secret Writing Through the Ages William Turner Department of Mathematics & Computer Science Wabash College Crawfordsville, IN 47933 Tuesday 4 February 2014 W. J. Turner Telling Secrets
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 5a January 29, 2013 CPSC 467b, Lecture 5a 1/37 Advanced Encryption Standard AES Alternatives CPSC 467b,
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 3.1 Secret Key Cryptography Algorithms Instructor: Dr. Kun Sun Outline Introductory Remarks Feistel Cipher DES AES 2 Introduction Secret Keys or Secret Algorithms?
More informationDesign and Implementation of Rijndael Encryption Algorithm Based on FPGA
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 2, Issue. 9, September 2013,
More informationAn Instruction Set Extension for Fast and Memory- Efficient AES Implementation. Stefan Tillich, Johann Großschädl, Alexander Szekely
Institute for Applied Information Processing and Communications () GRAZ UNIVERSITY OF TECHNOLOGY An Instruction Set Extension for Fast and Memory- Efficient AES Implementation Stefan Tillich, Johann Großschädl,
More informationIntel Software Guard Extensions (Intel SGX) Memory Encryption Engine (MEE) Shay Gueron
Real World Cryptography Conference 2016 6-8 January 2016, Stanford, CA, USA Intel Software Guard Extensions (Intel SGX) Memory Encryption Engine (MEE) Shay Gueron Intel Corp., Intel Development Center,
More informationData Encryption Standard (DES)
Data Encryption Standard (DES) Best-known symmetric cryptography method: DES 1973: Call for a public cryptographic algorithm standard for commercial purposes by the National Bureau of Standards Goals:
More informationThe Grindahl hash functions
The Grindahl hash functions Søren S. Thomsen joint work with Lars R. Knudsen Christian Rechberger Fast Software Encryption March 26 28, 2007 Luxembourg 1/ 17 1 Introduction 2 Grindahl 3 Design considerations
More informationImplementation and Comparative Analysis of AES as a Stream Cipher
Implementation and Comparative Analysis of AES as a Stream Cipher Bin ZHOU, Yingning Peng Dept. of Electronic Engineering, Tsinghua University, Beijing, China, 100084 e-mail: zhoubin06@mails.tsinghua.edu.cn
More informationBlock Ciphers. Lucifer, DES, RC5, AES. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk Block Ciphers 1
Block Ciphers Lucifer, DES, RC5, AES CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk Block Ciphers 1 ... Block Ciphers & S-P Networks Block Ciphers: Substitution ciphers
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 5 January 23, 2012 CPSC 467b, Lecture 5 1/35 Advanced Encryption Standard AES Alternatives CPSC 467b,
More informationComb to Pipeline: Fast Software Encryption Revisited
Comb to Pipeline: Fast Software Encryption Revisited Andrey Bogdanov (B), Martin M. Lauridsen, and Elmar Tischhauser DTU Compute, Technical University of Denmark, Kgs. Lyngby, Denmark {anbog,mmeh,ewti}@dtu.dk
More informationPiret and Quisquater s DFA on AES Revisited
Piret and Quisquater s DFA on AES Revisited Christophe Giraud 1 and Adrian Thillard 1,2 1 Oberthur Technologies, 4, allée du doyen Georges Brus, 33 600 Pessac, France. c.giraud@oberthur.com 2 Université
More informationOn-Line Self-Test of AES Hardware Implementations
On-Line Self-Test of AES Hardware Implementations G. Di Natale, M. L. Flottes, B. Rouzeyre Laboratoire d Informatique, de Robotique et de Microélectronique de Montpellier Université Montpellier II / CNRS
More informationENEE 459-C Computer Security. Symmetric key encryption in practice: DES and AES algorithms
ENEE 459-C Computer Security Symmetric key encryption in practice: DES and AES algorithms A perfect encryption of a block Say you have a block of n bits You want to encrypt it You want to use the same
More informationThe Use of Finite Field GF(256) in the Performance Primitives Intel IPP
The Use of Finite Field GF() in the Performance Primitives Intel IPP Software & Service Group/ VCSD/CIP/IPP Sergey Kirillov Oct, 00 Agenda Short IPP review GF() operations being in focus Methods for implementation
More informationHardware Implementation of Cryptosystem by AES Algorithm Using FPGA
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology ISSN 2320 088X IMPACT FACTOR: 6.017 IJCSMC,
More informationThroughput/code size trade-off for stream ciphers
Throughput/code size trade-off for stream ciphers Cédric Lauradoux INRIA, Domaine de Voluceau, Rocquencourt, BP 105, 78153 Le Chesnay Cedex, France Email : cedric.lauradoux@inria.fr Abstract. The profile
More informationSymmetric Cryptography
CSE 484 (Winter 2010) Symmetric Cryptography Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials...
More informationElastic Block Ciphers: The Feistel Cipher Case
Elastic Block Ciphers: The Feistel Cipher Case Debra L. Cook Moti Yung Angelos D. Keromytis Department of Computer Science Columbia University, New York, NY dcook,moti,angelos @cs.columbia.edu Technical
More informationFPGA Based Implementation of AES Encryption and Decryption with Verilog HDL
FPGA Based Implementation of AES Encryption and Decryption with Verilog HDL Y.Aruna 1, Prof.S.N.Shelke 2 M.Tech (Electronics), JDCOE, Nagpur. Abstract: Security is the most important part in data communication
More informationCS155. Cryptography Overview
CS155 Cryptography Overview Cryptography Is n n A tremendous tool The basis for many security mechanisms Is not n n n n The solution to all security problems Reliable unless implemented properly Reliable
More informationThe SKINNY Family of Lightweight Tweakable Block Ciphers
The SKINNY Family of Lightweight Tweakable Block Ciphers Jérémy Jean joint work with: Christof Beierle Stefan Kölbl Gregor Leander Amir Moradi Thomas Peyrin Yu Sasaki Pascal Sasdrich Siang Meng Sim CRYPTO
More informationBlock Ciphers. Advanced Encryption Standard (AES)
Network Security - ISA 656 Angelos Stavrou September 28, 2008 Codes vs. K = {0, 1} l P = {0, 1} m C = {0, 1} n, C C E : P K C D : C K P p P, k K : D(E(p, k), k) = p It is infeasible to find F : P C K Let
More informationSOLUTIONS FOR HOMEWORK # 1 ANSWERS TO QUESTIONS
SOLUTIONS OR HOMEWORK # 1 ANSWERS TO QUESTIONS 2.4 A stream cipher is one that encrypts a digital data stream one bit or one byte at a time. A block cipher is one in which a block of plaintext is treated
More information