Implementation and Analysis of the PRIMATEs Family of Authenticated Ciphers
|
|
- Dina Rich
- 5 years ago
- Views:
Transcription
1 Implementation and Analysis of the PRIMATEs Family of Authenticated Ciphers Ahmed Ferozpuri Abstract Lightweight devices used for encrypted communication require a scheme that can operate in a low resource environment where it may be required to produce decrypted text without verification, to provide resistance to a non-unique nonce and DPA side channel attacks. Such a scheme is provided by the PRIMATEs family of authenticated ciphers. This paper will compare; the hardware implementation of the PRIMATEs, the hardware and software performance, and benchmarking / optimization results. In order to verify the hardware implementation is valid, the results were matched with the output of the C-code implementation. Additionally, execution of the software on an ultra-low power TI MSP microcontroller was analyzed and compared to the hardware timing. The comparison will also provide an FPGA resource utilization summary with timing analysis, and benchmarking results in different FPGA implementations. The results will show how PRIMATEs perform in different environments, comparatively to each other and other algorithms. Index Terms Authenticated Encryption, ATHENa, CAESAR, duplex, FPGA, hardware, lightweight, misuse resistance, PRIMATEs, sponge, duplex I. INTRODUCTION Authenticated Encryption (AE) is an encryption scheme that allows data communication with both privacy and authenticity. For lightweight communication devices AE is a valuable tool, but resource costs are a primary concern, and any AE scheme in this environment must offer a low resource cost with sufficient throughput. Offering both 80-bit and 120- bit mode, the PRIMATEs family of authenticated ciphers offers AE at low resource costs. According to the definition of AE, no message block should be released until the tag is verified. Unfortunately, this is only possible after the entire ciphertext is processed and would require buffering the entire message, which may not be possible with limited memory. The PRIMATEs construction allows for the Release of Unverified Plaintext (RUP), which accommodates such low memory environments. Additionally, the internal state can be either 200 or 280 bits, which leave a small memory footprint during execution and also minimizes processor usage. This paper was submitted on December 7, 2014 for peer review at George Mason University (GMU). The next few paragraphs should contain the authors current affiliations, including current address and . A. Q. Ferozpuri is currently a graduate student at GMU, Fairfax, VA. A. The PRIMATEs Family of Authenticated Ciphers The PRIMATEs family of authenticated ciphers is designed for lightweight cryptographic targets, where resources are limited and efficiency is of paramount concern. There are three modes of operation in the PRIMATEs family: APE, HANUMAN, and GIBBON, with two security levels: 80 and 120 bits. The three modes of operation have trade-offs in security and performance. The most secure mode is APE, but both APE and HANUMAN are provably secure. On the other hand, GIBBON is intended for lightweight applications, where speed, area, cost, power and energy are paramount, and a security proof is not required. The duplex sponge construction of the algorithms, enables either producing an output after a permutation on the input or simultaneously. In both cases, it is possible to perform RUP. B. Duplex Sponge Structure A sponge transformation used a fixed-length permutation with a padding rule to map a variable length input to a variable length output. In the case of AE, this is a very useful property because there can be many input blocks that produce corresponding output blocks based on the sponge transformation. During the input process, data is absorbed like a sponge into different permutation blocks and after all stages of input are complete, the squeezing begins where output can be taken. This process is shown below in Figure 1. Figure 1 - The Sponge Construction. Source [1]. The duplex sponge transformation has the same properties of the sponge transformation, except data is ready immediately after the permuted input - see Figure 2.
2 Figure 2 - The Duplex Sponge Construction. Source [1]. The inspiration for APE came from SpongeWrap[4], but it differs in that the output is taken directly from the state as opposed to key stream generation for encryption. PRIMATEs use this duplex sponge structure, which allows for the RUP and receiving an output block right after the input. The sponge construction of PRIMATEs follows Figure 2 for APE, however, HANUMAN and GIBBON use a modified construction, shown in Figure 3. Figure 3 - Modified Duplex Sponge. Source [2]. The sponge structure of the PRIMATEs family facilitates RUP and efficient stream processing. The permutations shown above are p 1 and p 4, and each take 12 rounds. Therefore, APE will ideally take 12 cycles to produce the output block, where HANUMAN and GIBBON can give the result in the same clock cycle. However, before the next input can be processed for the latter two the corresponding permutation must be completed first. C. The PRIMATE Permutation The internal state of APE, V, is either a 5 8 or 7 8 matrix consisting of 5-bit blocks or elements totaling either 200 or 280 bit. The first row of this matrix in either case in known as V r, or the rate portion of the state, and the remaining elements are the capacity, V c. All permutations are performed on V, and the output is taken from V r when required. Figure 4 below illustrates the state matrix in 200-bit mode. Figure bit 5 5 State Matrix There are four transformations performed in one round: SubElements (SE), ShiftRows (SR), MixColumns (MC), and ConstantAddition (CA). The order of PRIMATE transformation is SE SR MC CA, and the inverse permutation is CA -1 MC -1 SR -1 SE -1. Only APE uses the inverse permutation during decryption. SubElements is a 5-bit S-box transformation on each element, SR shifts rows with a different constant, MC follows a wide trail strategy, and CA generates a round constant using a Fibonacci Linear Feedback Shift Register (LFSR). In the hardware implementation, the PRIMATE permutation block is called PN, which represents all possible permutations for each PRIMATE algorithm - including inverse mode. These permutations differ in the number of rounds, either 6 or 12, and the initial value of the LFSR - see [2] for a complete description of the PRIMATE permutation. D. The APE PRIMATE APE has the most security features and also offers input key and IV sizes of either 160 or 240 bits. The APE PRIMATE permutation requires 12 rounds to produce an output and permutes over each block in the initialization vector (IV), associated data (AD), and message or cipher text. Permutation over the IV is unique to APE in the PRIMATEs family, and this property allows for nonce misuse resistance. In fact, APE is claimed to be the first permutation-based and nonce misuse resistant authenticated encryption scheme[3]. Also, because the nonce is treated the same as associated data, it is not strictly required. The security features of APE comparatively cost more in hardware due to more multiplexed logic required as input to PN, and additional control logic for decryption. Additionally, in order to execute decryption, PN must be capable of operating in both normal and reverse order requiring the instantiation of both regular and inverse permutations. This makes the dual mode PN comparatively larger by 4 permutation blocks. Although the area in hardware would be larger because of this, the throughput should not suffer since either permutation path can be chosen. E. The HANUMAN and GIBBON PRIMATEs Both the HANUMAN and GIBBON PRIMATEs share the same duplex sponge construction, offer less security features, and require no inverse permutations. In fact, the algorithm for both encryption and decryption are nearly identical. The nonce must be unique in both algorithms to achieve confidentiality or the XOR of the first message blocks can be determined from the XOR of the ciphertext blocks. The associated data is processed in an independent permutation, which helps to prevent against forgery attacks. However, attacks can be found if a collision occurs in the capacity part of the state, but only after approximately 2 c/2 steps of the permutation, where c is the capacity [2]. II. HARDWARE DESIGN OVERVIEW In order to simulate the PRIMATE cipher, a top level interface was implemented to receive blocks of 40 bits from a public and secret FIFO and the results were sent to an output
3 FIFO. Figure 5 shows a diagram of the top level unit with associated FIFOs used in the design and simulation for verification. This scheme allows the removal of any ambiguity between comparisons of the different algorithms and allowed for a practical testing scenario. PN in the hardware design, and consists of the sequence SE SR MC CA, with inverse mode capability. However, the inverse mode is only instantiated for APE decryption. Figure 7 - General Datapath Approach Figure 5 - Top Level Interface[5] A closer look in to the Cipher Core block, illustrated below in Figure 6, shows the separation between the actual PRIMATE Cipher (PC) and the Data Processor (DP), which is used to interface with the I/O FIFOs. The PC has access to all required data and is controlled by 5 sync signals and produces a done signal when the current permutation is complete. This design allows for isolation of the cipher and facilitates analysis. B. Algorithm Flow Control Design Ideally during data processing, a block of data is read and processed as soon as it is available, unless the PC requires some intermediate processing on the state. In the latter case, data from the FIFO must not be read. In order to separate the data processing flow control from the algorithm flow control the approach shown below in Figure 8 was used. Figure 8 - General Control Approach The Data Flow Ctrl block has control parameters that indicate to the FIFO Driver what type of processing will be required for IV, AD, M/C, and Tag segments. The format of data communication is shown below in Figure 9. A. Cipher Datapath Design Figure 6 - Inside the Cipher Core The datapath of all PRIMATEs was designed using the same general method shown below in Figure 7. There are n functions denoted f n of (K, IV, X, T_i, and p o ), where K is the key, IV is the nonce, X is either a message or ciphertext block, and T_i is the input tag. These functions are multiplexed in to a registered transformation, which produce outputs that can be used as feedback. The output, Y, is either a message or ciphertext block and along with the T_o, the output tag, they can be used as required. This interface can also be verified in Figure 6, and was used to design each PRIMATE. The registered transformation is the permutation block, known as Figure 9 - Cipher Core Communication Format During data processing, it was assumed that these segments will always be in the order shown in Figure 9. As shown in Figure 8, the Algorithm Flow Ctrl block is located inside the CIPHER, which corresponds to PC. Separation of the Algorithm Flow Ctrl facilitated analysis of each PRIMATE algorithm s control independently.
4 III. HARDWARE VERIFICATION In order to verify the functional correctness each PRIMATE hardware implementation, waveforms were generated and compared to the corresponding output from the reference C implementation with the same stimuli. Additionally, all combinations of empty AD and message/ciphertext block data segments were verified for each PRIMATE. The order of verification was to start with the smallest components, and then PN, and finally the datapath for each PRIMATE. After the datapath was verified, the next step was to implement and verify the control logic illustrated in Figure 8. A. Work Flow Overview As shown below in Figure 10, Eclipse was used to generate test vectors from the reference C implementation. For each permutation, the output was displayed for each round. IV. HARDWARE COMPARISON During development in Xilinx ISE Webpack, the Xilinx Virtex-6 XC6VLX75T FF784 device was targeted for implementation. All results generated, other than from ATHENa, are for the Virtex-6 device. For benchmark results from ATHENa, the Xilinx Spartan-3 and Virtex-5 device results are shown. A. Datapath FPGA Utilization Using the general approach shown in Figure 7, each PRIMATE was designed the same way. The results shown below in Table 1 are from synthesis in Xilinx ISE Webpack of each datapath. It is clear that APE takes the largest area, followed by HANUMAN and GIBBON. Additionally, if APE encryption is analyzed without the inverse PN, the size of APE with decryption, denoted APE(D) in Table 1 below, is consistent with the results. Specifically, APE (D) APE(E) + HANUMAN, which is consistent with the design since APE (D) requires double the permutation blocks for inverse mode. Table 1 - Datapath FPGA Utilization B. Control FPGA Utilization Figure 10 - Workflow Overview Xilinx ISE Webpack was used to write the VHDL code, and ISim was used to generate and verify the waveform matched the expected test vector. However, prior to verification of the test vectors, the algorithm state was properly verified by examining the state machines of Algorithm Flow Ctrl and FIFO Drivers shown in Figure 8. Once the flow control was correct then the expected output was confirmed, and this process facilitated quickly fixing errors. B. Test Vector Selection and Procedure The first case that was verified for each algorithm was the case where there is no AD or message / ciphertext (M/C) data to process. The only output to verify in this case is the tag, but the internal state was also confirmed. Let cases be written as (AD,M/C), indicating the number of blocks for each data type. As shown in Figure 10, the order of test cases was (0,0) (1,0) (2,0) (0,1) (0,2) (1,1) (2,2). The only way to move to the next case was if the previous cases all worked. For example, if one failed, then changes would be made to fix the problem, and the previous cases were verified again. This allowed to check for any possible side effects of the current fix and also helped to design the system better overall. Using the general approach shown in Figure 8, each PRIMATE controller was designed the same way. The results shown below in Table 2 are from synthesis in Xilinx ISE Webpack of each controller, named Algorithm Flow Ctrl in Figure 8. Since each controller corresponds to a state machine, only state information is analyzed. Table 2 - Control FPGA Utilization It is clear that GIBBON has the largest number of states, nearly double that of HANUMAN. This can be explained by looking at the clock cycle summary provided in Table 5, which indicates that GIBBON has many dependencies and preprocessing when input is not being received. For example, GIBBON runs p 2 initially if at least one block of AD is present, or it does not execute any permutations for the AD segment. This type of control logic makes the finite state machine comparatively more complex.
5 C. Overall FPGA Utilization Using Xilinx ISE Webpack for implementation, the results shown below in Table 3 were generated for the target Virtex 6 FPGA. The maximum frequency generated was based on a constraint of a 10ns input clock. represent the number of IV blocks, m, the number of AD blocks, and n the number of M/C blocks. Table 5 - Clock Cycles Overview Note: The + symbol indicates that even empty M/C blocks will have at least 1 permutation executed. [12] indicates that if in the case of empty AD, this value will be 0. Table 3 - Overall FPGA Utilization As expected, APE has the largest area in terms of slices, and GIBBON can achieve highest max frequency. Both HANUMAN and GIBBON have slower maximum frequencies, which may be due to the fact that both of they use 12 rounds as opposed to 6 for GIBBON. D. ATHENa Benchmarking Results After each algorithm was verified to be functionally correct, the waveform was analyzed to create values for throughput and latency of AD and M/C blocks. Both HANUMAN and GIBBON have the same performance for AD and M/C blocks, while APE performs slightly worse for processing M/C blocks. APE and HANUMAN perform the worst according to this analysis for throughput and latency of AD blocks and throughput of M/C blocks. APE has the worst latency for processing M/C blocks. ATHENa is a tool developed at George Mason University, and is used for the evaluation of cryptographic cores, and it was used to generate benchmarking results for the Xilinx Virtex-6 FPGA. The results for throughput, throughput/area, latency, latency*area, and area are shown below in Table 4. Table 6 - Waveform-based Throughput and Latency results. Note: The bus width is 40-bits and latency calculations are based on a 4MHz clock to a low-power application on a TI MSP430F5229. The number of bonded IOBs was 135. B. Software Testing Overview Table 4 - ATHENa Benchmarking Results According to the results in Table 4, all algorithms have very similar throughput, with GIBBON being marginally better. This is expected since GIBBON executes 6 rounds on a block. However, compared to the results in Table 6, GIBBON was expected to give better comparative results. The throughput / area are worst for APE, but the total area is smaller than shown in Table 3. HANUMAN has the worst latency results, which is similar to the results in Table 6. However, the comparative latency increase is higher in Table 4. V. SOFTWARE AND HARDWARE EXECUTION COMPARISON In order to compare the execution timing in hardware and software, execution on a low power microcontroller was compared to the hardware timing results. A. Hardware Timing The hardware timing was analyzed based upon the algorithm specification, and is shown below in Table 5. Let k In order to get an idea of PRIMATEs performance on a lightweight device, the ultra-low power MSP430F5229 Launchpad from Texas Instruments was used. As shown below in Figure 11, the character E is displayed first, and indicates encryption of 10 bytes ABCDEFGHIJ has begun. After some time, D appears to show decryption has started. The result of ABCDEFGHIJ is displayed afterwards only if decryption is successful, as shown in Figure 11. The same test was repeated using only 5 message blocks, displaying ABCDE. These results were used to determine the latency and throughput of execution on the Launchpad. For simplicity, only the results M/C latency were analyzed. The software submitted by PRIMATEs to the Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR) was executed on the Launchpad. However, a few small modifications were made to allow TI s Code Composer Studio (CCS) to compile and run the code. The code consists only calling the standard CAESAR required encrypt and decrypt functions, after which the decrypted message is iterated though and displayed on the LCD. During execution, the only other functions invoked were to display output before and after the encrypt/decrypt function calls.
6 This test represents the best case scenario for executing PRIMATEs, where no other concurrent processing occurs. Additionally, the average execution time of 12 runs for each algorithm processing either 5 or 10 bytes was used in the timing analysis. VI. CONCLUSION The PRIMATEs family of Authenticated Ciphers requires a low number of FPGA slices, with the largest belonging to APE. The GIBBON PRIMATE has more complex state logic, but all PRIMATEs have similar throughput, throughput/area, and latency, as shown in Table 4. The throughput values are based on a standard block size of 40-bits, but it is possible to increase this value at the cost of latency. The comparison between hardware and software shows a vast improvement executing PRIMATEs in hardware, which was expected. However, it is important to note that an optimized version of the software code may produce better throughput and latency results. Each PRIMATE offers its own unique benefits and all of them can operate in a low resource environments; requiring a comparably small amount of memory and processor resources. Figure 11 - Software Execution Environment C. Software Timing Results The software timing was recorded by a stopwatch because it took longer than one second for encryption, and the results are shown below in Table 7. Please note, the clock frequency of 4MHz on the Launchpad was used to simulate a low power environment, but it could be clocked faster. Table 7 - Software Timing Results The speedup in throughput for hardware compared to software is on average on the order of ~10 7 and for latency about ~10 4. The reason for this large speedup maybe due to the fact the reference C implementation was created for a nonembedded environment and not optimized for embedded execution. It may possible to have much faster execution with modification to the code. ACKNOWLEDGMENT I would like to thank for Dr. Kris Gaj, associate professor at George Mason University, for offering valuable feedback during the implementation of the PRIMATEs family of Authenticated Ciphers. His feedback greatly assisted me in determining an efficient and effective solution. REFERENCES [1] Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Cryptographic Sponge Functions, available at [2] Andreeva, E., Bilgin, B., Bogdanov, A., Luykx, A., Mennink, B., Mouha, N., Yasuda, K.: PRIMATEs v Submission to the CAESAR Competition. [3] Andreeva, E., Bilgin, B., Bogdanov, A., Luykx, A., Mennink, B., Mouha, N., Yasuda, K.: APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography. In: FSE Lecture Notes in Computer Science, Springer (2014) [4] Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the Sponge: Single-Pass Authenticated Encryption and Other Applications. In: Miri, A., Vaudenay, S. (eds.) Selected Areas in Cryptography Lecture Notes in Computer Science, vol. 7118, pp Springer (2012) [5] Gaj, K. : Interface of Ciphers and Authenticated Ciphers,available at nterface.pdf
SHA3 Core Specification. Author: Homer Hsing
SHA3 Core Specification Author: Homer Hsing homer.hsing@gmail.com Rev. 0.1 January 29, 2013 This page has been intentionally left blank. www.opencores.org Rev 0.1 ii Rev. Date Author Description 0.1 01/29/2013
More informationAPE: Authenticated Permutation-Based Encryption for Lightweight Cryptography
APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography Elena Andreeva, Begül Bilgin, Andrey Bogdanov, Atul Luykx, Bart Mennink, Nicky Mouha, Kan Yasuda KU Leuven, UTwente, DTU, NTT
More informationFPGA Implementation of High Speed AES Algorithm for Improving The System Computing Speed
FPGA Implementation of High Speed AES Algorithm for Improving The System Computing Speed Vijaya Kumar. B.1 #1, T. Thammi Reddy.2 #2 #1. Dept of Electronics and Communication, G.P.R.Engineering College,
More informationAES as A Stream Cipher
> AES as A Stream Cipher < AES as A Stream Cipher Bin ZHOU, Kris Gaj, Department of ECE, George Mason University Abstract This paper presents implementation of advanced encryption standard (AES) as a stream
More informationC vs. VHDL: Benchmarking CAESAR Candidates Using High- Level Synthesis and Register- Transfer Level Methodologies
C vs. VHDL: Benchmarking CAESAR Candidates Using High- Level Synthesis and Register- Transfer Level Methodologies Ekawat Homsirikamol, William Diehl, Ahmed Ferozpuri, Farnoud Farahmand, and Kris Gaj George
More informationHOST Cryptography III ECE 525 ECE UNM 1 (1/18/18)
AES Block Cipher Blockciphers are central tool in the design of protocols for shared-key cryptography What is a blockcipher? It is a function E of parameters k and n that maps { 0, 1} k { 0, 1} n { 0,
More informationAES Core Specification. Author: Homer Hsing
AES Core Specification Author: Homer Hsing homer.hsing@gmail.com Rev. 0.1.1 October 30, 2012 This page has been intentionally left blank. www.opencores.org Rev 0.1.1 ii Revision History Rev. Date Author
More informationDIAC 2015, Sept, Singapore
π-cipher V2.0 Danilo Gligoroski, ITEM, NTNU, Norway Hristina Mihajloska, FCSE, UKIM, Macedonia Simona Samardjiska, FCSE, UKIM, Macedonia Håkon Jacobsen, ITEM, NTNU, Norway Mohamed El-Hadedy, University
More informationCAESAR Hardware API. Ekawat Homsirikamol, William Diehl, Ahmed Ferozpuri, Farnoud Farahmand, Panasayya Yalla, Jens-Peter Kaps, and Kris Gaj
CAESAR Hardware API Ekawat Homsirikamol, William Diehl, Ahmed Ferozpuri, Farnoud Farahmand, Panasayya Yalla, Jens-Peter Kaps, and Kris Gaj Cryptographic Engineering Research Group George Mason University
More informationImplementation and Comparative Analysis of AES as a Stream Cipher
Implementation and Comparative Analysis of AES as a Stream Cipher Bin ZHOU, Yingning Peng Dept. of Electronic Engineering, Tsinghua University, Beijing, China, 100084 e-mail: zhoubin06@mails.tsinghua.edu.cn
More informationOn authenticated encryption and the CAESAR competition
On authenticated encryption and the CAESAR competition Joan Daemen STMicroelectronics and Radboud University Crypto summer school 2015 Šibenik, Croatia, May 31 - June 5, 2015 1 / 39 What is authenticated
More informationAdvanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50
Advanced Encryption Standard and Modes of Operation Foundations of Cryptography - AES pp. 1 / 50 AES Advanced Encryption Standard (AES) is a symmetric cryptographic algorithm AES has been originally requested
More informationLecture 2: Secret Key Cryptography
T-79.159 Cryptography and Data Security Lecture 2: Secret Key Cryptography Helger Lipmaa Helsinki University of Technology helger@tcs.hut.fi 1 Reminder: Communication Model Adversary Eve Cipher, Encryption
More informationDocumentation. Design File Formats. Constraints Files. Verification. Slices 1 IOB 2 GCLK BRAM
DES and DES3 Encryption Engine (MC-XIL-DES) May 19, 2008 Product Specification AllianceCORE Facts 10805 Rancho Bernardo Road Suite 110 San Diego, California 92127 USA Phone: (858) 385-7652 Fax: (858) 385-7770
More informationECE 545 Lecture 8b. Hardware Architectures of Secret-Key Block Ciphers and Hash Functions. George Mason University
ECE 545 Lecture 8b Hardware Architectures of Secret-Key Block Ciphers and Hash Functions George Mason University Recommended reading K. Gaj and P. Chodowiec, FPGA and ASIC Implementations of AES, Chapter
More informationLecture 2B. RTL Design Methodology. Transition from Pseudocode & Interface to a Corresponding Block Diagram
Lecture 2B RTL Design Methodology Transition from Pseudocode & Interface to a Corresponding Block Diagram Structure of a Typical Digital Data Inputs Datapath (Execution Unit) Data Outputs System Control
More informationThe road from Panama to Keccak via RadioGatún
The road from Panama to Keccak via RadioGatún Guido Bertoni 1, Joan Daemen 1, Michaël Peeters 2 and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Abstract. In this paper, we explain the
More informationGMU Hardware API for Authen4cated Ciphers
GMU Hardware API for Authen4cated Ciphers Ekawat Homsirikamol, William Diehl, Ahmed Ferozpuri, Farnoud Farahmand, Malik Umar Sharif, and Kris Gaj George Mason University USA http:/cryptography.gmu.edu
More informationH must be collision (2n/2 function calls), 2nd-preimage (2n function calls) and preimage resistant (2n function calls)
What is a hash function? mapping of: {0, 1} {0, 1} n H must be collision (2n/2 function calls), 2nd-preimage (2n function calls) and preimage resistant (2n function calls) The Merkle-Damgård algorithm
More informationComparison of the Hardware Performance of the AES Candidates Using Reconfigurable Hardware
Comparison of the Hardware Performance of the AES Candidates Using Reconfigurable Hardware Master s Thesis Pawel Chodowiec MS CpE Candidate, ECE George Mason University Advisor: Dr. Kris Gaj, ECE George
More informationBlockcipher-based Authentcated Encryption: How Small Can We Go? CHES 2017, Taipei, Taiwan
Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (NTT Secure Platform laboratories, Japan) Tetsu Iwata (Nagoya University, Japan) Kazuhiko Minematsu (NEC Corporation, Japan)
More informationBlock Ciphers. Secure Software Systems
1 Block Ciphers 2 Block Cipher Encryption function E C = E(k, P) Decryption function D P = D(k, C) Symmetric-key encryption Same key is used for both encryption and decryption Operates not bit-by-bit but
More informationPushing the Limits of SHA-3 Hardware Implementations to Fit on RFID
Motivation Keccak Our Designs Results Comparison Conclusions 1 / 24 Pushing the Limits of SHA-3 Hardware Implementations to Fit on RFID Peter Pessl and Michael Hutter Motivation Keccak Our Designs Results
More informationPermutation-based Authenticated Encryption
Permutation-based Authenticated Encryption Gilles Van Assche 1 1 STMicroelectronics COST Training School on Symmetric Cryptography and Blockchain Torremolinos, Spain, February 2018 1 / 44 Outline 1 Why
More informationImplementation of Full -Parallelism AES Encryption and Decryption
Implementation of Full -Parallelism AES Encryption and Decryption M.Anto Merline M.E-Commuication Systems, ECE Department K.Ramakrishnan College of Engineering-Samayapuram, Trichy. Abstract-Advanced Encryption
More informationHardware Accelerator for Stream Cipher Spritz
Hardware Accelerator for Stream Cipher Spritz by Debjyoti Bhattacharjee and Anupam Chattopadhyay School of Computer Science and Engineering (SCSE) 26-July-2016 Debjyoti Bhattacharjee and Anupam Chattopadhyay,
More informationAEGIS. A Fast Authenticated Encryption Algorithm. Nanyang Technological University KU Leuven and iminds DIAC 2014 AEGIS 1
AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu Bart Preneel Nanyang Technological University KU Leuven and iminds 1 AEGIS: A shield carried by Athena and Zeus 2 Different Design Approaches:
More informationOCB3 Block Specification
OCB3 Block Specification Version 1.0.07.04.2010 By Tariq Bashir Ahmad Supervisors: Guy Hutchison Professor Phillip Rogaway 1 1 Introduction and Overview OCB3 (Offset Code Book 3) is an authenticated encryption
More informationHardware Implementation of Cryptosystem by AES Algorithm Using FPGA
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology ISSN 2320 088X IMPACT FACTOR: 6.017 IJCSMC,
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Secret Key Cryptography Block cipher DES 3DES
More informationOn the parallelization of slice-based Keccak implementations on Xilinx FPGAs
On the parallelization of slice-based Keccak implementations on Xilinx FPGAs Jori Winderickx, Joan Daemen and Nele Mentens KU Leuven, ESAT/COSIC & iminds, Leuven, Belgium STMicroelectronics Belgium & Radboud
More informationCompact Dual Block AES core on FPGA for CCM Protocol
Compact Dual Block AES core on FPGA for CCM Protocol João Carlos C. Resende Ricardo Chaves 1 Compact Dual Block AES core on FPGA for CCM Protocol João CC Resende & Ricardo Chaves Outline Introduction &
More informationLUTs. Block RAMs. Instantiation. Additional Items. Xilinx Implementation Tools. Verification. Simulation
0 PCI Arbiter (v1.00a) DS495 April 8, 2009 0 0 Introduction The PCI Arbiter provides arbitration for two to eight PCI master agents. Parametric selection determines the number of masters competing for
More informationBenchmarking of Cryptographic Algorithms in Hardware. Ekawat Homsirikamol & Kris Gaj George Mason University USA
Benchmarking of Cryptographic Algorithms in Hardware Ekawat Homsirikamol & Kris Gaj George Mason University USA 1 Co-Author Ekawat Homsirikamol a.k.a Ice Working on the PhD Thesis entitled A New Approach
More informationFPGA BASED CRYPTOGRAPHY FOR INTERNET SECURITY
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 4, Issue. 10, October 2015,
More informationArea Optimization in Masked Advanced Encryption Standard
IOSR Journal of Engineering (IOSRJEN) ISSN (e): 2250-3021, ISSN (p): 2278-8719 Vol. 04, Issue 06 (June. 2014), V1 PP 25-29 www.iosrjen.org Area Optimization in Masked Advanced Encryption Standard R.Vijayabhasker,
More informationEfficient FPGA Implementations of PRINT CIPHER
Efficient FPGA Implementations of PRINT CIPHER 1 Tadashi Okabe Information Technology Group Tokyo Metropolitan Industrial Technology Research Institute, Tokyo, Japan Abstract This article presents field
More informationLecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS
Lecture 5 Cryptographic Hash Functions Read: Chapter 5 in KPS 1 Purpose CHF one of the most important tools in modern cryptography and security CHF-s are used for many authentication, integrity, digital
More informationEfficient Hardware Design and Implementation of AES Cryptosystem
Efficient Hardware Design and Implementation of AES Cryptosystem PRAVIN B. GHEWARI 1 MRS. JAYMALA K. PATIL 1 AMIT B. CHOUGULE 2 1 Department of Electronics & Telecommunication 2 Department of Computer
More informationECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos
ECE596C: Handout #7 Analysis of DES and the AES Standard Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract. In this lecture we analyze the security properties of DES and
More information128 Bit ECB-AES Crypto Core Design using Rijndeal Algorithm for Secure Communication
IJSRD - International Journal for Scientific Research & Development Vol. 2, Issue 03, 2014 ISSN (online): 2321-0613 128 Bit ECB-AES Crypto Core Design using Rijndeal Algorithm for Secure Communication
More informationRC6 Implementation including key scheduling using FPGA
ECE 646, HI-3 1 RC6 Implementation including key scheduling using FPGA (ECE 646 Project, December 2006) Fouad Ramia, Hunar Qadir, GMU Abstract with today's great demand for secure communications systems,
More informationPermutation-based symmetric cryptography
Permutation-based symmetric cryptography Guido Bertoni 1 Joan Daemen 1 Michaël Peeters 2 Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Keccak & SHA-3 Day Université Libre de Bruxelles March
More informationDesign of an Efficient Architecture for Advanced Encryption Standard Algorithm Using Systolic Structures
Design of an Efficient Architecture for Advanced Encryption Standard Algorithm Using Systolic Structures 1 Suresh Sharma, 2 T S B Sudarshan 1 Student, Computer Science & Engineering, IIT, Khragpur 2 Assistant
More informationData Encryption Standard (DES)
Data Encryption Standard (DES) Best-known symmetric cryptography method: DES 1973: Call for a public cryptographic algorithm standard for commercial purposes by the National Bureau of Standards Goals:
More informationImplementation of the block cipher Rijndael using Altera FPGA
Regular paper Implementation of the block cipher Rijndael using Altera FPGA Piotr Mroczkowski Abstract A short description of the block cipher Rijndael is presented. Hardware implementation by means of
More informationAES ALGORITHM FOR ENCRYPTION
Volume 02 - Issue 05 May 2016 PP. 63-68 AES ALGORITHM FOR ENCRYPTION Radhika D.Bajaj M.Tech VLSI G.H. Raisoni Institute of Engineering And Technology For Women, Nagpur. Dr. U.M. Gokhale Electronics and
More informationAEGIS. A Fast Authenticated Encryption Algorithm. Nanyang Technological University KU Leuven and iminds DIAC 2015 AEGIS 1
AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu Bart Preneel Nanyang Technological University KU Leuven and iminds 1 AEGIS: A shield carried by Athena and Zeus 2 Different Design Approaches:
More informationLightweight Implementations of SHA-3 Candidates on FPGAs
Lightweight of SHA-3 Candidates on FPGAs Jens-Peter Kaps Panasayya Yalla Kishore Kumar Surapathi Bilal Habib Susheel Vadlamudi Smriti Gurung John Pham Cryptographic Engineering Research Group (CERG) http://cryptography.gmu.edu
More information3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some
3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption
More informationLow-Area Implementations of SHA-3 Candidates
Jens-Peter Cryptographic Engineering Research Group (CERG) http://cryptography.gmu.edu Department of ECE, Volgenau School of IT&E, George Mason University, Fairfax, VA, USA SHA-3 Project Review Meeting
More informationSecret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34
Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used for both encryption and decryption.
More informationHardware Implementation of the Code-based Key Encapsulation Mechanism using Dyadic GS Codes (DAGS)
Hardware Implementation of the Code-based Key Encapsulation Mechanism using Dyadic GS Codes (DAGS) Viet Dang and Kris Gaj ECE Department George Mason University Fairfax, VA, USA Introduction to DAGS The
More informationAn Efficient FPGA Implementation of the Advanced Encryption Standard (AES) Algorithm Using S-Box
Volume 5 Issue 2 June 2017 ISSN: 2320-9984 (Online) International Journal of Modern Engineering & Management Research Website: www.ijmemr.org An Efficient FPGA Implementation of the Advanced Encryption
More informationDesign and Implementation of Rijndael Encryption Algorithm Based on FPGA
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 2, Issue. 9, September 2013,
More informationIntroduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers
Introduction to Modern Cryptography Lecture 2 Symmetric Encryption: Stream & Block Ciphers Stream Ciphers Start with a secret key ( seed ) Generate a keying stream i-th bit/byte of keying stream is a function
More informationA High-Speed Unified Hardware Architecture for AES and the SHA-3 Candidate Grøstl
A High-Speed Unified Hardware Architecture for AES and the SHA-3 Candidate Grøstl Marcin Rogawski Kris Gaj Cryptographic Engineering Research Group (CERG) http://cryptography.gmu.edu Department of ECE,
More informationA High-Performance VLSI Architecture for Advanced Encryption Standard (AES) Algorithm
A High-Performance VLSI Architecture for Advanced Encryption Standard (AES) Algorithm N. M. Kosaraju, M. Varanasi & Saraju P. Mohanty VLSI Design and CAD Laboratory Homepage: http://www.vdcl.cse.unt.edu
More informationCryptographic Algorithms - AES
Areas for Discussion Cryptographic Algorithms - AES CNPA - Network Security Joseph Spring Department of Computer Science Advanced Encryption Standard 1 Motivation Contenders Finalists AES Design Feistel
More informationAscon v1.2. Submission to the CAESAR Competition. Christoph Dobraunig, Maria Eichlseder, Florian Mendel, Martin Schläffer
Ascon v1.2 Submission to the CAESAR Competition Christoph Dobraunig, Maria Eichlseder, Florian Mendel, Martin Schläffer Institute for Applied Information Processing and Communications Graz University of
More informationFast implementation and fair comparison of the final candidates for Advanced Encryption Standard using Field Programmable Gate Arrays
Kris Gaj and Pawel Chodowiec Electrical and Computer Engineering George Mason University Fast implementation and fair comparison of the final candidates for Advanced Encryption Standard using Field Programmable
More informationIntegral Cryptanalysis of the BSPN Block Cipher
Integral Cryptanalysis of the BSPN Block Cipher Howard Heys Department of Electrical and Computer Engineering Memorial University hheys@mun.ca Abstract In this paper, we investigate the application of
More informationDaniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven
Goals of authenticated encryption Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven More details, credits: competitions.cr.yp.to /features.html Encryption sender
More informationSecret Key Algorithms (DES)
Secret Key Algorithms (DES) G. Bertoni L. Breveglieri Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used
More informationUsing Error Detection Codes to detect fault attacks on Symmetric Key Ciphers
Using Error Detection Codes to detect fault attacks on Symmetric Key Ciphers Israel Koren Department of Electrical and Computer Engineering Univ. of Massachusetts, Amherst, MA collaborating with Luca Breveglieri,
More informationFault Injection Test Bed for Clock Violation
Fault Injection Test Bed for Clock Violation E. Kavitha P.S. Indrani M. J. C. Prasad Abstract: In this paper, the International Data Encryption (IDEA) algorithm synthesis models will be used as test encryption
More informationAdvanced WG and MOWG Stream Cipher with Secured Initial vector
International Journal of Scientific and Research Publications, Volume 5, Issue 12, December 2015 471 Advanced WG and MOWG Stream Cipher with Secured Initial vector Dijomol Alias Pursuing M.Tech in VLSI
More informationKeccak discussion. Soham Sadhu. January 9, 2012
Keccak discussion Soham Sadhu January 9, 2012 Keccak (pronounced like Ketchak ) is a cryptographic hash function designed by Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche. Keccak is
More informationCompact Hardware Implementations of ChaCha, BLAKE, Threefish, and Skein on FPGA
Compact Hardware Implementations of ChaCha, BLAKE, Threefish, and Skein on FPGA Nuray At, Jean-Luc Beuchat, Eiji Okamoto, İsmail San, and Teppei Yamazaki Department of Electrical and Electronics Engineering,
More informationBus Matrix Synthesis Based On Steiner Graphs for Power Efficient System on Chip Communications
Bus Matrix Synthesis Based On Steiner Graphs for Power Efficient System on Chip Communications M.Jasmin Assistant Professor, Department Of ECE, Bharath University, Chennai,India ABSTRACT: Power consumption
More informationLow area implementation of AES ECB on FPGA
Total AddRoundkey_3 MixCollumns AddRoundkey_ ShiftRows SubBytes 1 Low area implementation of AES ECB on FPGA Abstract This project aimed to create a low area implementation of the Rajindael cipher (AES)
More informationA Novel FPGA Implementation of AES-128 using Reduced Residue of Prime Numbers based S-Box
IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.9, September 2009 305 A Novel FPGA Implementation of AES-128 using Reduced Residue of Prime Numbers based S-Box Muhammad
More informationCryptography Functions
Cryptography Functions Lecture 3 1/29/2013 References: Chapter 2-3 Network Security: Private Communication in a Public World, Kaufman, Perlman, Speciner Types of Cryptographic Functions Secret (Symmetric)
More informationPARALLEL ANALYSIS OF THE RIJNDAEL BLOCK CIPHER
PARALLEL ANALYSIS OF THE RIJNDAEL BLOCK CIPHER Philip Brisk, Adam Kaplan, Majid Sarrafzadeh Computer Science Department, University of California Los Angeles 3532C Boelter Hall, Los Angeles, CA 90095-1596
More informationDelineation of Trivial PGP Security
IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661,p-ISSN: 2278-8727, Volume 20, Issue 3, Ver. I (May. - June. 2018), PP 17-23 www.iosrjournals.org Delineation of Trivial PGP Security Mr.
More informationBenchmarking of Round 2 CAESAR Candidates in Hardware: Methodology, Designs & Results
Benchmarking of Round 2 CAESAR Candidates in Hardware: Methodology, Designs & Results Ekawat Homsirikamol, Panasayya Yalla, Ahmed Ferozpuri, William Diehl, Farnoud Farahmand, Michael X. Lyons, and Kris
More informationAEGIS. A Fast Authenticated Encryption Algorithm. Nanyang Technological University KU Leuven and iminds DIAC 2016 AEGIS 1
AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu Bart Preneel Nanyang Technological University KU Leuven and iminds DIAC 2016 AEGIS 1 AEGIS: A shield carried by Athena and Zeus DIAC 2016 AEGIS
More informationHigh-Speed Hardware for NTRUEncrypt-SVES: Lessons Learned Malik Umar Sharif, and Kris Gaj George Mason University USA
High-Speed Hardware for NTRUEncrypt-SVES: Lessons Learned Malik Umar Sharif, and Kris Gaj George Mason University USA Partially supported by NIST under grant no. 60NANB15D058 1 Co-Author Malik Umar Sharif
More informationHardware RSA Accelerator. Group 3: Ariel Anders, Timur Balbekov, Neil Forrester
Hardware RSA Accelerator Group 3: Ariel Anders, Timur Balbekov, Neil Forrester May 15, 2013 Contents 1 Background 1 1.1 RSA Algorithm.......................... 1 1.1.1 Definition of Variables for the RSA
More informationPrøst v1.1. Designers/Submitters. Elif Bilge Kavun 1 Martin M. Lauridsen 2 Gregor Leander 1 Christian Rechberger 2 Peter Schwabe 3.
Prøst v1.1 Designers/Submitters Elif Bilge Kavun 1 Martin M. Lauridsen 2 Gregor Leander 1 Christian Rechberger 2 Peter Schwabe 3 Tolga Yalçın 4 Affiliations 1 Horst Görtz Institute for IT-Security, Ruhr
More informationFast implementations of secret-key block ciphers using mixed inner- and outer-round pipelining
Pawel Chodowiec, Po Khuon, Kris Gaj Electrical and Computer Engineering George Mason University Fast implementations of secret-key block ciphers using mixed inner- and outer-round pipelining http://ece.gmu.edu/crypto-text.htm
More informationEfficient Hardware Realization of Advanced Encryption Standard Algorithm using Virtex-5 FPGA
IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.9, September 2009 59 Efficient Hardware Realization of Advanced Encryption Standard Algorithm using Virtex-5 FPGA Muhammad
More informationA j-lanes tree hashing mode and j-lanes SHA-256
A j-lanes tree hashing mode and j-lanes SHA-5 Shay Gueron 1, 1 Department of Mathematics, University of Haifa, Israel Intel Corporation, Israel Development Center, Haifa, Israel August 1, Abstract. j-lanes
More informationEncryption / decryption system. Fig.1. Block diagram of Hummingbird
801 Lightweight VLSI Design of Hybrid Hummingbird Cryptographic Algorithm NIKITA ARORA 1, YOGITA GIGRAS 2 12 Department of Computer Science, ITM University, Gurgaon, INDIA 1 nikita.0012@gmail.com, 2 gigras.yogita@gmail.com
More informationOn Optimized FPGA Implementations of the SHA-3 Candidate Grøstl
On Optimized FPGA Implementations of the SHA-3 Candidate Grøstl Bernhard Jungk, Steffen Reith, and Jürgen Apfelbeck Fachhochschule Wiesbaden University of Applied Sciences {jungk reith}@informatik.fh-wiesbaden.de
More informationElastic Block Ciphers: The Feistel Cipher Case
Elastic Block Ciphers: The Feistel Cipher Case Debra L. Cook Moti Yung Angelos D. Keromytis Department of Computer Science Columbia University, New York, NY dcook,moti,angelos @cs.columbia.edu Technical
More informationENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel
(a) Introduction - recall symmetric key cipher: III. BLOCK CIPHERS k Symmetric Key Cryptography k x e k y yʹ d k xʹ insecure channel Symmetric Key Ciphers same key used for encryption and decryption two
More informationSymmetric Key Algorithms. Definition. A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting.
Symmetric Key Algorithms Definition A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting. 1 Block cipher and stream cipher There are two main families
More informationAES Advanced Encryption Standard
AES Advanced Encryption Standard AES is iterated block cipher that supports block sizes of 128-bits and key sizes of 128, 192, and 256 bits. The AES finalist candidate algorithms were MARS, RC6, Rijndael,
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 5a January 29, 2013 CPSC 467b, Lecture 5a 1/37 Advanced Encryption Standard AES Alternatives CPSC 467b,
More informationBlock Ciphers Tutorial. c Eli Biham - May 3, Block Ciphers Tutorial (5)
Block Ciphers Tutorial c Eli Biham - May 3, 2005 146 Block Ciphers Tutorial (5) A Known Plaintext Attack on 1-Round DES After removing the permutations IP and FP we get: L R 48 K=? F L R c Eli Biham -
More informationBlock Ciphers and Data Encryption Standard. CSS Security and Cryptography
Block Ciphers and Data Encryption Standard CSS 322 - Security and Cryptography Contents Block Cipher Principles Feistel Structure for Block Ciphers DES Simplified DES Real DES DES Design Issues CSS 322
More informationCryptography and Network Security Block Ciphers + DES. Lectured by Nguyễn Đức Thái
Cryptography and Network Security Block Ciphers + DES Lectured by Nguyễn Đức Thái Outline Block Cipher Principles Feistel Ciphers The Data Encryption Standard (DES) (Contents can be found in Chapter 3,
More informationFPGA Implementation and Evaluation of lightweight block cipher - BORON
FPGA Implementation and Evaluation of lightweight block cipher - BORON 1 Tadashi Okabe 1 Information Technology Group, Tokyo Metropolitan Industrial Technology Research Institute, Tokyo, Japan Abstract
More informationVLSI ARCHITECTURE FOR NANO WIRE BASED ADVANCED ENCRYPTION STANDARD (AES) WITH THE EFFICIENT MULTIPLICATIVE INVERSE UNIT
VLSI ARCHITECTURE FOR NANO WIRE BASED ADVANCED ENCRYPTION STANDARD (AES) WITH THE EFFICIENT MULTIPLICATIVE INVERSE UNIT K.Sandyarani 1 and P. Nirmal Kumar 2 1 Research Scholar, Department of ECE, Sathyabama
More informationComputer and Data Security. Lecture 3 Block cipher and DES
Computer and Data Security Lecture 3 Block cipher and DES Stream Ciphers l Encrypts a digital data stream one bit or one byte at a time l One time pad is example; but practical limitations l Typical approach
More informationECE 646 Lecture 8. Modes of operation of block ciphers
ECE 646 Lecture 8 Modes of operation of block ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5 th and 6 th Edition, Chapter 6 Block Cipher Operation II. A. Menezes, P.
More informationCourse Business. Midterm is on March 1. Final Exam is Monday, May 1 (7 PM) Allowed to bring one index card (double sided) Location: Right here
Course Business Midterm is on March 1 Allowed to bring one index card (double sided) Final Exam is Monday, May 1 (7 PM) Location: Right here 1 Cryptography CS 555 Topic 18: AES, Differential Cryptanalysis,
More informationUpdates on CLOC and SILC Version 3
Updates on CLOC and SILC Version 3 Tetsu Iwata*, Kazuhiko Minematsu, Jian Guo, Sumio Morioka, and Eita Kobayashi DIAC 2016 September 26, 2016, Nagoya, Japan * Supported in part by JSPS KAKENHI, Grant in
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 5 January 23, 2012 CPSC 467b, Lecture 5 1/35 Advanced Encryption Standard AES Alternatives CPSC 467b,
More information