SLICED: Slide-based concurrent error detection technique for symmetric block ciphers
|
|
- Stanley Edwards
- 5 years ago
- Views:
Transcription
1 SLICED: Slide-based concurrent error detection technique for symmetric block ciphers Abstract Fault attacks, wherein faults are deliberately injected into cryptographic devices, can compromise their security. Moreover, in the emerging nanometer regime of VLSI, accidental faults will occur at very high rates. While straightforward hardware redundancy based concurrent error detection (CED) can detect transient and permanent faults, it entails 100% area overhead. On the other hand, time redundancy based CED can only detect transient faults with minimum area overhead but entails 100% time overhead. In this paper we present a general time redundancy based CED technique called SLICED for pipelined implementations of symmetric block cipher. SLICED SLIdes one encryption over another and compares their results for CED as a basis for protection against accidental faults and deliberate fault attacks. Keywords: Concurrent Error Detection (CED), Fault Tolerance, Symmetric block ciphers, Sliding, Cryptography. I. INTRODUCTION Fault diagnosis and tolerance are important requirements for sensitive devices such as hardware and software implementations of cryptographic primitives for two reasons: First, in the emerging nanometer regime of VLSI, accidental faults will occur at very high rates. Second, faults are being deliberately injected into cryptographic devices to compromise their security [1] [2] [3] [4]. Duplication in hardware and duplication in time are the most straightforward methods of performing CED. In hardware duplication, two copies of hardware are used to perform the same computation on the same data. At the end of each computation, the results are compared and any discrepancy is reported as an error. This technique has minimum error detection latency and it can detect both transient and permanent faults. A drawback of this technique is that it entails over 100% hardware overhead. In time duplication, the same hardware is used to perform both the normal and the re-computation using the same input data. This technique uses minimum hardware. The drawbacks of this technique are that it entails over 100% time overhead and it can only detect transient faults [5] [6]. Until now many CED methods for cryptographic algorithms have been proposed. In [7], a CED approach for Advanced Encryption Standard (AES) and other symmetric block ciphers, that exploits the inverse relationship between the encryption and decryption at the algorithm, round and individual operation levels, was developed. A drawback of this approach is that it assumes that the cipher device operates in a half-duplex mode (i.e. either encryption or decryption but both are not simultaneously active). In [8], a parity-based CED method is presented. This technique adds one additional parity bit per byte resulting in 16 additional bits for the 128-bit data stream. Each of the sixteen 8-bit 8-bit AES s-boxes is modified into 8-bit 9-bit s-boxes. In addition, this technique adds an extra parity bit per byte to the outputs of the Mix- Column operation, as Mix-Column does not preserve parity. There are also parity based CED techniques in [9] [11]. The main contribution of this paper is using a fault attack concept for CED. Slide-based concurrent error detection (SLICED) is a time-redundancy-based CED technique, targeting pipelined implementations of symmetric block ciphers. SLICED is based on the slide attack on symmetric block ciphers proposed by Biryukov and Wagner in [5]. SLICED slides one encryption over another and compares their results. It can detect permanent and most transient faults. Furthermore, the SLICED technique is independent of the nature of S- box implementation. Transformation in an AES round twice for the same data is reported in [12]. The multiplication scheme presented in [13] is dependent on the type of S-box implementation. A CED using merging S-box and inverse S- box in reported in [14]. More recently, a new scheme detecting faults in S-box and inverse S-box is proposed in [15]. Section II will recapitulate the pipelined implementation of symmetric block ciphers and their applications. In III, the Slide attack is described which is the motivation for this work. In section IV, we will describe the SLICED techniques and the architectures to detect all transient and permanent faults. To obtain the area overhead and time overhead of SLICED, we modeled SLICED AES using VHDL and synthesized these designs using the Cadence RTL compiler synthesis tool for ASIC implementation and synthesized these designs using the Xilinx synthesize tool for FPGA (Virtex-4) implementation. The results of these implementations are presented in section V. Section VI presents the conclusion along with the future work. II. COUNTER MODE AND ELECTRONIC CODE BOOK OPERATION FOR SYMMETRIC BLOCK CIPHERS Symmetric block ciphers can be used either in the feedback modes (Cipher block chaining, Output cipher block, Output feedback) or in the non-feedback modes (Electronic code book and Counter). When a symmetric block cipher is used in one of its feedback modes, its hardware speed is limited by the maximal rate at which the block cipher can compute. This is because it must complete one encryption before it can start the next encryption. In contrast the non-feedback electronic codebook and counter modes can be pipelined and are completely parallelizable /10/$26.00 c 2010 IEEE 70
2 (a) Fig. 1: Pipelined implementation of a symmetric block cipher in (a) ECB mode and (b) Counter mode When a symmetric block cipher is used in the counter mode it essentially operates as a stream cipher. Encryption of a plain text M with a secret key K is done using an n-bit counter ctr. The cipher text is (ctr, C) where C is the exclusive-or of M and the first M bits of E K (ctr), where E K (X) denote encipherment of an n-bit block X using a key K and a block cipher E. Decryption in the counter mode is performed by exclusive-or ing C with the first M bits of E K (ctr). Obviously, the counter mode encryption and decryption can be pipelined and are fully parallelizable; several blocks can be encrypted at the same time and the depth of pipeline is constrained only by the amount of available hardware. The counter mode is used in applications where it needs high throughput and where high security is needed. Counter mode has significant efficiency advantages over other encryption modes without reducing security. The electronic code book (ECB) mode is also parallelizable. The ECB mode is used in applications where it needs high throughput. In this paper we will focus on pipelined implementations. The counter mode encryption and decryption depends only on the underlying block cipher encryption. Consequently, the block cipher decryption and the associated round key generation need not be implemented. This further simplifies the implementation. Extremely high-speed implementations of symmetric block ciphers in counter mode have been proposed and implemented [16] [17] [18]. In this paper, we implemented ECB based AES. But the SLICED technique is also applicable to counter mode AES and ECB mode AES. The SLICED technique is also applicable to other symmetric block ciphers. Figure 1 (a) shows an r-stage pipelined architecture for ECB mode encryption and Figure 1 (b) shows the counter mode. REG indicates the inter-stage register to hold the intermediate values. In the ECB mode, as shown in Figure 1 (a), the plain text is fed as the input to the encryption algorithm and the cipher text is obtained at the end of the r cipher rounds. On the other hand as shown in Figure 1 (b), in Counter mode, the (b) input to the encryption algorithm is the value of the counter output. At the end of r cipher rounds, the encrypted value of the counter is obtained. This encrypted value is simply XORed with the plain text to obtain the corresponding cipher text. For simplicity of explanation in the rest of the paper, we do not consider the pre- round, which is different from the remaining rounds, the key-generation and the counter modules. We will also assume that each round operation takes one clock cycle. Since all rounds are identical in a symmetric block cipher encryption, all hardware stages in the ECB mode pipeline are identical. The round functionality implemented by a stage in the pipeline, differs from the round function implemented by any other stage, only by the round key used in the key mixing function (except the 10 th round which does not have Mix- Column operation). Based on this observation, we propose a simple time redundancy based CED technique that can detect both permanent and transient faults in such pipelines. III. SLIDE BASED CED FOR SYMMETRIC BLOCK CIPHERS (SLICED) In this section, we will first describe the Slide attack, which is the motivation for the SLICED mechanism. A. Slide attack Biryukov and Wagner proposed the Slide attack against symmetric block ciphers in [5]. The Slide attack exploits the self-similarity property of symmetric block ciphers i.e., the fact that the cipher text is a result of identical transformation rounds. The attack can be illustrated by sliding the encryption of a plain text P 1 against the encryption of another plain text P 2 using the same user key as shown below. R (x,y) stands for performing round x while encrypting the y th plain text and Ci (x,y) stands for intermediate cipher text after performing encryption round x on y th plain text. P 1 R (1,1) R (2,1) R (3,1) R (r,1) C 1 P 2 R (1,2) R (2,2) R (3,2) R (r,2) C 2 The key observation to performing a Slide attack is that if P 2 = Ci (1,1) i.e., the plain text 2 is the intermediate cipher text after performing round 1 on plain text P 1, then, Ci r,2 = Ci (r+1,1), i.e., the intermediate cipher text after performing round r on plain text P 2 and the intermediate cipher text after performing round r +1 on plain text P 1 are equal. For simplicity, let us call Ci (r+1,1) as Ci (C1,1). For the slide attack to work, Ci (r+1,1) or Ci (C1,1) should be equal to C 2. Biryukov and Wagner call the values (P 1,C 1 ) and (P 2,C 2 ) a slid pair of plain texts and cipher texts if P 2 = Ci (1,1) and C 2 = Ci (C1,1). We refer the encryption of the plain text P 2 as slid encryption. The key to this attack is finding such slid pairs. If K 1 and K r are the round keys for round R 1 and round R r respectively, slid pairs enable the attacker to solve the following two equations to extract the round keys K 1 and K r. Ci (1,1) = P 2 Ci (C1,1) = C IEEE International Symposium on Hardware-Oriented Security and Trust (HOST) 71
3 While Biryukov and Wagner used sliding to attack symmetric block ciphers, we propose to use the sliding to strengthen the hardware implementation of any symmetric block cipher against fault-based attacks. IV. BASIC SLICED AND MODIFIED SLICED ARCHITECTURES A. Key idea The key idea that we adapt from the slide attack is sliding one encryption against another. We modify the pipeline architecture to perform two encryptions (a normal encryption and a slid encryption) in a pipelined manner using the same plain text and the same user key obtain two cipher texts. If these cipher texts are identical, then there is no fault in the pipeline, otherwise, a fault is detected. We call this SLIdingbased CED technique as SLICED. The SLICED mechanism is independent of the implementation scheme of round operations of the symmetric block cipher such as Shift-Rows and Mixcolumn. B. Basic SLICED The basic SLICED pipeline architecture shown in Figure 2 slides one encryption over the other using the extra multiplexers. Although the normal and the slid encryptions operate on the same plain text and use the same key, in this architecture all the round operations in the slid encryption and the corresponding round operations in the normal encryption are performed on different stages of the hardware. resulting cipher texts are compared with a mismatch indicating a fault in the pipeline. Fig. 3: Pipelined operation of the SLICED architecture from Figure 2. The solid arrow is the trajectory of the normal encryption and the dotted arrow is the trajectory of the slid encryption of 1st Plain text The path traversed by the 1st plain text for normal encryption is shown by a thick arrow and the path traversed by the 1st plain text for slid encryption is shown by a dotted arrow. While the unshaded cells in the Figure 3 indicate the round operations in the normal encryption, the shaded cells indicate the round operations in the slid encryption. R (x,y) stands for performing round x while encrypting the y th plain text. At the end of the 6th clock cycle, the encrypted value corresponding to normal encryption of the 1st plain text is obtained as the output of Stage 6. Similarly, at the end of the 6th clock cycle, the encrypted value corresponding to the slid encryption of the 1st plain text is obtained as the output of Stage 5. Since the round operations in the normal encryption and the corresponding round operations in the slid encryption are performed on different stages of hardware, permanent faults in the architecture can also be detected. Fig. 2: Pipelined implementation of a symmetric block cipher in the ECB mode to support SLICED For simplicity, we will consider a 6-stage pipeline operation as shown in Figure 3, but the same can be extended to 10-stage pipeline. In the normal encryption, Round 1 is performed on Stage 1, Round 2 also on Stage 2, Round 3 on Stage 3 and Round 4 on Stage 4, Round 5 on Stage 5 and Round 6 on Stage 6. In the slid encryption, Round 1 is performed on Stage 1, Round 2 on Stage 1, Round 3 on Stage 2 and Round 4 on Stage 3, Round 5 on Stage 4 and Round 6 on Stage 5. The Fig. 4: Pipelined architecture of a symmetric block cipher with modifications to support SLICED. This architecture can detect all faults in the pipeline. If we look carefully at the pipeline in Figure 3, we can observe that Round 1 is performed only once (on Stage 1) and IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)
4 its result is used for both the normal and the slid encryption. Thus, the transient faults in this unit cannot be detected but the permanent faults in this unit can be detected. A closer look at Figure 3 reveals that Stage 6 remains idle when Round 1 is performed during the normal encryption. In general, for an r- round cipher, Stage r remains idle when Round 1 is performed for the normal encryption. Hence, this can be used to perform Round 1 for the slid encryption. C. Modified SLICED architecture The architecture of basic SLICED is slightly modified so that the transient faults in all stages can be detected. This architecture is shown in Figure 4. In this modified architecture, Round 1 of the normal encryption is performed on Stage 1 while the Round 1 of the slid encryption is performed on Stage r. All round operations during the normal encryption and the corresponding round operations during the slid encryption are now performed on distinct stage hardware and hence, all permanent and transient faults in all stages in this modified pipeline are detected. Fig. 5: Pipelined operation of the modified SLICED architecture. The solid arrow is the trajectory of the normal encryption and the dotted arrow is the trajectory of the slid encryption of the 1 st Plain text The pipelined operation of this modified architecture is shown in Figure 5. Again, consider a 6-Stage pipeline. In the normal encryption, Round 1 is performed on Stage 1, Round 2 is performed on Stage 2, Round 3 is performed on Stage 3, Round 4 is performed on Stage 4, Round 5 is performed on Stage 5 and Round 6 is performed on Stage 6. In the slid encryption, Round 1 is now performed on Stage 6 by selecting the left input of multiplexer MUX 2. Round 2 is then performed on Stage 1 by selecting the left input of multiplexer MUX 1. Round 3 is performed on Stage 2,Round 4 is performed on Stage 3, Round 5 is performed on Stage 4 and Round 6 is performed on Stage 5. From this figure, it can be seen that all round operations in the normal encryption and the corresponding round operations in the slid encryption are performed on different stage hardware. All faults in this modified architecture can now be detected by comparing the two encrypted values obtained in the 6 th clock cycle at Stages 5 and 6 respectively. This modified architecture will not work if the number of stages is odd. This is because in this case, Stage r will not be idle when Round 1 is being performed on Stage 1. Since almost all symmetric block ciphers use an even number of rounds, this modified SLICED technique is applicable. TABLE I: Percentage overhead for the basic SLICED and modified SLICED AES for ASIC and FPGA implementations (Decrease is denoted by using - sign). ASIC FPGA Architecture Basic SLICED Modified SLICED Area 2.1% 2.3% Power 19.8% 2.61% Max. Freq % % Throughput -50% -50% No. of slices -6.77% -6.50% No. of 4 input LUTs 4.13% 7.58% Max. Freq. -15% % V. IMPLEMENTATION BASED VALIDATION We used the popular symmetric block cipher Advanced Encryption Standard (AES) to evaluate SLICED. We evaluated both the ASIC and the FPGA implementations. A. Overview of AES AES [19] is a symmetric block cipher with a data block length of 128 bits. The key block length can be 128, 192 and 256 bits. In this paper, we will consider a key block length of 128 bits. The AES algorithm encrypts a 128-bit input plain text into a 128-bit output cipher text using a 128 bit user key (for a 128-bit key length the total number of rounds is 10, whereas for the 192-bit and 256-bit key length the number of rounds are 12 and 14 respectively). The algorithm uses 10 almost identical iterative rounds. The concurrent error checking described in this paper is applicable to other key block lengths of AES as well. Each round consists of the following four steps: Sub- Bytes, Shift-Rows, Mix-Column, and Add-key. In the last round the Mix-Column step is not used. B. Experimental set-up We modeled the basic ECB-mode based AES using with VHDL. For ASIC evaluation, we synthesized the VHDL code using OSU-45nm library and Cadence RTL Compiler for synthesis. Then we implemented the basic SLICED and the modified SLICED architecture for the ECB-mode based AES and synthesized them for the same technology library using Cadence RTL compiler. For FPGA evaluation, we synthesized the VHDL codes for Xilinx Virtex-4 (xc4vlx25) using Xilinx tools to get the results. C. Performance overhead Table I shows the details of the percentage overhead when compared to AES without any CED mechanism for both ASIC and FPGA implementations. Area (ASIC): It can be seen that the area increases due to the introduction of the 128-bit multiplexers and multiplexers for the round keys. Power (ASIC): Even though the power consumed in both the normal and SLICED mode is same, the user can tune the amount of energy that is spent on normal AES operation and on SLICED operation. For example, if the SLICED operation is applied on every plain text, then 50% of energy is spent on normal AES operation and 50% of energy is spent on SLICED operation. If the SLICED operation is applied on every ninth plain text, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST) 73
5 TABLE II: Comparison of previous CED mechanisms with the SLICED mechanisms Scheme %increase in slices Throughput (Gbps) Algorithm Tunable? (Energy, Throughput) Hardware redundancy 99.6% 14.6 All ciphers Yes [7] (algorithm-level) 127.7% 14.6 AES No [13] 37.9% 12.3 AES No [15] 21.7% 12.3 AES No Basic SLICED -6.8% a 20.5 b Pipelined symmetric block ciphers Yes Modified SLICED -6.5% a b Pipelined symmetric Yes a Activated for every plain text b Activated for every ninth plain text then 90% of energy is spent on normal operations. Hence, depending upon the users security requirements, one can tune the energy consumed by the normal and SLICED operations. Maximium Frequency (ASIC): The maximum frequency decreased for both basic SLICED and modified SLICED architectures because the critical path increased due to the introduction of multiplexers. Throughput (ASIC): In the extreme case, when SLICED is used to detect errors while encrypting each plain text, the throughput reduces by half. But, if SLICED is applied on every other plain text, then the throughput is reduced by a third. If SLICED is applied on every ninth plain text, then there is only a 10% reduction in throughput. Once again, the throughput can be tuned based on the users security needs. Number of Slices and look-up-tables (FPGA): It can be seen that the number of slices decreased. But the number of LUTs increased. Maximum frequency (FPGA): The decrease in the maximum frequency for FPGA implementation is high when compared to ASIC implementation. This is because, the multiplexers in the critical path are mapped to LUTs within the same slice and so the increase in delay due to the introduction of multiplexer is low. Delay in FPGA is mostly due to interconnection delay. D. Comparison with previous work We also compared the SLICED mechanism with some of the other previous CED mechanisms for FPGA implementation and the results are shown in table II. The percentage increase in number of slices and throughput of other CED schemes are obtained from [15]. Number of slices: It can be seen that the SLICED architectures occupy less number of slices than the other CED mechanisms. Applicability to different algorithms: SLICED is applicable to all pipelined symmetric block ciphers, while the previous CED mechanisms are either algorithm or architecture specific. Most of the CED mechanisms are based on the mathematical properties of the cryptographic algorithm. Hence, they are algorithm dependent. Throughput: Throughput for basic SLICED and modified SLICED are calculated by number of bits that can be encrypted per second. Since, the architecture is pipelined one can encrypt 128 bits per clock cycle in normal mode. If the SLICED operation is activated for every plain text, the 128 bits are encrypted per two clock cycle. If the SLICED operation is activated for ninth every plain text, the = 1152 bits are encrypted per ten clock cycle. Tunability for security and performance: The last column tells whether the energy and throughput can be tuned for different security and performance needs. For the proposed architectures, CED mechanism can be activated often for high security needs. The CED mechanism can be activated rarely for high performance needs. E. Fault Detection Capability The AES implementation with SLICED scheme has an error signal, which indicates whether the cipher text is faulty or not and the basic cipher text as output. All the possible combinations of the output cipher text and the error signal status are summarized in Table III. TABLE III: Possible combinations of output cipher text and the error signal Case Output cipher text Error signal Remark 1 Correct Not asserted Correct operation 2 Correct Asserted Bad CED scheme 3 Faulty Not asserted Fault not detected 4 Faulty Asserted Fault detected Case 1 occurs when the AES implementation operates correctly. Case 1 can also occur if a fault occurs in such a way that it does not affect the output cipher text i.e., the correct cipher text is obtained even in the presence of a fault. If there is no error in the output cipher text, but the error signal goes high (false-positive) then Case 2 occurs. For a well-designed CED technique, Case 2 will never occur. Case 3 occurs when there is an error in the output cipher text but the error signal is low (fault is not detected). In Case 4, there is an error in the output cipher text and the error signal goes high. The fault coverage of a CED scheme can hence be defined as the percentage of the faults that are detected by the CED technique when the output is faulty. So the fault coverage is only determined by, #Case4 F aultcoverage = #Case3+#Case4 Case 3 and Case 4 and can be calculated as: For example, consider a run of 1000 encryptions with faults injected into the AES implementation with CED in every run. Among the 1000 runs, consider that faulty outputs are obtained in 800 runs. Suppose that the error signal is asserted 600 times (which IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)
6 means that the faulty cipher text is detected), then number of occurrences of Case 3 is 600 and the number of occurrences of Case 4 is 200 resulting in fault coverage of 75%. In order to evaluate the error detection capability of the SLICED scheme, the architecture was modelled in VHDL. Single-bit stuck-at faults (both stuck-at-0 and stuck-at-1) were injected at RT level in the design, for every input used for testing. This was accomplished by adding a multiplexer with a fault injection control at the point of the fault insertion. The faults are injected only at the ten round operations. Faults are not injected in the key generation and pre-processing modules. Random input patterns were applied to basic SLICED and modified SLICED to obtain the fault coverage. Both the basic SLICED and the modified SLICED gave 100% fault coverage for single- bit permanent faults at RT level. VI. CONCLUSION AND FUTURE WORK We proposed a new CED mechanism based on the Slide attack. This mechanism is independent of the implementation scheme of the S-box. It can be applicable to all the symmetry block ciphers. It is applicable to both the encryption and decryption mechanisms. Two architectures have been proposed. In the first architecture all permanent and most transient faults can be detected. In the second architecture all permanent and transient faults can be detected. We then implemented the SLICED architectures to find their area, power, delay and throughput overheads for ASIC and also for FPGA implementations. The SLICED architectures have less area overhead than previous CED mechanisms. The fault coverage of the SLICED architectures are also evaluated. In the future works, we will work on reducing the delay overhead. We are adapting the SLICED architectures to diagnose faulty stages and to reconfigure around them. [9] G. Bertoni, L. Breveglieri, I. Koren, and P. Maistri, An efficient hardware-based fault diagnosis scheme for aes: performances and cost, Proceedings of IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems,, pp , Oct [10] L. Breveglieri, I. Koren, and P. Maistri, Incorporating error detection and online reconfiguration into a regular architecture for the advanced encryption standard, IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems, pp , Oct [11] R. Karri, G. Kuznetsov, and M. Goessel, Parity-based concurrent error detection in symmetric block ciphers, Proceedings of International Test Conference,, vol. 1, pp , Oct [12] T. G. Malkin, F.-X. St, and M. Yung, A comparative cost/security analysis of fault attack countermeasures, Second Workshop on Fault Detection and Tolerance in Cryptography, pp , Sep [13] M. Karpovsky, K. J. Kulikowski, and E. Taubin, Differential fault analysis attack resistant architectures for the advanced encryption standard, Proceedings of World Computing Congress, pp , [14] A. Satoh, T. Sugawara, N. Homma, and T. Aoki, High-performance concurrent error detection scheme for aes hardware, Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems, pp , Aug [15] M. Mozaffari-Kermani and A. Reyhani-Masoleh, Concurrent structureindependent fault detection schemes for the advanced encryption standard, IEEE Transactions on Computers, vol. 59, no. 5, pp , May [16] A. Elbirt, W. Yip, B. Chetwynd, and C. Paar, An fpga-based performance evaluation of the aes block cipher candidate algorithm finalists, IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 9, no. 4, pp , Aug [17] A. Hodjat and I. Verbauwhede, Minimum area cost for a 30 to 70 gbits/s aes processor, Proceedings of IEEE Computer society Annual Symposium on VLSI, pp , Feb [18] X. Zhang and K. Parhi, High-speed vlsi architectures for the aes algorithm, IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 12, no. 9, pp , Sep [19] Announcing the advanced encryption standard (aes), in Federal Information Processing Standards Publication (FIPS PUB), REFERENCES [1] D. Boneh, R. DeMillo, and R. Lipton, On the importance of checking cryptographic protocols for faults, Proceedings of Eurocrypt, Lecture Notes in Computer Science, vol. 1233, pp , [2] E. Biham and A. Shamir, Differential fault analysis of secret key cryptosystems, Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology, pp , Aug [3] J. Bloemer and J. Seifert, Fault based cryptanalysis of the advanced encryption standard. [Online]. Available: /075.pdf [4] C. Giraud, Differential fault analysis on aes. [Online]. Available: [5] A. Biryukov and D. Wagner, Slide attacks, Proceedings of Workshop on Fast Software Encryption, Lecture Notes in Computer Science, vol. 1636, pp , [6] H. Lipmaa, P. Rogaway, and D. Wagner, Comments to nist concerning aes modes of operations: Ctr-mode encryption. [Online]. Available: lipmaa-ctr.pdf [7] R. Karri, K. Wu, P. Mishra, and Y. Kim, Concurrent error detection schemes for fault-based side-channel cryptanalysis of symmetric block ciphers, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 21, no. 12, pp , Dec [8] G. Bertoni, L. Breveglieri, I. Koren, P. Maistri, and V. Piuri, Error analysis and detection procedures for a hardware implementation of the advanced encryption standard, IEEE Transactions on Computers, vol. 52, no. 4, pp , Apr IEEE International Symposium on Hardware-Oriented Security and Trust (HOST) 75
@ 2014 SEMAR GROUPS TECHNICAL SOCIETY.
www.semargroup.org, www.ijsetr.com ISSN 2319-8885 Vol.03,Issue.02, February-2014, Pages:0350-0355 Performance Improvement in Fault Detection Schemes for the Advanced Encryption Standard Using Composite
More informationOn-Line Self-Test of AES Hardware Implementations
On-Line Self-Test of AES Hardware Implementations G. Di Natale, M. L. Flottes, B. Rouzeyre Laboratoire d Informatique, de Robotique et de Microélectronique de Montpellier Université Montpellier II / CNRS
More informationHigh-performance Concurrent Error Detection Scheme for AES Hardware
High-performance Concurrent Error Detection Scheme for AES Hardware Akashi Satoh 1, Takeshi Sugawara 2,NaofumiHomma 2,andTakafumiAoki 2 1 Research Center for Information Security, National Institute of
More informationA Reliable Architecture for Substitution Boxes in Integrated Cryptographic Devices
Author manuscript, published in "DCIS'08: Conference on Design of Circuits and Integrated Systems, (2008)" A Reliable Architecture for Substitution Boxes in Integrated Cryptographic Devices G. Di Natale,
More informationA Fault Attack Against the FOX Cipher Family
A Fault Attack Against the FOX Cipher Family L. Breveglieri 1,I.Koren 2,andP.Maistri 1 1 Department of Electronics and Information Technology, Politecnico di Milano, Milano, Italy {brevegli, maistri}@elet.polimi.it
More informationParity-based Concurrent Error Detection of Substitution-Permutation Network Block Ciphers
Parity-based Concurrent Error Detection of Substitution-Permutation Network Block Ciphers Ramesh Karri 1, Grigori Kuznetsov 2 and Michael Goessel 2 1 Department of Electrical and Computer Engineering Polytechnic
More informationSide-channel Power Analysis of Different Protection Schemes Against Fault Attacks on AES
Side-channel Power Analysis of Different Protection Schemes Against Fault Attacks on AES Pei Luo 1, Yunsi Fei 1, Liwei Zhang 2, and A. Adam Ding 2 1 Department of Electrical and Computer Engineering, Northeastern
More informationA Structure-Independent Approach for Fault Detection Hardware Implementations of the Advanced Encryption Standard
A Structure-Independent Approach for Fault Detection Hardware Implementations of the Advanced Encryption Standard Presented by: Mehran Mozaffari Kermani Department of Electrical and Computer Engineering
More informationUsing Error Detection Codes to detect fault attacks on Symmetric Key Ciphers
Using Error Detection Codes to detect fault attacks on Symmetric Key Ciphers Israel Koren Department of Electrical and Computer Engineering Univ. of Massachusetts, Amherst, MA collaborating with Luca Breveglieri,
More informationFAULT DETECTION IN THE ADVANCED ENCRYPTION STANDARD. G. Bertoni, L. Breveglieri, I. Koren and V. Piuri
FAULT DETECTION IN THE ADVANCED ENCRYPTION STANDARD G. Bertoni, L. Breveglieri, I. Koren and V. Piuri Abstract. The AES (Advanced Encryption Standard) is an emerging private-key cryptographic system. Performance
More informationImplementation of Full -Parallelism AES Encryption and Decryption
Implementation of Full -Parallelism AES Encryption and Decryption M.Anto Merline M.E-Commuication Systems, ECE Department K.Ramakrishnan College of Engineering-Samayapuram, Trichy. Abstract-Advanced Encryption
More informationInternational Journal of Engineering Trends and Technology (IJETT) Volume 37 Number 7 - July 2016
A Lightweight High-Performance Fault Detection Scheme for the Advanced Encryption Standard and Scalable Encryption Algorithm using Composite Fields Veena.K #1, Della Reasa Valiaveetil #2, Nisha K Gopinath
More informationVLSI ARCHITECTURE FOR NANO WIRE BASED ADVANCED ENCRYPTION STANDARD (AES) WITH THE EFFICIENT MULTIPLICATIVE INVERSE UNIT
VLSI ARCHITECTURE FOR NANO WIRE BASED ADVANCED ENCRYPTION STANDARD (AES) WITH THE EFFICIENT MULTIPLICATIVE INVERSE UNIT K.Sandyarani 1 and P. Nirmal Kumar 2 1 Research Scholar, Department of ECE, Sathyabama
More informationAES as A Stream Cipher
> AES as A Stream Cipher < AES as A Stream Cipher Bin ZHOU, Kris Gaj, Department of ECE, George Mason University Abstract This paper presents implementation of advanced encryption standard (AES) as a stream
More informationConcurrent Error Detection of Fault-Based Side-Channel Cryptanalysis of 128-Bit RC6 Block Cipher
Concurrent Error Detection of Fault-Based Side-Channel Cryptanalysis of 128-Bit RC6 Block Cipher Kaijie Wu, Piyush Mishra, Ramesh Karri ECE Department, Polytechnic University 5 Metrotech Center, Brooklyn,
More informationDesign of an Efficient Architecture for Advanced Encryption Standard Algorithm Using Systolic Structures
Design of an Efficient Architecture for Advanced Encryption Standard Algorithm Using Systolic Structures 1 Suresh Sharma, 2 T S B Sudarshan 1 Student, Computer Science & Engineering, IIT, Khragpur 2 Assistant
More informationMULTI-LEVEL AES DESIGN SECURITY: FROM SYSTEMC-TLM TO FPGA
MULTI-LEVEL AES DESIGN SECURITY: FROM SYSTEMC-TLM TO FPGA 1 HASSEN MESTIRI, 1,2 YOUNES LAHBIB, 1 MOHSEN MACHHOUT, 1 RACHED TOURKI 1 Electronics and Micro-Electronics Laboratory (E. µ. E. L), Faculty of
More informationA Parity Code Based Fault Detection for an Implementation of the Advanced Encryption Standard
A Parity Code Based Fault Detection for an Implementation of the Advanced Encryption Standard Guido Bertoni1, Luca Breveglieri1, Israel Koren2, Paolo Maistri1, Vincenzo Piuri3 1 Department of Electronics
More informationP V Sriniwas Shastry et al, Int.J.Computer Technology & Applications,Vol 5 (1),
On-The-Fly AES Key Expansion For All Key Sizes on ASIC P.V.Sriniwas Shastry 1, M. S. Sutaone 2, 1 Cummins College of Engineering for Women, Pune, 2 College of Engineering, Pune pvs.shastry@cumminscollege.in
More informationClock Glitch Fault Injection Attacks on an FPGA AES Implementation
Journal of Electrotechnology, Electrical Engineering and Management (2017) Vol. 1, Number 1 Clausius Scientific Press, Canada Clock Glitch Fault Injection Attacks on an FPGA AES Implementation Yifei Qiao1,a,
More informationPiret and Quisquater s DFA on AES Revisited
Piret and Quisquater s DFA on AES Revisited Christophe Giraud 1 and Adrian Thillard 1,2 1 Oberthur Technologies, 4, allée du doyen Georges Brus, 33 600 Pessac, France. c.giraud@oberthur.com 2 Université
More information128 Bit ECB-AES Crypto Core Design using Rijndeal Algorithm for Secure Communication
IJSRD - International Journal for Scientific Research & Development Vol. 2, Issue 03, 2014 ISSN (online): 2321-0613 128 Bit ECB-AES Crypto Core Design using Rijndeal Algorithm for Secure Communication
More informationEfficient Hardware Design and Implementation of AES Cryptosystem
Efficient Hardware Design and Implementation of AES Cryptosystem PRAVIN B. GHEWARI 1 MRS. JAYMALA K. PATIL 1 AMIT B. CHOUGULE 2 1 Department of Electronics & Telecommunication 2 Department of Computer
More informationElastic Block Ciphers: The Feistel Cipher Case
Elastic Block Ciphers: The Feistel Cipher Case Debra L. Cook Moti Yung Angelos D. Keromytis Department of Computer Science Columbia University, New York, NY dcook,moti,angelos @cs.columbia.edu Technical
More informationFault Diagnosis Schemes for Low-Energy BlockCipher Midori Benchmarked on FPGA
Fault Diagnosis Schemes for Low-Energy BlockCipher Midori Benchmarked on FPGA Abstract: Achieving secure high-performance implementations for constrained applications such as implantable and wearable medical
More information2016 Maxwell Scientific Publication Corp. Submitted: August 21, 2015 Accepted: September 11, 2015 Published: January 05, 2016
Research Journal of Applied Sciences, Engineering and Technology 12(1): 52-62, 2016 DOI:10.19026/rjaset.12.2303 ISSN: 2040-7459; e-issn: 2040-7467 2016 Maxwell Scientific Publication Corp. Submitted: August
More informationHardware Implementation of Cryptosystem by AES Algorithm Using FPGA
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology ISSN 2320 088X IMPACT FACTOR: 6.017 IJCSMC,
More informationA Very Compact Hardware Implementation of the MISTY1 Block Cipher
A Very Compact Hardware Implementation of the MISTY1 Block Cipher Dai Yamamoto, Jun Yajima, and Kouichi Itoh FUJITSU LABORATORIES LTD. 4-1-1, Kamikodanaka, Nakahara-ku, Kawasaki, 211-8588, Japan {ydai,jyajima,kito}@labs.fujitsu.com
More informationSecret Key Algorithms (DES)
Secret Key Algorithms (DES) G. Bertoni L. Breveglieri Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used
More informationMinimum Area Cost for a 30 to 70 Gbits/s AES Processor
Minimum Area Cost for a 30 to 70 Gbits/s AE Processor Alireza Hodjat and Ingrid Verbauwhede Electrical Engineering Department University of California, Los Angeles {ahodjat, ingrid} @ ee.ucla.edu Abstract
More informationImplementation and Comparative Analysis of AES as a Stream Cipher
Implementation and Comparative Analysis of AES as a Stream Cipher Bin ZHOU, Yingning Peng Dept. of Electronic Engineering, Tsinghua University, Beijing, China, 100084 e-mail: zhoubin06@mails.tsinghua.edu.cn
More informationA Countermeasure Circuit for Secure AES Engine against Differential Power Analysis
A Countermeasure Circuit for Secure AES Engine against Differential Power Analysis V.S.Subarsana 1, C.K.Gobu 2 PG Scholar, Member IEEE, SNS College of Engineering, Coimbatore, India 1 Assistant Professor
More informationFPGA Implementation of High Speed AES Algorithm for Improving The System Computing Speed
FPGA Implementation of High Speed AES Algorithm for Improving The System Computing Speed Vijaya Kumar. B.1 #1, T. Thammi Reddy.2 #2 #1. Dept of Electronics and Communication, G.P.R.Engineering College,
More informationLow area implementation of AES ECB on FPGA
Total AddRoundkey_3 MixCollumns AddRoundkey_ ShiftRows SubBytes 1 Low area implementation of AES ECB on FPGA Abstract This project aimed to create a low area implementation of the Rajindael cipher (AES)
More informationAn 80Gbps FPGA Implementation of a Universal Hash Function based Message Authentication Code
An 8Gbps FPGA Implementation of a Universal Hash Function based Message Authentication Code Abstract We developed an architecture optimization technique called divide-and-concatenate and applied it to
More informationOPTICAL networks require secure data transmission at
366 IEEE TRANSACTIONS ON COMPUTERS, VOL. 55, NO. 4, APRIL 2006 Area-Throughput Trade-Offs for Fully Pipelined 30 to 70 Gbits/s AES Processors Alireza Hodjat, Student Member, IEEE, and Ingrid Verbauwhede,
More informationFault Injection Test Bed for Clock Violation
Fault Injection Test Bed for Clock Violation E. Kavitha P.S. Indrani M. J. C. Prasad Abstract: In this paper, the International Data Encryption (IDEA) algorithm synthesis models will be used as test encryption
More informationA High-Performance VLSI Architecture for Advanced Encryption Standard (AES) Algorithm
A High-Performance VLSI Architecture for Advanced Encryption Standard (AES) Algorithm N. M. Kosaraju, M. Varanasi & Saraju P. Mohanty VLSI Design and CAD Laboratory Homepage: http://www.vdcl.cse.unt.edu
More informationAES ALGORITHM FOR ENCRYPTION
Volume 02 - Issue 05 May 2016 PP. 63-68 AES ALGORITHM FOR ENCRYPTION Radhika D.Bajaj M.Tech VLSI G.H. Raisoni Institute of Engineering And Technology For Women, Nagpur. Dr. U.M. Gokhale Electronics and
More informationDESIGNING OF STREAM CIPHER ARCHITECTURE USING THE CELLULAR AUTOMATA
DESIGNING OF STREAM CIPHER ARCHITECTURE USING THE CELLULAR AUTOMATA 1 Brundha K A MTech Email: 1 brundha1905@gmail.com Abstract Pseudo-random number generators (PRNGs) are a key component of stream ciphers
More informationDFA on AES. Christophe Giraud. Oberthur Card Systems, 25, rue Auguste Blanche, Puteaux, France.
DFA on AES Christophe Giraud Oberthur Card Systems, 25, rue Auguste Blanche, 92800 Puteaux, France. c.giraud@oberthurcs.com Abstract. In this paper we describe two different DFA attacks on the AES. The
More informationSecret Key Cryptography
Secret Key Cryptography General Block Encryption: The general way of encrypting a 64-bit block is to take each of the: 2 64 input values and map it to a unique one of the 2 64 output values. This would
More informationThe Use of Runtime Reconfiguration on FPGA Circuits to Increase the Performance of the AES Algorithm Implementation
Journal of Universal Computer Science, vol. 13, no. 3 (2007), 349-362 submitted: 30/11/06, accepted: 16/2/07, appeared: 28/3/07 J.UCS The Use of Runtime Reconfiguration on FPGA Circuits to Increase the
More informationDifferential-Linear Cryptanalysis of Serpent
Differential-Linear Cryptanalysis of Serpent Eli Biham 1, Orr Dunkelman 1, and Nathan Keller 2 1 Computer Science Department, Technion, Haifa 32000, Israel {biham,orrd}@cs.technion.ac.il 2 Mathematics
More informationHigh Speed Fault Injection Tool (FITO) Implemented With VHDL on FPGA For Testing Fault Tolerant Designs
Vol. 3, Issue. 5, Sep - Oct. 2013 pp-2894-2900 ISSN: 2249-6645 High Speed Fault Injection Tool (FITO) Implemented With VHDL on FPGA For Testing Fault Tolerant Designs M. Reddy Sekhar Reddy, R.Sudheer Babu
More informationLecture 2B. RTL Design Methodology. Transition from Pseudocode & Interface to a Corresponding Block Diagram
Lecture 2B RTL Design Methodology Transition from Pseudocode & Interface to a Corresponding Block Diagram Structure of a Typical Digital Data Inputs Datapath (Execution Unit) Data Outputs System Control
More informationA High Speed Hardware Architecture for Universal Message. Authentication Code
A High Speed Hardware Architecture for Universal Message Authentication Code Bo Yang Ramesh Karri Department of Electrical and Computer Engineering Polytechnic University, Brooklyn, NY, 11201 yangbo@photon.poly.edu,
More informationArea Optimization in Masked Advanced Encryption Standard
IOSR Journal of Engineering (IOSRJEN) ISSN (e): 2250-3021, ISSN (p): 2278-8719 Vol. 04, Issue 06 (June. 2014), V1 PP 25-29 www.iosrjen.org Area Optimization in Masked Advanced Encryption Standard R.Vijayabhasker,
More informationOn the Design of Secure Block Ciphers
On the Design of Secure Block Ciphers Howard M. Heys and Stafford E. Tavares Department of Electrical and Computer Engineering Queen s University Kingston, Ontario K7L 3N6 email: tavares@ee.queensu.ca
More informationInternational Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume 3 Issue 3, March 2014
ENCRYPTION AND DECRYPTION IN COMPLEX PARALLELISM H.Anusuya Baby 1, Christo Ananth 2 1 (ECE, Francis Xavier Engineering College/ Anna University, India) 2 (ECE, Francis Xavier Engineering College/ Anna
More informationP2_L6 Symmetric Encryption Page 1
P2_L6 Symmetric Encryption Page 1 Reference: Computer Security by Stallings and Brown, Chapter 20 Symmetric encryption algorithms are typically block ciphers that take thick size input. In this lesson,
More informationFast implementation and fair comparison of the final candidates for Advanced Encryption Standard using Field Programmable Gate Arrays
Kris Gaj and Pawel Chodowiec Electrical and Computer Engineering George Mason University Fast implementation and fair comparison of the final candidates for Advanced Encryption Standard using Field Programmable
More informationAdvanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50
Advanced Encryption Standard and Modes of Operation Foundations of Cryptography - AES pp. 1 / 50 AES Advanced Encryption Standard (AES) is a symmetric cryptographic algorithm AES has been originally requested
More informationpage 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas
Introduction to Cryptography Lecture 3 Benny Pinkas page 1 1 Pseudo-random generator Pseudo-random generator seed output s G G(s) (random, s =n) Deterministic function of s, publicly known G(s) = 2n Distinguisher
More informationA Related Key Attack on the Feistel Type Block Ciphers
International Journal of Network Security, Vol.8, No.3, PP.221 226, May 2009 221 A Related Key Attack on the Feistel Type Block Ciphers Ali Bagherzandi 1,2, Mahmoud Salmasizadeh 2, and Javad Mohajeri 2
More informationFault Sensitivity Analysis Meets Zero-Value Attack
Fault Sensitivity Analysis Meets Zero-Value Attack Oliver Mischke, Amir Moradi, Tim Güneysu Horst Görtz stitute for IT-Security Ruhr-Universität Bochum Bochum, Germany E-mail: {mischke, moradi, gueneysu}@crypto.rub.de
More informationAn Efficient FPGA Implementation of the Advanced Encryption Standard (AES) Algorithm Using S-Box
Volume 5 Issue 2 June 2017 ISSN: 2320-9984 (Online) International Journal of Modern Engineering & Management Research Website: www.ijmemr.org An Efficient FPGA Implementation of the Advanced Encryption
More informationA Reliable Architecture for Parallel Implementations of the Advanced Encryption Standard
A Reliable Architecture for Parallel Implementations of the Advanced Encryption Standard Giorgio Di Natale, Doulcier Marion, Marie-Lise Flottes, Bruno Rouzeyre To cite this version: Giorgio Di Natale,
More informationExploring Area/Delay Tradeoffs in an AES FPGA Implementation
Exploring Area/Delay Tradeoffs in an AES FPGA Implementation Joseph Zambreno, David Nguyen, and Alok Choudhary Department of Electrical and Computer Engineering Northwestern University Evanston, IL 60208,
More informationComparison of the Hardware Performance of the AES Candidates Using Reconfigurable Hardware
Comparison of the Hardware Performance of the AES Candidates Using Reconfigurable Hardware Master s Thesis Pawel Chodowiec MS CpE Candidate, ECE George Mason University Advisor: Dr. Kris Gaj, ECE George
More informationCryptography and Network Security Block Ciphers + DES. Lectured by Nguyễn Đức Thái
Cryptography and Network Security Block Ciphers + DES Lectured by Nguyễn Đức Thái Outline Block Cipher Principles Feistel Ciphers The Data Encryption Standard (DES) (Contents can be found in Chapter 3,
More informationLinear Cryptanalysis of Reduced Round Serpent
Linear Cryptanalysis of Reduced Round Serpent Eli Biham 1, Orr Dunkelman 1, and Nathan Keller 2 1 Computer Science Department, Technion Israel Institute of Technology, Haifa 32000, Israel, {biham,orrd}@cs.technion.ac.il,
More informationFault Detection of the Camellia Cipher against Single Byte Differential Fault Analysis
Appl. Math. Inf. Sci. 6-3S, No. 3, 951-957 (2012) 951 Applied Mathematics & Information Sciences An International Journal Fault Detection of the Camellia Cipher against Single Byte Differential Fault Analysis
More information3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some
3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption
More informationDifferential Fault Analysis on the AES Key Schedule
ifferential Fault Analysis on the AES Key Schedule Junko TAKAHASHI and Toshinori FUKUNAGA NTT Information Sharing Platform Laboratories, Nippon Telegraph and Telephone Corporation, {takahashi.junko, fukunaga.toshinori}@lab.ntt.co.jp
More informationPipelined Quadratic Equation based Novel Multiplication Method for Cryptographic Applications
, Vol 7(4S), 34 39, April 204 ISSN (Print): 0974-6846 ISSN (Online) : 0974-5645 Pipelined Quadratic Equation based Novel Multiplication Method for Cryptographic Applications B. Vignesh *, K. P. Sridhar
More informationIMPLEMENTATION OF BLAKE ALGORITHM USING PIPELINING IN FPGA
International Journal Innovations in Scientific and IMPLEMENTATION OF BLAKE ALGORITHM USING PIPELINING IN FPGA 1 M.Jothi Kumar, 2 Chitravalavan 1 Research Scholar, Department Applied Electronics, A.V.C.
More informationFPGA BASED CRYPTOGRAPHY FOR INTERNET SECURITY
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 4, Issue. 10, October 2015,
More informationFPGA Based Design of AES with Masked S-Box for Enhanced Security
International Journal of Engineering Science Invention ISSN (Online): 2319 6734, ISSN (Print): 2319 6726 Volume 3 Issue 5ǁ May 2014 ǁ PP.01-07 FPGA Based Design of AES with Masked S-Box for Enhanced Security
More informationA Fault-Resistant AES Implementation Using Differential Characteristic of Input and Output
A Fault-Resistant AES Implementation Using Differential Characteristic of Input and Output JeongSoo Park Hoseo University Asan, ChungNam, Korea sizeplay@nate.com KiSeok Bae Kyungpook National University
More informationCRYPTOGRAPHIC devices are widely used in applications
1036 IEEE TRANSACTIONS ON VERY LARGE SCALE INTEGRATION (VLSI) SYSTEMS, VOL. 20, NO. 6, JUNE 2012 Secure Multipliers Resilient to Strong Fault-Injection Attacks Using Multilinear Arithmetic Codes Zhen Wang,
More informationCryptanalysis of KeeLoq with COPACOBANA
Cryptanalysis of KeeLoq with COPACOBANA Martin Novotný 1 and Timo Kasper 2 1 Faculty of Information Technology Czech Technical University in Prague Kolejní 550/2 160 00 Praha 6, Czech Republic email: novotnym@fit.cvut.cz
More informationData Encryption Standard (DES)
Data Encryption Standard (DES) Best-known symmetric cryptography method: DES 1973: Call for a public cryptographic algorithm standard for commercial purposes by the National Bureau of Standards Goals:
More informationAES1. Ultra-Compact Advanced Encryption Standard Core AES1. General Description. Base Core Features. Symbol. Applications
General Description The AES core implements Rijndael encoding and decoding in compliance with the NIST Advanced Encryption Standard. Basic core is very small (less than 3,000 gates). Enhanced versions
More informationConcurrent Error Detection Schemes for Fault-Based Side-Channel Cryptanalysis of Symmetric Block Ciphers
IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS, VOL. 21, NO. 12, DECEMBER 2002 1509 Concurrent Error Detection Schemes for Fault-Based Side-Channel Cryptanalysis of Symmetric
More informationASIC Performance Comparison for the ISO Standard Block Ciphers
ASIC Performance Comparison for the ISO Standard Block Ciphers Takeshi Sugawara 1, Naofumi Homma 1, Takafumi Aoki 1, and Akashi Satoh 2 1 Graduate School of Information Sciences, Tohoku University Aoba
More informationIntegral Cryptanalysis of the BSPN Block Cipher
Integral Cryptanalysis of the BSPN Block Cipher Howard Heys Department of Electrical and Computer Engineering Memorial University hheys@mun.ca Abstract In this paper, we investigate the application of
More informationSymmetric Key Encryption. Symmetric Key Encryption. Advanced Encryption Standard ( AES ) DES DES DES 08/01/2015. DES and 3-DES.
Symmetric Key Encryption Symmetric Key Encryption and 3- Tom Chothia Computer Security: Lecture 2 Padding Block cipher modes Advanced Encryption Standard ( AES ) AES is a state-of-the-art block cipher.
More informationSymmetric Key Algorithms. Definition. A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting.
Symmetric Key Algorithms Definition A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting. 1 Block cipher and stream cipher There are two main families
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationEfficient FPGA Implementations of PRINT CIPHER
Efficient FPGA Implementations of PRINT CIPHER 1 Tadashi Okabe Information Technology Group Tokyo Metropolitan Industrial Technology Research Institute, Tokyo, Japan Abstract This article presents field
More informationHigh Performance Single-Chip FPGA Rijndael Algorithm Implementations
High Performance Single-Chip FPGA Rijndael Algorithm Implementations Máire McLoone and J.V McCanny DSiP TM Laboratories, School of Electrical and Electronic Engineering, The Queen s University of Belfast,
More informationA New Architecture of High Performance WG Stream Cipher
A New Architecture of High Performance WG Stream Cipher Grace Mary S. 1, Abhila R. Krishna 2 1 P G Scholar, VLSI and Embedded Systems, Department of ECE T K M Institute of Technology, Kollam, India 2 Assistant
More informationDierential-Linear Cryptanalysis of Serpent? Haifa 32000, Israel. Haifa 32000, Israel
Dierential-Linear Cryptanalysis of Serpent Eli Biham, 1 Orr Dunkelman, 1 Nathan Keller 2 1 Computer Science Department, Technion. Haifa 32000, Israel fbiham,orrdg@cs.technion.ac.il 2 Mathematics Department,
More informationFast implementations of secret-key block ciphers using mixed inner- and outer-round pipelining
Pawel Chodowiec, Po Khuon, Kris Gaj Electrical and Computer Engineering George Mason University Fast implementations of secret-key block ciphers using mixed inner- and outer-round pipelining http://ece.gmu.edu/crypto-text.htm
More informationInternational Journal for Research in Applied Science & Engineering Technology (IJRASET) Performance Comparison of Cryptanalysis Techniques over DES
Performance Comparison of Cryptanalysis Techniques over DES Anupam Kumar 1, Aman Kumar 2, Sahil Jain 3, P Kiranmai 4 1,2,3,4 Dept. of Computer Science, MAIT, GGSIP University, Delhi, INDIA Abstract--The
More informationLecture 4: Symmetric Key Encryption
Lecture 4: Symmetric ey Encryption CS6903: Modern Cryptography Spring 2009 Nitesh Saxena Let s use the board, please take notes 2/20/2009 Lecture 1 - Introduction 2 Data Encryption Standard Encrypts by
More informationFast implementation and fair comparison of the final candidates for Advanced Encryption Standard using Field Programmable Gate Arrays
Fast implementation and fair comparison of the final candidates for Advanced Encryption Standard using Field Programmable Gate Arrays Kris Gaj and Pawel Chodowiec George Mason University, Electrical and
More informationEEC-484/584 Computer Networks
EEC-484/584 Computer Networks Lecture 23 wenbing@ieee.org (Lecture notes are based on materials supplied by Dr. Louise Moser at UCSB and Prentice-Hall) Outline 2 Review of last lecture Introduction to
More informationSecret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34
Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used for both encryption and decryption.
More informationCryptography Functions
Cryptography Functions Lecture 3 1/29/2013 References: Chapter 2-3 Network Security: Private Communication in a Public World, Kaufman, Perlman, Speciner Types of Cryptographic Functions Secret (Symmetric)
More informationAES Core Specification. Author: Homer Hsing
AES Core Specification Author: Homer Hsing homer.hsing@gmail.com Rev. 0.1.1 October 30, 2012 This page has been intentionally left blank. www.opencores.org Rev 0.1.1 ii Revision History Rev. Date Author
More informationElastic Block Ciphers: The Feistel Cipher Case
Elastic Block Ciphers: The Feistel Cipher Case Debra L. Cook Moti Yung Angelos D. Keromytis Department of Computer Science Columbia University, New York, NY dcook,moti,angelos @cs.columbia.edu Technical
More informationStreaming Encryption for a Secure Wavelength and Time Domain Hopped Optical Network
treaming Encryption for a ecure Wavelength and Time Domain Hopped Optical Network Herwin Chan, Alireza Hodjat, Jun hi, Richard Wesel, Ingrid Verbauwhede {herwin, ahodjat, junshi, wesel, ingrid} @ ee.ucla.edu
More informationHigh Speed Architecture for Galois/Counter Mode of Operation (GCM)
High Speed Architecture for Galois/Counter Mode of Operation (GCM) Bo Yang, Sambit Mishra, Ramesh Karri ECE Department Polytechnic University, Brooklyn, NY Abstract In this paper we present a fully pipelined
More informationFPGAs: High Assurance through Model Based Design
FPGAs: High Assurance through Based Design AADL Workshop 24 January 2007 9:30 10:00 Yves LaCerte Rockwell Collins Advanced Technology Center 400 Collins Road N.E. Cedar Rapids, IA 52498 ylacerte@rockwellcollins.cm
More informationTABLE OF CONTENTS CHAPTER NO. TITLE PAGE NO.
vii TABLE OF CONTENTS CHAPTER NO. TITLE PAGE NO. ABSTRACT LIST OF TABLES LIST OF FIGURES LIST OF SYMBOLS AND ABBREVIATION iii xii xiv xvii 1 INTRODUCTION 1 1.1 GENERAL 1 1.2 TYPES OF WIRELESS COMMUNICATION
More informationImproved Attack on Full-round Grain-128
Improved Attack on Full-round Grain-128 Ximing Fu 1, and Xiaoyun Wang 1,2,3,4, and Jiazhe Chen 5, and Marc Stevens 6, and Xiaoyang Dong 2 1 Department of Computer Science and Technology, Tsinghua University,
More informationFrom AES-128 to AES-192 and AES-256, How to Adapt Differential Fault Analysis Attacks
From AES-128 to AES-192 and AES-256, How to Adapt Differential Fault Analysis Attacks Noémie Floissac and Yann L Hyver SERMA TECHNOLOGIES ITSEF 30, avenue Gustave Eiffel, 33608 Pessac, France Email: {n.floissac;y.lhyver}@serma.com
More informationFault Analysis Study of the Block Cipher FOX64
Fault Analysis Study of the Block Cipher FOX64 Ruilin Li 1, Jianxiong You 1, Bing Sun 1,, and Chao Li 1,3 1 Department of Mathematics and System Science, Science College, National University of Defense
More information