Ultra-Lightweight Cryptography

Transcription

1 Ultra-Lightweight Cryptography F.-X. Standaert UCL Crypto Group European brokerage event, Cryptography Paris, September 2016

2 Outline Introduction Symmetric cryptography Hardware implementations Software implementations Technology scaling Conclusion

3 Outline Introduction Symmetric cryptography Hardware implementations Software implementations Technology scaling Conclusion

4 Outline 1 Evaluation criteria are usually relative

5 Outline 1 Evaluation criteria are usually relative and reflect algorithmic & implementation choices

6 Outline Introduction Symmetric cryptography Hardware implementations Software implementations Technology scaling Conclusion

7 Performance metrics 2

8 Performance metrics 2 => Can be more or less reflective of algorithms

9 Case study 3 Flexible block cipher architecture 3 core options: enc., dec., enc./dec. 65-nanometer CMOS technology

10 Combined metric (Enc., Enc./Dec.) 4

11 Combined metric (Enc., Enc./Dec.) 4 Mostly reflects different key schedulings

12 Number of rounds per cycle (Enc.) 5

13 Number of rounds per cycle (Enc.) 5 Suggests complexity limit has been reached

14 Outline Introduction Symmetric cryptography Hardware implementations Software implementations Technology scaling Conclusion

15 Combined metric (Atmel AVR, Enc.) 6 Time vs. code size tradeoff (because HW is fixed)

16 Outline Introduction Symmetric cryptography Hardware implementations Software implementations Technology scaling Conclusion

17 Technology scaling 7 Between and within technologies (f and Vdd)

18 65-nanometer case study 8

19 65-nanometer case study 8 Questions the relevance of algorithmic changes

20 Outline Introduction Symmetric cryptography Hardware implementations Software implementations Technology scaling Conclusion

21 Lessons learned 9 Gate count limit probably reached for rounds Ciphers differ more by other aspects, e.g. Key scheduling Enc./Dec. combinations

22 Lessons learned 9 Gate count limit probably reached for rounds Ciphers differ more by other aspects, e.g. Key scheduling Enc./Dec. combinations Simple & regular designs help (a lot) Compact implementations more revealing Technology scaling (mostly) helps

23 Lessons learned 9 Gate count limit probably reached for rounds Ciphers differ more by other aspects, e.g. Key scheduling Enc./Dec. combinations Simple & regular designs help (a lot) Compact implementations more revealing Technology scaling (mostly) helps AES is already quite lightweight NOEKEON is ultra lightweight

24 Research challenges 10 How to design a key scheduling algorithm? How to efficiently combine Enc. and Dec.?

25 Research challenges 10 How to design a key scheduling algorithm? How to efficiently combine Enc. and Dec.? New metrics for new applications?

26 Research challenges 10 How to design a key scheduling algorithm? How to efficiently combine Enc. and Dec.? New metrics for new applications? Low energy for IoT (e.g., Midori, NOEKEON)

27 Research challenges 10 How to design a key scheduling algorithm? How to efficiently combine Enc. and Dec.? New metrics for new applications? Low energy for IoT (e.g., Midori, NOEKEON) Low latency for bus encryption (e.g., Prince)

28 Research challenges 10 How to design a key scheduling algorithm? How to efficiently combine Enc. and Dec.? New metrics for new applications? Low energy for IoT (e.g., Midori, NOEKEON) Low latency for bus encryption (e.g., Prince) Side-channel resistant ciphers (e.g., LS-designs) & fault attacks, tamper resistance,

29 Research challenges 10 How to design a key scheduling algorithm? How to efficiently combine Enc. and Dec.? New metrics for new applications? Low energy for IoT (e.g., Midori, NOEKEON) Low latency for bus encryption (e.g., Prince) Side-channel resistant ciphers (e.g., LS-designs) & fault attacks, tamper resistance, Ciphers for MPC, FHE (privacy applications)

30 Research challenges 10 How to design a key scheduling algorithm? How to efficiently combine Enc. and Dec.? New metrics for new applications? Low energy for IoT (e.g., Midori, NOEKEON) Low latency for bus encryption (e.g., Prince) Side-channel resistant ciphers (e.g., LS-designs) & fault attacks, tamper resistance, Ciphers for MPC, FHE (privacy applications) From ciphers to modes (e.g., authenticated enc.)

31 Research challenges 11 New metrics for new applications? Post quantum ciphers (e.g., LPN, LWE, LWR)

32 Research challenges 11 New metrics for new applications? Post quantum ciphers (e.g., LPN, LWE, LWR) Communication complexity! Sending 1 bit over a wireless channel is one order of magnitude more energy consuming than computing 1 cycle

33 Research challenges 11 New metrics for new applications? Post quantum ciphers (e.g., LPN, LWE, LWR) Communication complexity! Sending 1 bit over a wireless channel is one order of magnitude more energy consuming than computing 1 cycle Trojan-resilience, surveillance Reverse firewalls, distributed computing,

34 Research challenges 11 New metrics for new applications? Post quantum ciphers (e.g., LPN, LWE, LWR) Communication complexity! Sending 1 bit over a wireless channel is one order of magnitude more energy consuming than computing 1 cycle Trojan-resilience, surveillance Reverse firewalls, distributed computing, Implementation (at large) matters Specific challenges => need of specific solutions But always part of something bigger More open source (software & hardware) needed

35 THANKS