Area Optimization in Masked Advanced Encryption Standard

Similar documents
Implementation of Full -Parallelism AES Encryption and Decryption

Design of an Efficient Architecture for Advanced Encryption Standard Algorithm Using Systolic Structures

FPGA Based Design of AES with Masked S-Box for Enhanced Security

Implementation of the block cipher Rijndael using Altera FPGA

AES Advanced Encryption Standard

FPGA CAN BE IMPLEMENTED BY USING ADVANCED ENCRYPTION STANDARD ALGORITHM

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50

Content of this part

A High-Performance VLSI Architecture for Advanced Encryption Standard (AES) Algorithm

Cryptography and Network Security. Sixth Edition by William Stallings

Efficient Hardware Design and Implementation of AES Cryptosystem

FPGA Implementation of High Speed AES Algorithm for Improving The System Computing Speed

FPGA BASED CRYPTOGRAPHY FOR INTERNET SECURITY

Week 5: Advanced Encryption Standard. Click

128 Bit ECB-AES Crypto Core Design using Rijndeal Algorithm for Secure Communication

Cryptography and Network Security

Optimized AES Algorithm Using FeedBack Architecture Chintan Raval 1, Maitrey Patel 2, Bhargav Tarpara 3 1, 2,

FPGA Can be Implemented Using Advanced Encryption Standard Algorithm

Understanding Cryptography by Christof Paar and Jan Pelzl. Chapter 4 The Advanced Encryption Standard (AES) ver. October 28, 2009

CHAPTER 1 INTRODUCTION

Block Ciphers. Lucifer, DES, RC5, AES. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk Block Ciphers 1

A Novel Approach of Area Optimized and pipelined FPGA Implementation of AES Encryption and Decryption

IMPLEMENTATION OF EFFICIENT AND HIGH SPEED AES ALGORITHM FOR SECURED DATA TRANSMISSION

Hardware Implementation of Cryptosystem by AES Algorithm Using FPGA

Fundamentals of Cryptography

Efficient Hardware Realization of Advanced Encryption Standard Algorithm using Virtex-5 FPGA

Cryptographic Algorithms - AES

Implementation of Stronger S-Box for Advanced Encryption Standard

International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume 3 Issue 3, March 2014

Fully Pipelined High Throughput Cost Effective FPGA Based Implementation of AES Algorithm

AES ALGORITHM FOR ENCRYPTION

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

@ 2014 SEMAR GROUPS TECHNICAL SOCIETY.

Chapter 7 Advanced Encryption Standard (AES) 7.1

Using Error Detection Codes to detect fault attacks on Symmetric Key Ciphers

Design and Implementation of Rijndael Encryption Algorithm Based on FPGA

Few Other Cryptanalytic Techniques

VLSI Implementation of Advanced Encryption Standard for secured Electronic Voting Machine

Minimum Area Cost for a 30 to 70 Gbits/s AES Processor

OPTICAL networks require secure data transmission at

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

FAULT DETECTION IN THE ADVANCED ENCRYPTION STANDARD. G. Bertoni, L. Breveglieri, I. Koren and V. Piuri

Data Encryption Standard (DES)

Low area implementation of AES ECB on FPGA

Analysis of the Use of Whirlpool s S-box, S1 and S2 SEED s S- box in AES Algorithm with SAC Test Novita Angraini, Bety Hayat Susanti, Magfirawaty

Symmetric Key Cryptography

in a 4 4 matrix of bytes. Every round except for the last consists of 4 transformations: 1. ByteSubstitution - a single non-linear transformation is a

HOST Cryptography III ECE 525 ECE UNM 1 (1/18/18)

Encryption Details COMP620

Comparison of Performance of AES Standards Based Upon Encryption /Decryption Time and Throughput

Design Implementation of Composite Field S-Box using AES 256 Algorithm

A Novel FPGA Implementation of AES-128 using Reduced Residue of Prime Numbers based S-Box

A Countermeasure Circuit for Secure AES Engine against Differential Power Analysis

CPSC 467b: Cryptography and Computer Security

VLSI ARCHITECTURE FOR NANO WIRE BASED ADVANCED ENCRYPTION STANDARD (AES) WITH THE EFFICIENT MULTIPLICATIVE INVERSE UNIT

Secret Key Cryptography

Speeding Up AES By Extending a 32 bit Processor Instruction Set

CPSC 467b: Cryptography and Computer Security

International Journal of Informative & Futuristic Research ISSN:

Designing a High-End Cryptographic Engine for Multi-Core Processor Arrays of FPGA

PARALLEL ANALYSIS OF THE RIJNDAEL BLOCK CIPHER

ENHANCED AES ALGORITHM FOR STRONG ENCRYPTION

VLSI Implementation of Advanced Encryption Standard using Rijndael Algorithm

Design and Implementation of Encryption Unit Based on Customized AES Algorithm

Block Ciphers Introduction

Keywords :Avalanche effect,hamming distance, Polynomial for S-box, Symmetric encryption,swapping words in S-box

Security against Timing Analysis Attack

On-Line Self-Test of AES Hardware Implementations

A New hybrid method in watermarking using DCT and AES

FPGA Based Implementation of AES Encryption and Decryption with Verilog HDL

Efficient Software Implementation of AES on 32-Bit Platforms

Encryption and Decryption by AES algorithm using FPGA

2016 Maxwell Scientific Publication Corp. Submitted: August 21, 2015 Accepted: September 11, 2015 Published: January 05, 2016

Advanced Encryption Standard (AES) Algorithm to Encrypt and Decrypt Data

Advanced Encryption Standard Implementation on Field Programmable Gate Arrays. Maryam Behrouzinekoo. B.Eng., University of Guilan, 2011

Piret and Quisquater s DFA on AES Revisited

Comparison of the Hardware Performance of the AES Candidates Using Reconfigurable Hardware

Application Specific Scalable Architectures for Advanced Encryption Standard (AES) Algorithm

An Efficient FPGA Implementation of the Advanced Encryption Standard (AES) Algorithm Using S-Box

AES as A Stream Cipher

Cryptography and Network Security Block Ciphers + DES. Lectured by Nguyễn Đức Thái

Design and Implementation of Rijindael s Encryption and Decryption Algorithm using NIOS- II Processor

CRYPTOGRAPHY plays an important role in the security

Efficient Area and High Speed Advanced Encryption Standard Algorithm

The Use of Runtime Reconfiguration on FPGA Circuits to Increase the Performance of the AES Algorithm Implementation

High Performance Single-Chip FPGA Rijndael Algorithm Implementations

Sharing Resources Between AES and the SHA-3 Second Round Candidates Fugue and Grøstl

Introduction to Cryptology. Lecture 17

Introduction to the new AES Standard: Rijndael

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Goals for Today. Substitution Permutation Ciphers. Substitution Permutation stages. Encryption Details 8/24/2010

Simplified Adaptive Multiplicative Masking for AES

Shrivathsa Bhargav Larry Chen Abhinandan Majumdar Shiva Ramudit

An Instruction Set Extension for Fast and Memory- Efficient AES Implementation. Stefan Tillich, Johann Großschädl, Alexander Szekely

EFFICIENT HARDWARE IMPLEMENTATIONS FOR THE ADVANCED ENCRYPTION STANDARD (AES) ALGORITHM

CSCI 454/554 Computer and Network Security. Topic 3.1 Secret Key Cryptography Algorithms

VLSI Implementation of Enhanced AES Cryptography

AES Implementation for RFID Tags: The Hardware and Software Approaches

CPSC 467: Cryptography and Computer Security

Lecture 2: Secret Key Cryptography

Transcription:

IOSR Journal of Engineering (IOSRJEN) ISSN (e): 2250-3021, ISSN (p): 2278-8719 Vol. 04, Issue 06 (June. 2014), V1 PP 25-29 www.iosrjen.org Area Optimization in Masked Advanced Encryption Standard R.Vijayabhasker, K.Mohankumar 1, S.R.Barkunan, Assistant Professor Depatrment of ECE Anna University Regional Centre,Coimbatore P.G Scholar, Anna University Regional Centre, Coimbatore Assistant Professor Depatrment of ECE Anna University Regional Centre,Coimbatore Abstract: - The Advanced Encryption Standard (AES) a symmetric-key block ciphertext published by National Institute of Standards and Technology (NIST)[1]. Order to protect a data high throughput masked Advanced Encryption Standard (AES) is used. The masked AES engine uses the unrolling techniques which required extreme level in large field programmable gate array (FPGA). The area optimization in masked AES with an unrolled structure. The mapping of operation from GF(2 8 ) to GF(2 4 ) as much as possible in order to optimize area. The number of mapping is reduced [GF(2 8 ) to GF(2 4 )] and inverse mapping [GF(2 4 ) to GF(2 8 )] operation of the SubBytes by step from zero to nine. In order to compatible, the masked MixColumns, masked AddRoundKey, and masked ShiftRows including the redundant masking values are carried over GF(2 4 ). By moving, mapping and inverse mapping outside the masked AES s round function, area can be reduced by 20%. Keyword: - Advanced Encryption Standard(AES), Field Programmable Gate Array(FPGA), throughput, Galios Field(GF). I. INTRODUCTION The development of information technology protect sensitive information s via encryption is more and more important. The Advanced Encryption Standard (AES) is a symmetric-key block ciphertext published by the National Institute of Standards and Technology (NIST) in December 2001 [1]. The criteria is defined by NIST for selecting AES drop into three areas i) Security ii) Cost and iii) Implementation. Based on the criteria NIST selected Rijndale algorithm as Advanced Encryption Standard(AES) [1]. AES is a non-feistel cipher that encrypts and decrypts a data block of 128 bits. It uses 10, 12, or 14 rounds. The key size, which can be 128, 192, or 256 bits, depends upon the number of rounds. The standard AES key size is 128 bits and 10 rounds. To provide security for the data, AES uses four types of transformations: substitution, permutation, mixing, and key-adding. AES has been widely used in various applications, such as secured communication systems. In high performance database, Radio Frequency Identification (RFID) tags and smart cards. II. ADVANCE ENCRYPTION STANDARD AES is a symmetric algorithm, it takes 128-bit data blocks input performs several rounds of transformations to generates the ciphertext output. Each 128-bit data block are processed in 4 X 4 array of bytes, This process is denoted as state [3]. The round key size can be 128, 192 or 256 bits. The number of rounds can be 10, 12 or 14 depending upon the length of the round key respectively. There are four basic transformations applied for encrypting the data. 2.1 SUBBYTES This subbytes operations is a nonlinear bytes substitution. Each byte from input state is replace by another byte according to the substitution of S-box. S-box is generated based upon a multiplication inverse in the finite field GF(2 8 ) and a bitwise affine transformation. The affine transformation is the sum of multiple rotation of the byte as a vector, where additions is performed using the XOR operation. SubByte Multiplicative Inversion in GF(2 8 ) Affine Transformation 2.2 SHIFT ROWS Shift rows operation is used to shift the rows of the state. The bytes of data are cyclically shifted with a certain offset. The first row is left unchanged and the second, third and fourth row is shifted to one, three bytes to the left simultaneously. Shiftrow n is shifts left circular by n-1 bytes. Each column output state of the ShiftRows step is composed on bytes from each column of the input state [1]. 2.3 MIXCOLUMNS 25 P a g e

Each column considered state over a polynomial GF(2 8 ), after multiplying modulo X 4 + 1 with fixed polynomials a(x), given by a(x) = {03}x 3 + {01}x 2 + {01}x 1 + {02} the results corresponding column of the output state. 2.4 ADD ROUNDKEY Each byte array is added (respect to GF(2)) to a bytes corresponding of the array round subkeys. Excluding the first and the last round, the AES with 128 bits round key proceeds nine iterations. First round iteration of the encryption perform XOR with the original key at last round iteration skips MixColumn transform [5]. Round keys are generated by a procedure call round key scheduling or key expansion. Those sub-keys are derive from the original key by XOR two previous columns. Columns that are in multiples of four, the process involves round constants addition, S-Box and shiftrow operations [6]. All the four layers described above key scheduling have corresponding inverse operations. Deciphering is the process of converting the cipher text back to plain text, it is the inverse of cipher process. However, it should be noted that the MixColumn reverse operation required matrix elements that are quite complicated compared to {01}, {02} or {03} of the forward one. This results are more complex deciphering hardware compared with the ciphering hardware. In the next section we demonstrate how the standard procedure for MixColumn transform is rewritten in order to ease its hardware implementation. III. MASKED AES FOR UNROLLED STRUCTURE The intermediate value X is concealed by exclusive-or ing it with the random mask m, in the Boolean masking implementation. The round function of the AES contains ShiftRows, Mix-Columns and AddRoundKey which are linear transformations, while SubBytes is the only nonlinear transformations of the AES. The linear transformations is defined as Operation; then, the masked Operation can be written as Operation(x m) = Operation(x) Operation(m). The masked nonlinear transformation SubBytes has the characteristic as S- box(x m) S-box(x) S-box(m). To mask the nonlinear transformation, a new S-box, denoted as S-box1, is recomputed as S-box1 (x m) = S-box(x) m', where m and m' are the input and output masks of the SubBytes. In order to mask a 128-bit AES, it usually needs 6-byte random values. These 6-byte random values are defined as m, m', m1, m2, m3, and m4. m 1234 = {m1,m2,m3,m4} is defined as the mask for one 32-bit MixColumns transformation, and it also holds that m' 1234 = MixColumns(m 1234 ). The Galois field GF(2 8 ) is an extension of the Galois field GF(2 4 ) over which to perform a modular reduction needs an irreducible polynomial of degree 2, x 2 + {1}x + {e}, and another irreducible polynomial of degree 4, x 4 + x + 1. In order to reduce the hardware resources, we calculate the masked AES engine mainly over GF(2 4 ). The plaintext and the masking values are mapped once from GF(2 8 ) to GF(2 4 ), and all the intermediate operations are computed over GF(2 4 ). Finally, the ciphertext is mapped back from GF(2 4 ) to the original field GF(2 8 ). All the masking values need to be mapped from GF(2 8 ) to GF(2 4 ), and we denote m 84 = map(m), m' 84 = map(m'), m 1234,84 = map(m 1234 ), and m 1234,84 = map(m' 1234 ). The masked ShiftRows and masked AddRoundKey remain the same. Fig 1.1 Encryption 26 P a g e

Fig 1.2 Decryption IV. OPTIMIZED MASKED S-BOX OVER GF(2 4 ) In order to move the mapping and inverse mapping outside AES s round operation, we exchange the computational sequence of masked affine and inverse mapping functions within masked S-box. The masked affine function needs to be adjusted with new scaling factors. The map operation is the mapping transformation of 8 8 matrix, and map 1 is constructed by the inverse map operation. We denote that the input values of the map function are (z + m) and m, and the output values of the map function are (z + m)' and m', where {(z + m),m} GF(2 8 ) and {(z + m)',m'} GF(2 4 ) It holds that (1) where As discussed before, m-affine and m-affine' are needed for scaling the output values and the output masking values. The following steps introduce the procedure to obtain the scaling values. The normal affine function (Ax + b) can be applied to the left and the right sides of (1) as ' + b (2) When mapping Equation (2) from GF(2 8 ) to GF(2 4 ), we can get map (A(z + m + m) + b) = map' Amap 1 (z + m + m)'+ b' (3) map(a(z + m) + b) + mapam = mapamap 1 (z + m)' + mapb + mapamap 1 m' (4) Therefore, we deduce that m-affine = mapamap 1 + mapb and m-affine' = mapamap 1. The four tables in masked sbox remains the same in our previous work[11]. These four tables are the following: 1) T d1 : ((x + m),m) x 2 e + m; 2) T d2 : ((x + m), (y + m')) ((x + m) + (y + m')) (y + m'); 3) T dm : ((x + m), (y +m')) (x + m) (y + m'); and 4) T' inv : ((x + m),m) T inv (x) + m. 27 P a g e

Fig 2 Masked Sbox GF(2 4 ) V. MASKED MIXCOLUMNS OVER GF(2 4 ) Scaling of Masked MixColumns is done by adjusting the operations over GF(2 4 ), and it needs to deduce the scaling factor of a modular multiplication with the fixed coefficients 0X02 and 0X03. If S is 1 byte of MixColumns, it holds that S = map(s h, S l ) ~Shx + Sl, where S GF(2 8 ) and S h, S l GF(2 4 ). Therefore, scaling factors 2x + 6 and 2x + 7 of S = (4Sh + 2Sl)x + (fs h + 6S l ) and (5S h + 2S l )x + (fs h + 7S l ). Fig. 4 shows the scaling computation for the masked MixColumns. Fig 3 Masked Sbox 28 P a g e

Fig 4 COMPUTATION OF MASKED MIXCOLUMN VI. CONCLUSION Throughputs can be enhanced by inserting pipeline registers for latency careless designs. In order to enhance the throughputs of each masked AES's round six-stage pipelines are inserted. Three pipelines to each round of the masked AES, called outer three pipelines are inserted. The pipeline registers are inserted at the output of each transformation. Three pipelines to the masked S-box, called inner three pipelines are inserted. Note that the maximum pipelined stages for the design is six. In order to be compatible with the encryption procedure, we also insert six-stage pipelines to the key expansion in order not to affect the critical path of the main encryption. High throughput is an important factor for large data transformation systems. Masked AES only needs to map the plaintext and masking values from GF(2 8 ) to GF(2 4 ) once at the beginning of the operation and map the ciphertext back from GF(2 4 ) to GF(2 8 ) once at the end of the operation. By moving, mapping and inverse mapping outside the masked AES s round function, area can be reduced by 20%. The output for Masked Sbox GF(2 4 ) is shown in fig 2 and the REFERENCES [1] NIST, Advanced Encryption Standard (AES), http://csrc.nist.gov/publications/fips/fips-197.pdf, Nov- 2001. [2] S. Mangard, N. Pramstaller, and E. Oswald, Successfully attacking masked AES hardware implementations, in Proc. CHES LNCS, 2005, vol. 3659, pp. 157 171. [3] E. Oswald, S. Mangard, N. Pramstaller, and V. Rijmen, A side-channel analysis resistant description of the AES S-box, in Proc. FSE LNCS, Setubal, Potugal, 2005, vol. 3557, pp. 413 423. [4] L. Goubin and J. Patarin, DES and differential power analysis (the duplication method), in Proc. CHES LNCS, 1999, vol. 1717, pp. 158 172. [5] S. Messerges, Securing the AES finalists against power analysis attacks, in Proc. FSE LNCS, 2000, vol. 1978, pp. 150 164. [6] K. Gaj and P. Chodowiec, Fast implementation and fair comparison of the final candidates for advanced encryption standard using field programmable gate arrays, in Proc. CT-RSA LNCS, 2001, vol. 2020, pp. 84 99. [7] A. Hodjat and I. Verbauwhede, A 21.54 Gbits/s fully pipelined processor on FPGA, in Proc. IEEE 12th Annu. Symp. Field-Programm. Custom Comput. Mach., 2004, pp. 308 309. [8] NIST, Data Encryption Standard (DES), http://csrc.nist.gov/ publications/fips/fips46-3/fips46-3.pdf, Oct. 1999. [9] I. Verbauwhede, P. Schaumont, and H. Kuo, Design and Performance Testing of a 2.29 gb/s Rijndael Processor, IEEE J. Solid-State Circuits, vol. 38, no. 3, pp. 569-572, Mar. 2003. [10] J. Daemen and V. Rijmen, The Design of Rijndael. Springer-Verlag, 2002. [11] Z. Yuan, Y. Wang, J. Li, R. Li, and W. Zhao, FPGA based optimization for masked AES implementation, in Proc.IEEE 54th Int. MWSCAS, Seoul, Korea, 2011, pp.1 4 29 P a g e

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback