Highly Efficient GF(2^8) Inversion Circuit Based on Redundant GF Arithmetic and Its Application to AES Design

This paper proposes a compact and efficient GF(2^8) inversion circuit design based on a combination of non-redundant and redundant Galois Field (GF) arithmetic. The proposed design utilizes redundant GF representations, called Polynomial Ring Representation (PRR) and Redundantly Represented Basis (RRB), to implement GF(2^8) inversion using a tower field GF((2^4)^2). In addition to the redundant representations, we introduce a specific normal basis that makes it possible to map the former components for the 16th and 17th powers of input onto logic gates in an efficient manner. The latter components for GF(2^4) inversion and GF(2^4) multiplication are then implemented by PRR and RRB, respectively. The flexibility of the redundant representations provides efficient mappings from/to the GF(2^8). This paper also evaluates the efficacy of the proposed circuit by means of gate counts and logic synthesis with a 65 nm CMOS standard cell library and comparisons with conventional circuits, including those with tower fields GF(((2^2)^2)^2). Consequently, we show that the proposed circuit achieves approximately 40% higher efficiency in terms of area-time product than the conventional best GF(((2^2)^2)^2) circuit excluding isomorphic mappings. We also demonstrate that the proposed circuit achieves the best efficiency (i.e., area-time product) for an AES encryption S-Box circuit including isomorphic mappings

Performance evaluation of eXtended sparse linearization in GF(2) and GF(28)

XSL (eXtended Sparse Linearization) is a recent algebraic attack aimed at the Advanced Encryption Standard. In order to shed some light into the behavior of the algorithm, which is largely unknown, we have studied XSL on equation systems with variables interpreted either as bits or bytes. The algorithm solves byte-systems much faster than it does bit-systems, which promts us to suggest that if a more compact representation of equation systems can be found, such as one where the variables are 8-byte blocks, or even a more generalized form of 8n-byte blocks, it may be possible to increase the speed of XSL dramatically

暗号ハードウェアの形式的設計に関する研究

Tohoku University青木孝文課

SoK: Security Evaluation of SBox-Based Block Ciphers

Cryptanalysis of block ciphers is an active and important research area with an extensive volume of literature. For this work, we focus on SBox-based ciphers, as they are widely used and cover a large class of block ciphers. While there have been prior works that have consolidated attacks on block ciphers, they usually focus on describing and listing the attacks. Moreover, the methods for evaluating a cipher\u27s security are often ad hoc, differing from cipher to cipher, as attacks and evaluation techniques are developed along the way. As such, we aim to organise the attack literature, as well as the work on security evaluation. In this work, we present a systematization of cryptanalysis of SBox-based block ciphers focusing on three main areas: (1) Evaluation of block ciphers against standard cryptanalytic attacks; (2) Organisation and relationships between various attacks; (3) Comparison of the evaluation and attacks on existing ciphers

Neural Replicator Analysis for virus genomes binomial systematics in metagenomics

We have presented some arguments to substantiate the usefulness of neural replicator analysis (NRA) for constructing variants of the natural binomial classification of virus genomes based only on knowledge of their complete genomic sequences, without involving other data on the phenotype, functions, encoded proteins, etc., and also without the need of genomic sequences alignment. Perhaps this will make sense when processing metagenomic data. This makes it possible to construct the binomial classification accepted for the viruses themselves. We restrict ourselves to three families of viruses having dsDNA circular genomes (Papillomaviridae, Polyomaviridae and Caulimoviridae) and partly to the family Geminiviridae having ssDNA genomes though the approach presented can be also applied to genomes of other dsDNA, ssDNA and ssRNA viruses, including linear ones (some results for Mitoviridae are also presented). It is argued that binomial classification of virus genomes which is difficult to apply in all cases can nevertheless be informative tool of revealing virus properties, areal of hosts, forms of diseases and can also show the connections of the viruses belonging to different families and even to different kingdoms.Comment: 48 pages, 27 figure

D.STVL.7 - Algebraic cryptanalysis of symmetric primitives

The recent development of algebraic attacks can be considered an important breakthrough in the analysis of symmetric primitives; these are powerful techniques that apply to both block and stream ciphers (and potentially hash functions). The basic principle of these techniques goes back to Shannon's work: they consist in expressing the whole cryptographic algorithm as a large system of multivariate algebraic equations (typically over F2), which can be solved to recover the secret key. Efficient algorithms for solving such algebraic systems are therefore the essential ingredients of algebraic attacks. Algebraic cryptanalysis against symmetric primitives has recently received much attention from the cryptographic community, particularly after it was proposed against some LFSR- based stream ciphers and against the AES and Serpent block ciphers. This is currently a very active area of research. In this report we discuss the basic principles of algebraic cryptanalysis of stream ciphers and block ciphers, and review the latest developments in the field. We give an overview of the construction of such attacks against both types of primitives, and recall the main algorithms for solving algebraic systems. Finally we discuss future research directions

Design of binary weighted DAC for asynchronous ADC with improved slew rate and with calibrated size of capacitors

This work proposed a binary-weighted Digital-to-Analog Converter (DAC), which is designed to be used in Asynchronous successive approximation register (SAR) based Analog-to-digital converters (ADCs) specifically and in other relevant operations .The design has yielded an improved slew rate, and it is less prone to noise as the size of capacitors is taken in accordance with KT/C noise calculation. For achieving all mentioned goals, and to restrict the size of DAC, within suitable dimensions charge scaling DACs are used. One more advantage of this design is its accuracy, further it does not require op-Amps for its operation. Results of statistical simulation and mathematical consideration are published which depicts the supremacy of the design. A high-resolution DAC designed for this specific purpose has to have special consideration for the effect of local mismatch, parasitic and matching of the capacitors, for that, the common-centroid approach has been followed. This design has displayed a high resolution with small unit capacitances and that too without expensive factory calibration