Block Ciphers - Focus On The Linear Layer (feat. PRIDE): Full Version

The linear layer is a core component in any substitution-permutation network block cipher. Its design significantly influences both the security and the efficiency of the resulting block cipher. Surprisingly, not many general constructions are known that allow to choose trade-offs between security and efficiency. Especially, when compared to Sboxes, it seems that the linear layer is crucially understudied. In this paper, we propose a general methodology to construct good, sometimes optimal, linear layers allowing for a large variety of trade-offs. We give several instances of our construction and on top underline its value by presenting a new block cipher. PRIDE is optimized for 8-bit micro-controllers and significantly outperforms all academic solutions both in terms of code size and cycle count

IPSec uygulamaları için küçük alanlı kriptografik işlemci.

A compact cryptographic processor with custom integrated cryptographic coprocessors is designed and implemented. The processor is mainly aimed for IPSec applications, which require intense processing power for cryptographic operations. In the present design, this processing power is achieved via the custom cryptographic coprocessors. These are an AES engine, a SHA-1 engine and a Montgomery modular multiplier, which are connected to the main processor core through a generic flexible interface. The processor core is fully compatible with Zylin Processor Unit (ZPU) instruction set, allowing the use of ZPU toolchain. A minimum set of required instructions is implemented in hardware, while the rest of the instructions are emulated in software. The functionality of the cryptographic processor and its suitability for IPSec applications are demonstrated through implementation of sample IPSec protocols in C-code, which is compiled into machine code and run on the processor. The resultant processor, together with the sample codes, presents a pilot platform for the demonstration of hardware/software co-design and performance evaluation of IPSec protocols and components.M.S. - Master of Scienc

Memory Encryption for Smart Cards

Part 5: Implementations and Hardware Security 2International audienceWith the latest advances in attack methods, it has become increasingly more difficult to secure data stored on smart cards, especially on non-volatile memories (NVMs), which may store sensitive information such as cryptographic keys or program code. Lightweight and low-latency cryptographic modules are a promising solution to this problem. In this study, memory encryption schemes using counter (CTR) and XOR-Encrypt-XOR (XEX) modes of operation are adapted for the target application, and utilized using various implementations of the block ciphers AES and PRESENT. Both schemes are implemented with a block cipher-based address scrambling scheme, as well as a special write counter scheme in order to extend the lifetime of the encryption key in CTR-mode. Using the lightweight cipher PRESENT, it is possible to implement a smart card NVM encryption scheme with less than 6K gate equivalents and zero additional latency

Resource-efficient cryptography for ubiquitous computing

In dieser Arbeit adressieren wir das Thema Sicherheit im Ubiquitous Computing mittels Ressourcen-effizienter Kryptographie. Angesichts unserer ersten Untersuchungen von bestehenden Primitiven schlagen wir eine Blockchiffre (PRINCE) vor, die besonders wenig Chipfläche und Ausführungszeit benötigt. Danach zielen wir auf Softwareimplementierungen. Der erste Schritt in diese Richtung ist ein Hardware/Software Codesign genannt NLU ISE, das sich an den Atmel 8-Bit-AVR-Befehlssatz richtet. Danach definieren wir eine weitere neue Chiffre (PRIDE), optimiert für den Einsatz in Software.In this thesis, we aim to provide new resource-efficient cryptographic solutions for constrained devices. In the light of our initial investigations on existing primitives, we first propose a low-latency and low-area lightweight block cipher named PRINCE. Following PRINCE, we change our direction to the software side. As a first step, we come up with a HW/SW co-design approach, namely NLU ISE, which targets Atmel's 8-bit AVR instruction set. After that, we extend our approach on the primitive design side and we define the software-oriented lightweight cipher named PRIDE

A Pipelined Camellia Architecture for Compact Hardware Implementation

In this paper, we present a compact and fast pipelined implementation of the block cipher Camellia for 128-bit data and 128-bit key lengths. The implementation is suitable for both Field Programmable Gate Array (FPGA) and Application Specific Integrated Circuit (ASIC) platforms, and is targeted for low area and low power applications. To obtain a compact design, pipelining principles are exploited and platform specific optimizations are made. The design requires only 321 slices with a throughput of 32.96 Mbps based on Xilinx Spartan-S XC3S50-5 chip and 4.31K gates with a throughput of 81 Mbps based on 0.13-mu m CMOS standard cell library

A Pipelined Camellia Architecture for Compact Hardware Implementation

Abstract—In this paper, we present a compact and fast pipelined implementation of the block cipher Camellia for 128-bit data and 128-bit key lengths. The implementation is suitable for both Field Programmable Gate Array (FPGA) and Application Specific Integrated Circuit (ASIC) platforms, and is targeted for low area and low power applications. To obtain a compact design, pipelining principles are exploited and platform specific optimizations are made. The design requires only 321 slices with a throughput of 32.96 Mbps based on Xilinx Spartan-S XC3S50-5 chip and 4.31K gates with a throughput of 81 Mbps based on 0.13-�m CMOS standard cell library. Keywords-Camellia; block cipher; FPGA; ASIC; efficient implementation; cryptography; cryptographic hardwar

A Survey on Authenticated Encryption -- ASIC Designer\u27s Perspective

Authenticated encryption (AE) has been a vital operation in cryptography due to its ability to provide confidentiality, integrity, and authenticity at the same time. Its use has soared in parallel with widespread use of the Internet and has led to several new schemes. There have been studies investigating software performance of various schemes. However, the same is yet to be done for hardware. We present a comprehensive survey of hardware (specifically ASIC) performance of the most commonly used AE schemes in the literature. These schemes include encrypt-then-MAC combination, block cipher based AE modes, and the recently-introduced permutation-based AE scheme. For completeness, we implemented each scheme with various standardized block ciphers and/or hash algorithms, and their lightweight versions. Our evaluation targets minimizing the time-area product while maximizing the throughput on an ASIC platform. We used 45nm NANGATE Open Cell Library for syntheses. We present area, speed, time-area product, throughput, and power figures for both standard and lightweight versions of each scheme. We also provide an unbiased discussion on the impact of the structure and complexity of each scheme on hardware implementation. Our results reveal 13-30% performance boost in permutation-based AE compared to conventional schemes and they can be used as a benchmark in the ongoing AE competition CAESAR

2011 Workshop on Lightweight Security & Privacy: Devices, Protocols, and Applications Towards an Ultra Lightweight Crypto Processor

Abstract—In this paper, a lightweight processor suitable for lightweight cryptographic applications is presented. The processor instruction set is based on the stack-based ZPU architecture. In addition, a simple generic plug-in interface is implemented in order to allow integration of application specific coprocessors to the main processor core. In the current version of the processor, a simple direct memory access engine and a serialized Klein cipher coprocessor are implemented and connected to the processor core. Through these engines, it is possible to implement various lightweight security and authentication schemes in a code and area effective way. A simple assembler code is written and tested on the processor in order to verify the functionality of the processor core and coprocessors. The code implements a Davies-Meyer coding scheme and uses the Klein block cipher as a hash function. The GCC toolset originally written for the 32-bit ZPU is being adapted to work with the 8-bit processor core. The designed processor is synthesized using VeriSilicon GSMC 0.13um lowpower process high-density standard cell library for a target operating frequency of 100 KHz, and the resultant gate count is 4.5K GE. Keywords-lightweight; cryptographic; ZPU; processor; Klein I

Invited paper: a scalable hardware/software co-design approach for efficient polynomial multiplication

Polynomial multiplication is a fundamental operation in security and cryptography applications. However, traditional polynomial multiplication algorithms suffer from high computational complexity and memory bandwidth requirements, limiting their scalability and efficiency. In this work, we propose a new approach that leverages hardware acceleration and software optimization techniques to achieve high performance and scalability while minimizing memory requirements. Our approach uses custom lightweight hardware instructions to perform the computationally intensive parts of the multiplication, while the software manages data movement and communication between the hardware and main memory. We demonstrate the effectiveness of our approach on TMVP-based polynomial multiplication algorithm. The proposed design can be easily customized to target different hardware platforms and polynomial sizes, making it a promising solution for a wide range of applications.</p