Block Ciphers - Focus On The Linear Layer (feat. PRIDE): Full Version

The linear layer is a core component in any substitution-permutation network block cipher. Its design significantly influences both the security and the efficiency of the resulting block cipher. Surprisingly, not many general constructions are known that allow to choose trade-offs between security and efficiency. Especially, when compared to Sboxes, it seems that the linear layer is crucially understudied. In this paper, we propose a general methodology to construct good, sometimes optimal, linear layers allowing for a large variety of trade-offs. We give several instances of our construction and on top underline its value by presenting a new block cipher. PRIDE is optimized for 8-bit micro-controllers and significantly outperforms all academic solutions both in terms of code size and cycle count

IPSec uygulamaları için küçük alanlı kriptografik işlemci.

A compact cryptographic processor with custom integrated cryptographic coprocessors is designed and implemented. The processor is mainly aimed for IPSec applications, which require intense processing power for cryptographic operations. In the present design, this processing power is achieved via the custom cryptographic coprocessors. These are an AES engine, a SHA-1 engine and a Montgomery modular multiplier, which are connected to the main processor core through a generic flexible interface. The processor core is fully compatible with Zylin Processor Unit (ZPU) instruction set, allowing the use of ZPU toolchain. A minimum set of required instructions is implemented in hardware, while the rest of the instructions are emulated in software. The functionality of the cryptographic processor and its suitability for IPSec applications are demonstrated through implementation of sample IPSec protocols in C-code, which is compiled into machine code and run on the processor. The resultant processor, together with the sample codes, presents a pilot platform for the demonstration of hardware/software co-design and performance evaluation of IPSec protocols and components.M.S. - Master of Scienc

Resource-efficient cryptography for ubiquitous computing

In dieser Arbeit adressieren wir das Thema Sicherheit im Ubiquitous Computing mittels Ressourcen-effizienter Kryptographie. Angesichts unserer ersten Untersuchungen von bestehenden Primitiven schlagen wir eine Blockchiffre (PRINCE) vor, die besonders wenig Chipfläche und Ausführungszeit benötigt. Danach zielen wir auf Softwareimplementierungen. Der erste Schritt in diese Richtung ist ein Hardware/Software Codesign genannt NLU ISE, das sich an den Atmel 8-Bit-AVR-Befehlssatz richtet. Danach definieren wir eine weitere neue Chiffre (PRIDE), optimiert für den Einsatz in Software.In this thesis, we aim to provide new resource-efficient cryptographic solutions for constrained devices. In the light of our initial investigations on existing primitives, we first propose a low-latency and low-area lightweight block cipher named PRINCE. Following PRINCE, we change our direction to the software side. As a first step, we come up with a HW/SW co-design approach, namely NLU ISE, which targets Atmel's 8-bit AVR instruction set. After that, we extend our approach on the primitive design side and we define the software-oriented lightweight cipher named PRIDE

A Pipelined Camellia Architecture for Compact Hardware Implementation

In this paper, we present a compact and fast pipelined implementation of the block cipher Camellia for 128-bit data and 128-bit key lengths. The implementation is suitable for both Field Programmable Gate Array (FPGA) and Application Specific Integrated Circuit (ASIC) platforms, and is targeted for low area and low power applications. To obtain a compact design, pipelining principles are exploited and platform specific optimizations are made. The design requires only 321 slices with a throughput of 32.96 Mbps based on Xilinx Spartan-S XC3S50-5 chip and 4.31K gates with a throughput of 81 Mbps based on 0.13-mu m CMOS standard cell library

A Pipelined Camellia Architecture for Compact Hardware Implementation

Abstract—In this paper, we present a compact and fast pipelined implementation of the block cipher Camellia for 128-bit data and 128-bit key lengths. The implementation is suitable for both Field Programmable Gate Array (FPGA) and Application Specific Integrated Circuit (ASIC) platforms, and is targeted for low area and low power applications. To obtain a compact design, pipelining principles are exploited and platform specific optimizations are made. The design requires only 321 slices with a throughput of 32.96 Mbps based on Xilinx Spartan-S XC3S50-5 chip and 4.31K gates with a throughput of 81 Mbps based on 0.13-�m CMOS standard cell library. Keywords-Camellia; block cipher; FPGA; ASIC; efficient implementation; cryptography; cryptographic hardwar

A Survey on Authenticated Encryption -- ASIC Designer\u27s Perspective

Authenticated encryption (AE) has been a vital operation in cryptography due to its ability to provide confidentiality, integrity, and authenticity at the same time. Its use has soared in parallel with widespread use of the Internet and has led to several new schemes. There have been studies investigating software performance of various schemes. However, the same is yet to be done for hardware. We present a comprehensive survey of hardware (specifically ASIC) performance of the most commonly used AE schemes in the literature. These schemes include encrypt-then-MAC combination, block cipher based AE modes, and the recently-introduced permutation-based AE scheme. For completeness, we implemented each scheme with various standardized block ciphers and/or hash algorithms, and their lightweight versions. Our evaluation targets minimizing the time-area product while maximizing the throughput on an ASIC platform. We used 45nm NANGATE Open Cell Library for syntheses. We present area, speed, time-area product, throughput, and power figures for both standard and lightweight versions of each scheme. We also provide an unbiased discussion on the impact of the structure and complexity of each scheme on hardware implementation. Our results reveal 13-30% performance boost in permutation-based AE compared to conventional schemes and they can be used as a benchmark in the ongoing AE competition CAESAR

2011 Workshop on Lightweight Security & Privacy: Devices, Protocols, and Applications Towards an Ultra Lightweight Crypto Processor

Abstract—In this paper, a lightweight processor suitable for lightweight cryptographic applications is presented. The processor instruction set is based on the stack-based ZPU architecture. In addition, a simple generic plug-in interface is implemented in order to allow integration of application specific coprocessors to the main processor core. In the current version of the processor, a simple direct memory access engine and a serialized Klein cipher coprocessor are implemented and connected to the processor core. Through these engines, it is possible to implement various lightweight security and authentication schemes in a code and area effective way. A simple assembler code is written and tested on the processor in order to verify the functionality of the processor core and coprocessors. The code implements a Davies-Meyer coding scheme and uses the Klein block cipher as a hash function. The GCC toolset originally written for the 32-bit ZPU is being adapted to work with the 8-bit processor core. The designed processor is synthesized using VeriSilicon GSMC 0.13um lowpower process high-density standard cell library for a target operating frequency of 100 KHz, and the resultant gate count is 4.5K GE. Keywords-lightweight; cryptographic; ZPU; processor; Klein I

Invited paper: a scalable hardware/software co-design approach for efficient polynomial multiplication

Polynomial multiplication is a fundamental operation in security and cryptography applications. However, traditional polynomial multiplication algorithms suffer from high computational complexity and memory bandwidth requirements, limiting their scalability and efficiency. In this work, we propose a new approach that leverages hardware acceleration and software optimization techniques to achieve high performance and scalability while minimizing memory requirements. Our approach uses custom lightweight hardware instructions to perform the computationally intensive parts of the multiplication, while the software manages data movement and communication between the hardware and main memory. We demonstrate the effectiveness of our approach on TMVP-based polynomial multiplication algorithm. The proposed design can be easily customized to target different hardware platforms and polynomial sizes, making it a promising solution for a wide range of applications.</p

Towards Secure Composition of Integrated Circuits and Electronic Systems: On the Role of EDA

International audienceModern electronic systems become evermore complex, yet remain modular, with integrated circuits (ICs) acting asversatile hardware components at their heart. Electronic design automation (EDA) for ICs has focused traditionally on power, performance, and area. However, given the rise of hardwarecentric security threats, we believe that EDA must also adopt related notions like secure by design and secure composition of hardware. Despite various promising studies, we argue that some aspects still require more efforts, for example: effective means for compilation of assumptions and constraints for security schemes, all the way from the system level down to the “bare metal”; modeling, evaluation, and consideration of securityrelevant metrics; or automated and holistic synthesis of various countermeasures, without inducing negative cross-effects. In this paper, we first introduce hardware security for the EDA community. Next we review prior (academic) art for EDA-driven security evaluation and implementation of countermeasures. We then discuss strategies and challenges for advancing research and development toward secure composition of circuits and systems