Automated Design Space Exploration and Datapath Synthesis for Finite Field Arithmetic with Applications to Lightweight Cryptography

Today, emerging technologies are reaching astronomical proportions. For example, the Internet of Things has numerous applications and consists of countless different devices using different technologies with different capabilities. But the one invariant is their connectivity. Consequently, secure communications, and cryptographic hardware as a means of providing them, are faced with new challenges. Cryptographic algorithms intended for hardware implementations must be designed with a good trade-off between implementation efficiency and sufficient cryptographic strength. Finite fields are widely used in cryptography. Examples of algorithm design choices related to finite field arithmetic are the field size, which arithmetic operations to use, how to represent the field elements, etc. As there are many parameters to be considered and analyzed, an automation framework is needed. This thesis proposes a framework for automated design, implementation and verification of finite field arithmetic hardware. The underlying motif throughout this work is “math meets hardware”. The automation framework is designed to bring the awareness of underlying mathematical structures to the hardware design flow. It is implemented in GAP, an open source computer algebra system that can work with finite fields and has symbolic computation capabilities. The framework is roughly divided into two phases, the architectural decisions and the automated design genera- tion. The architectural decisions phase supports parameter search and produces a list of candidates. The automated design generation phase is invoked for each candidate, and the generated VHDL files are passed on to conventional synthesis tools. The candidates and their implementation results form the design space, and the framework allows rapid design space exploration in a systematic way. In this thesis, design space exploration is focused on finite field arithmetic. Three distinctive features of the proposed framework are the structure of finite fields, tower field support, and on the fly submodule generation. Each finite field used in the design is represented as both a field and its corresponding vector space. It is easy for a designer to switch between fields and vector spaces, but strict distinction of the two is necessary for hierarchical designs. When an expression is defined over an extension field, the top-level module contains element signals and submodules for arithmetic operations on those signals. The submodules are generated with corresponding vector signals and the arithmetic operations are now performed on the coordinates. For tower fields, the submodules are generated for the subfield operations, and the design is generated in a top-down fashion. The binding of expressions to the appropriate finite fields or vector spaces and a set of customized methods allow the on the fly generation of expressions for implementation of arithmetic operations, and hence submodule generation. In the light of NIST Lightweight Cryptography Project (LWC), this work focuses mainly on small finite fields. The thesis illustrates the impact of hardware implementation results during the design process of WAGE, a Round 2 candidate in the NIST LWC standardization competition. WAGE is a hardware oriented authenticated encryption scheme. The parameter selection for WAGE was aimed at balancing the security and hardware implementation area, using hardware implementation results for many design decisions, for example field size, representation of field elements, etc. In the proposed framework, the components of WAGE are used as an example to illustrate different automation flows and demonstrate the design space exploration on a real-world algorithm

Hardware Implementations of the WG-16 Stream Cipher with Composite Field Arithmetic

The WG stream cipher family consists of stream ciphers based on the Welch-Gong (WG) transformations that are used as a nonlinear filter applied to the output of a linear feedback shift register (LFSR). The aim of this thesis is an exploration of the design space of the WG-16 stream cipher. Five different representations of the field elements were analyzed, namely the polynomial basis representation, the normal basis representation and three isomorphic tower field constructions of F216: F(((22)2)2)2, F(24)4 and F(28)2. Each design option begins with an in-depth description of different field constructions and their impact on the top-level WG transformation circuit. Normal basis representation of elements for each level of the tower was chosen for field constructions F(((22)2)2)2 and F(24)4, and a mixed basis, with polynomial basis for the lower and normal basis for the higher level of the tower for F(28)2. Representation of field elements affects the field arithmetic, which in turn affects the entire design. Targeting high throughput, pipelined architectures were developed, and pipelining was based on the particular field construction: each extension over the prime field offers a new pipelining possibility. Pipelining at a lower level of the tower field reduces the clock period. Most flexible pipelining options are possible for F(((22)2)2)2, a highly regular construction, which permits an algebraic optimization of the WG transformation resulting in two multiplications being removed. High speed, achieved by adequate pipelining granularity, and smaller area due to removed multipliers deem the F(((22)2)2)2 to be the most suitable field construction for the implementation of WG-16. The best WG-16 modules achieve a throughput of 222 Mbit/s with 476 slices used on the Xilinx Spartan-6 FPGA device xc6slx9 (using Xilinx Synthesis Tool (XST) for synthesis and ISE for implementation [47]) and a throughput of 529 Mbit/s with area cost of 12215 GEs for ASIC implementation, using the 65 nm CMOS technology (using Synopsys Design Compiler for synthesis [45] and Cadence SoC Encounter to complete the Place-and-Route phase)

Dal Teatro di Euripide Al Cinema di Pasolini: La Mise en Abyme Del Mito di Medea

Il mito di Medea continua a affascinare l’umanità, fin dall’antichità, soprattutto nella versione di Euripide. Si commentano composizioni artistiche che riprendono im mito di Medea e si analizza, in particolare, il rapporto Medea, Callas, Pasolini

Clostridium difficile genotypes other than ribotype 078 that are prevalent among human, animal and environmental isolates

<p>Abstract</p> <p>Background</p> <p>Characterising the overlap of <it>C. difficile </it>genotypes in different reservoirs can improve our understanding of possible transmission routes of this pathogen. Most of the studies have focused on a comparison of the PCR ribotype 078 isolated from humans and animals. Here we describe for the first time a comparison of <it>C. difficile </it>genotypes isolated during longer time intervals from different sources including humans, animals and the non-hospital environment.</p> <p>Results</p> <p>Altogether 786 isolates from time interval 2008-2010 were grouped into 90 PCR ribotypes and eleven of them were shared among all host types and the environment. Ribotypes that were most common in humans were also present in water and different animals (014/020, 002, 029). Interestingly, non-toxigenic isolates were very common in the environment (30.8%) in comparison to humans (6.5%) and animals (7.7%). A high degree of similarity was observed for human and animal isolates with PFGE. In human isolates resistance to erithromycin, clindamycin and moxifloxacin was detected, while all animal isolates were susceptible to all antibiotics tested.</p> <p>Conclusion</p> <p>Our results show that many other types in addition to PCR Ribotype 078 are shared between humans and animals and that the most prevalent genotypes in humans have the ability to survive also in the environment and several animal hosts. The genetic relatedness observed with PFGE suggests that transmission of given genotype from one reservoir to the other is likely to occur.</p

ASIC Benchmarking of Round 2 Candidates in the NIST Lightweight Cryptography Standardization Process

This report presents area, throughput, and energy results for synthesizing the NIST Lightweight Cryptography Round 2 candidates on five ASIC cell libraries using two different synthesis tool suites

Correlation Power Analysis and Higher-order Masking Implementation of WAGE

WAGE is a hardware-oriented authenticated cipher, which has the smallest (unprotected) hardware cost (for 128-bit security level) among the round 2 candidates of the NIST lightweight cryptography (LWC) competition. In this work, we analyze the security of WAGE against the correlation power analysis (CPA) on ARM Cortex-M4F microcontroller. Our attack detects the secret key leakage from power consumption for up to 12 (out of 111) rounds of the WAGE permutation and requires 10,000 power traces to recover the 128-bit secret key. Motivated by the CPA attack and the low hardware cost of WAGE, we propose the first optimized masking scheme of WAGE in the t-strong non-interference (SNI) security model. We investigate different masking schemes for S-boxes by exploiting their internal structures and leveraging the state-of-the-art masking techniques.To practically demonstrate the effectiveness of masking, we perform the test vector leakage assessment on the 1-order masked WAGE. We evaluate the hardware performance of WAGE for 1, 2, and 3-order security and provide a comparison with other NIST LWC round 2 candidates

A Water Stress–Tolerant Pepper Rootstock Improves the Behavior of Pepper Plants under Deficit Irrigation through Root Biomass Distribution and Physiological Adaptation

The use of rootstocks tolerant to water stress in pepper crops is a complementary technique for saving irrigation water without affecting yields by means of particular rootstock physiological traits, which changes the scion’s perception stress. The present study aimed to analyze the morphological and physiological adaptation of the ‘Cuerno’ pepper cultivar grafted onto tolerant rootstock NIBER® subjected to capacitance sensor-based deficit irrigation. The stomatal conductance, relative water content and leaf water potential parameters were used to confirm the degree of crop stress. Leaf dry weight and root volume were higher in the grafted plants under the control irrigation and stress treatment conditions. Total fresh root biomass and root volume percentage of grafted plants under water stress were 24% and 33% higher, respectively, than the ungrafted plants. The grafted plants subjected to both water stress and control conditions had a higher marketable production than the ungrafted plants. The higher yields obtained using tolerant rootstocks were explained by the reduced blossom-end rot incidence