Affine-Power S-Boxes over Galois Fields with Area-Optimized Logic Implementations

Cryptographic S-boxes are fundamental in key-iterated sub- stitution permutation network (SPN) designs for block ciphers. As a natural way for realizing Shannon’s confusion and diffusion properties in cryptographic primitives through nonlinear and linear behavior, re- spectively, SPN designs served as the basis for the Advanced Encryption Standard and a variety of other block ciphers. In this work we present a methodology for minimizing the logic resources for n-bit affine-power S- boxes over Galois fields based on measurable security properties and find- ing corresponding area-efficient combinational implementations in hard- ware. Motivated by the potential need for new and larger S-boxes, we use our methodology to find area-optimized circuits for 8- and 16-bit S-boxes. Our methodology is capable of finding good upper bounds on the number of XOR and AND gate equivalents needed for these circuits, which can be further optimized using modern CAD tools

Flexible HLS-Based Implementation of the Karatsuba Multiplier Targeting Homomorphic Encryption Schemes

Custom accelerators for high-precision integer arithmetic are increasingly used in compute-intensive applications, in particular homomorphic encryption schemes. This work seeks to advance a strategy for faster deployment of these accelerators using the process of high-level synthesis (HLS). Insights from existing number theory software libraries and custom hardware accelerators are used to develop a scalable implementation of Karatsuba modular polynomial multiplication. The accelerator generated from this implementation by the high-level synthesis tool Vivado HLS achieves significant speedup over the implementations available in the highly-optimized FLINT software library. This is an important first step towards a larger goal of enabling HLS-based homomorphic encryption in the cloud

Array-Based Statistical Analysis of the MK-3 Authenticated Encryption Scheme

Authenticated encryption (AE) schemes are symmetric key cryptographic methods that support confidentiality, integrity and source authentication. There are many AE algorithms in existence today, in part thanks to the CAESAR competition for authenticated encryption, which is in its final stage. In our previous work we introduced a novel AE algorithm MK-3 (not part of the CAESAR competition), which is based on the duplex sponge construction and it is using novel large 16×16 AES-like S-boxes. Unlike most AE schemes, MK-3 scheme provides additional customization features for users who desire unique solutions. This makes it well suited for government and military applications. In this paper, we develop a new array- based statistical analysis approach to evaluate randomness of cryptographic primitives and show its effectiveness in the analysis of MK-3. One of the strengths of this method is that it focuses on the randomness of cryptographic primitive function rather than only on the randomness of the outpu

Customizable Sponge-Based Authenticated Encryption Using 16-bit S-boxes

Authenticated encryption (AE) is a symmetric key cryptographic scheme that aims to provide both confidentiality and data integrity. There are many AE algorithms in existence today. However, they are often far from ideal in terms of efficiency and ease of use. For this reason, there is ongoing effort to develop new AE algorithms that are secure, efficient, and easy to use. The sponge construction is a relatively new cryptographic primitive that has gained popularity since the sponge-based K ECCAK algorithm won the SHA-3 hashing competition. The duplex construction, which is closely related to the sponge, pro- vides promising potential for secure and efficient authenticated encryption. In this paper we introduce a novel authenticated encryption algorithm based on the duplex construction that is targeted for hardware implementation. We provide explicit customization guidelines for users who desire unique authenticated encryption solutions within our security margins. Our substitution step uses 16 × 16 AES-like S-boxes which are novel because they are the largest bijective S-boxes to be used by an encryption scheme in the literature and are still efficiently implementable in both hardware and software

Customization Modes for the Harris MK-3 Authenticated Encryption Algorithm

MK-3 is a new proprietary authenticated encryption algorithm based on the duplex sponge construction. To provide security autonomy capability, such that different users can have sovereign variants of the encryption algorithm, MK-3 is designed to be customizable. Two levels of customization are supported, Factory Customization and Field Customization. Customization is done by modifying functions and function parameters in the algorithm to yield differing cipher functions while preserving the algorithm’s security. This paper describes the MK-3 algorithm’s customization options and discusses results of testing designed to verify security autonomy among the customized variants

Exploring the Application of Homomorphic Encryption to a Cross Domain Solution

A Cross Domain Solution (CDS) is a means of secure information exchange that provides the ability to access or transfer digital data between varying security domains. Most existing CDS methods focus on risk management policies that rely on using protected or trusted parties to process the information in order to solve this problem. A CDS that is able to function in the presence of untrusted parties is a challenge. We apply the concepts of homomorphic encryption (HE) to explore a new solution to the CDS problem. We built a practical software case study application using the Yet Another Somewhat Homomorphic Encryption Scheme (YASHE) around the specific challenge of evaluating the gateway bypass condition on encrypted data. We assess the feasibility of such an application through performance and memory profiling in order to find a parameter selection that ensures proper homomorphic evaluation. The correctness of the application was assured for 64-, 72-, 96-, and 128-bit security parameter selections of YASHE resulting in high latency performance. The computing time required by our proof-of-concept implementation may be high but this approach allows the manual process employed in current systems to be eliminated

Spaceborne Hybrid-FPGA System for Processing FTIR Data

Progress has been made in a continuing effort to develop a spaceborne computer system for processing readout data from a Fourier-transform infrared (FTIR) spectrometer to reduce the volume of data transmitted to Earth. The approach followed in this effort, oriented toward reducing design time and reducing the size and weight of the spectrometer electronics, has been to exploit the versatility of recently developed hybrid field-programmable gate arrays (FPGAs) to run diverse software on embedded processors while also taking advantage of the reconfigurable hardware resources of the FPGAs