Optimized Hardware Implementations of Lightweight Cryptography

Radio frequency identification (RFID) is a key technology for the Internet of Things era. One important advantage of RFID over barcodes is that line-of-sight is not required between readers and tags. Therefore, it is widely used to perform automatic and unique identification of objects in various applications, such as product tracking, supply chain management, and animal identification. Due to the vulnerabilities of wireless communication between RFID readers and tags, security and privacy issues are significant challenges. The most popular passive RFID protocol is the Electronic Product Code (EPC) standard. EPC tags have many constraints on power consumption, memory, and computing capability. The field of lightweight cryptography was created to provide secure, compact, and flexible algorithms and protocols suitable for applications where the traditional cryptographic primitives, such as AES, are impractical. In these lightweight algorithms, tradeoffs are made between security, area/power consumption, and throughput. In this thesis, we focus on the hardware implementations and optimizations of lightweight cryptography and present the Simeck block cipher family, the WG-8 stream cipher, the Warbler pseudorandom number generator (PRNG), and the WGLCE cryptographic engine. Simeck is a new family of lightweight block ciphers. Simeck takes advantage of the good components and design ideas of the Simon and Speck block ciphers and it has three instances with different block and key sizes. We provide an extensive exploration of different hardware architectures in ASICs and show that Simeck is smaller than Simon in terms of area and power consumption. For the WG-8 stream cipher, we explore four different approaches for the WG transformation module, where one takes advantage of constant arrays and the other three benefit from the tower field constructions of the finite field \F_{2^8} and also efficient basis conversion matrices. The results in FPGA and ASICs show that the constant arrays based method is the best option. We also propose a hybrid design to improve the throughput with a little additional hardware. For the Warbler PRNG, we present the first detailed and smallest hardware implementations and optimizations. The results in ASICs show that the area of Warbler with throughput of 1 bit per 5 clock cycles (1/5 bpc) is smaller than that of other PRNGs and is in fact smaller than that of most of the lightweight primitives. We also optimize and improve the throughput from 1/5 bpc to 1 bpc with a little additional area and power consumption. Finally, we propose a cryptographic engine WGLCE for passive RFID systems. We merge the Warbler PRNG and WG-5 stream cipher together by reusing the finite state machine for both of them. Therefore, WGLCE can provide data confidentiality and generate pseudorandom numbers. After investigating the design rationales and hardware architectures, our results in ASICs show that WGLCE meets the constraints of passive RFID systems

Jasmonic acid glucoside-mediated motor cell shrinkage via ROS production and its structure-activity relationship studies

要約のみTohoku University上田実課

Efficient Hardware Implementations of the Warbler Pseudorandom Number Generator

Pseudorandom number generators (PRNGs) are very important for EPC Class 1 Generation 2 (EPC C1 G2) Radio Frequency Identification (RFID) systems. A PRNG is able to provide a 16-bit random number that is used in many commands of the EPC C1 G2 standard, and it can also be used in future security extensions of the EPC C1 G2 standard, such as mutual authentication protocols between the readers and tags. In this paper, we investigate efficient ASIC hardware implementations of Warbler (a lightweight PRNG), and demonstrate that Warbler can meet the area and power consumption requirements in passive RFID systems. Warbler is built upon three nonlinear feedback shift registers (NLFSRs) and four WG-5 transformation modules. We employ two design options to implement Warbler and three different compilation methods to further optimize the area, maximum operating frequency, and power consumption. We can achieve an area of 498 GEs after the place and route phase in a CMOS 65nm ASIC, with a maximum frequency of 1430 MHz and a total power consumption of 1.239uW at 100 KHz. Accordingly, an area of 534 GEs after the place and route phase, with a maximum frequency of 250 MHz and a total power consumption of 0.296 uW at 100 KHz can be obtained in a CMOS 130nm ASIC. Our results show that the LFSR counter based design is better than the binary counter-based one in terms of area and power consumption. In addition, we show that the areas of WG-5 transformation look-up tables depend on the specific decimation values

The Simeck Family of Lightweight Block Ciphers

Two lightweight block cipher families, SIMON and SPECK, have been proposed by researchers from the NSA recently. In this paper, we introduce Simeck, a new family of lightweight block ciphers that combines the good design components from both SIMON and SPECK, in order to devise even more compact and efficient block ciphers. For Simeck32/64, we can achieve 505 GEs (before the Place and Route phase) and 549 GEs (after the Place and Route phase), with the power consumption of 0.417 $\mu W$ in CMOS 130nm ASIC, and 454 GEs (before the Place and Route phase) and 488 GEs (after the Place and Route phase), with the power consumption of 1.292 $\mu W$ in CMOS 65nm ASIC. Furthermore, all of the instances of Simeck are smaller than the ones of hardware-optimized cipher SIMON in terms of area and power consumption in both CMOS 130nm and CMOS 65nm techniques. In addition, we also give the security evaluation of Simeck with respect to many traditional cryptanalysis methods, including differential attacks, linear attacks, impossible differential attacks, meet-in-the-middle attacks, and slide attacks. Overall, all of the instances of Simeck can satisfy the area, power, and throughput requirements in passive RFID tags

Spontaneous breaking and re-making of the RS-Au-SR staple in self-assembled ethylthiolate/Au(111) interface

The stability of the self-assembled RS–Au–SR (R = CH₂CH₃)/Au­(111) interface at room temperature has been investigated using scanning tunneling microscopy (STM) in conjunction with density functional theory (DFT) and MD calculations. The RS–Au–SR staple, also known as Au-adatom-dithiolate, assembles into staple rows along the [112̅] direction. STM imaging reveals that while the staple rows are able to maintain a static global structure, individual staples within the row are subjected to constant breaking and remaking of the Au–SR bond. The C₂S–Au–SC₂/Au­(111) interface is under a dynamic equilibrium and it is far from rigid. DFT/MD calculations show that a transient RS–Au–Au–SR complex can be formed when a free Au atom is added to the RS–Au–SR staple. The relatively high reactivity of the RS–Au–SR staple at room temperature could explain the reactivity of thiolate-protected Au nanoclusters, such as their ability to participate in ligand exchange and intercluster reactions

Mathematical Model and Analysis of Negative Skin Friction of Pile Group in Consolidating Soil

In order to calculate negative skin friction (NSF) of pile group embedded in a consolidating soil, the dragload calculating formulas of single pile were established by considering Davis one-dimensional nonlinear consolidation soils settlement and hyperbolic load-transfer of pile-soil interface. Based on effective influence area theory, a simple semiempirical mathematical model of analysis for predicting the group effect of pile group under dragload was described. The accuracy and reliability of mathematical models built in this paper were verified by practical engineering comparative analysis. Case studies were studied, and the prediction values were found to be in good agreement with those of measured values. Then, the influences factors, such as, soil consolidation degree, the initial volume compressibility coefficient, and the stiffness of bearing soil, were analyzed and discussed. The results show that the mathematical models considering nonlinear soil consolidation and group effect can reflect the practical NSF of pile group effectively and accurately. The results of this paper can provide reference for practical pile group embedded in consolidating soil under NSF design and calculation

sLiSCP: Simeck-based Permutations for Lightweight Sponge Cryptographic Primitives

In this paper, we propose a family of lightweight cryptographic permutations called sLiSCP, with the sole aim to provide a realistic minimal design}that suits a variety of lightweight device applications. More precisely, we argue that for such devices the chip area dedicated for security purposes should, not only be consumed by an encryption or hashing algorithm, but also provide as many cryptographic functionalities as possible. Our main contribution is the design of a lightweight permutation employing a 4-subblock Type-2 Generalized-like Structure (GFS) and round-reduced unkeyed Simeck with either 48 or 64-bit block length as the two round functions, thus resulting in two lightweight instances of the permutation, sLiSCP-192 and sLiSCP-256. We leverage the extensive security analysis on both Simeck (Simon-like functions) and Type-2 GFSs and present bounds against differential and linear cryptanalysis. In particular, we provide an estimation on the maximum differential probability of the round-reduced Simeck and use it for bounding the maximum expected differential/linear characteristic probability for our permutation. Due to the iterated nature of the Simeck round function and the simple XOR and cyclic shift mixing layer of the GFS that fosters the propagation of long trails, the long trail strategy}is adopted to provide tighter bounds on both characteristics. Moreover, we analyze sLiSCP against a wide range of distinguishing attacks, and accordingly, claim that there exists no structural distinguishers for sLiSCP with a complexity below $2^{b/2}$ where $b$ is the state size. We demonstrate how sLiSCP can be used as a unified round function in the duplex sponge construction to build (authenticated) encryption and hashing functionalities. The parallel hardware implementation area of the unified duplex mode of sLiSCP-192 (resp. sLiSCP-256) in CMOS $65\,nm$ ASIC is 2289 (resp. 3039) GEs with a throughput of 29.62 (resp. 44.44) kbps, and their areas in CMOS $130\, nm$ are 2498 (resp. 3319) GEs

On correlation between canopy vegetation and growth indexes of maize varieties with different nitrogen efficiencies

Studying the canopy spectral reflection characteristics of different N-efficient maize varieties and analyzing the relationship between their growth indicators and spectral vegetation indices can help the breeding and application of N-efficient maize varieties. To achieve the optimal management of N fertilizer resources, developing N-efficient maize varieties is necessary. In this research, maize varieties, i.e., the low-N-efficient (Zhengdan 958, ZD958), the high-N efficient (Xianyu 335, XY335), the double-high varieties (Qiule 368, QL368), and the double inefficient-type varieties (Yudan 606 YD606), were used as materials. Results indicate that nitrogen fertilization significantly increased the vegetation indices NDVI, GNDVI, GOSAVI, and RVI of maize varieties with different nitrogen efficiencies. These findings were consistent with the performance of yield, dry matter mass, and leaf nitrogen content and were also found highest under both medium and high nitrogen conditions in the double-high variety QL368. The correlations of dry matter quality, leaf nitrogen content, yield, and vegetation indices (NDVI, GNDVI, RVI, and GOSAVI) at the filling stage of different N-efficient maize varieties were all highly significant and positive. In this relationship, the best effect was found at the filling stages, with correlation coefficients reaching 0.772–0.942, 0.774–0.970, 0754–0.960, and 0.800–0.960. The results showed that the yield, dry matter weight, and leaf nitrogen content of maize varieties with different nitrogen efficiencies increased first and then stabilized with the increase in the nitrogen application level in different periods, and the highest nitrogen application level of maize yield should be between 270 and 360 kg/hm2. At the filling stage, canopy vegetation index of maize varieties with different nitrogen efficiencies was positively correlated with yield, dry matter weight, and leaf nitrogen content, especially GNDVI and GOSAVI on the leaf nitrogen content. It can be used as a means to predict its growth index

Setting sodium targets for pre-packaged foods in China — an exploratory study

IntroductionSetting sodium targets for pre-packaged food has been a priority strategy for reducing population sodium intake. This study aims to explore the attitudes and considerations of researchers and key stakeholders toward implementing such policy in China.MethodsAn exploratory study comprising a survey and a focus group discussion was conducted among 27 purposively selected participants including 12 researchers, 5 consumers, 4 administrators, 3 industry association representatives and 3 food producers. The survey/discussion covered the key questions considered when developing/promoting sodium targets. Free-text responses were manually classified and summarized using thematic analysis.ResultsTwo-thirds of the participants supported target-setting policy. Researchers and administrators were most supportive, and food producers and associations were least supportive. Adapted WHO food categorization framework was well accepted to underpin target-setting to ensure international comparability and applicability for Chinese products. Maximum values were the most agreed target type. The WHO benchmarks were thought to be too ambitious to be feasible given the current food supply in China but can be regarded as long-term goals. Initially, a reduction of sodium content by 20% was mostly accepted to guide the development of maximum targets. Other recommendations included implementing a comprehensive strategy, strengthening research, engaging social resources, establishing a systematic monitoring/incentive system, maintaining a fair competitive environment, and developing a supportive information system. Target-setting policy was acceptable by most stakeholders and should be implemented alongside strategies to reduce discretionary salt use.DiscussionOur findings provide detailed guidance for the Chinese government when developing a target-setting strategy. The methods and results of this study also provide meaningful references for other countries to set sodium targets for pre-packaged foods and implement other salt reduction strategies simultaneously