FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware
Size: px
Start display at page:

Download "FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware"

Transcription

1 FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware Begül Bilgin, Andrey Bogdanov, Miroslav Knežević, Florian Mendel, and Qingju Wang DIAC 2013, Chicago 1

2 Side Channel Resistance 2

3 Side Channel Resistance The Game... 2

4 Side Channel Resistance The Game... Mathematically secure crypto algorithms 2

5 Side Channel Resistance The Game... Mathematically secure crypto algorithms AES, RSA, Keccak, OCB, 2

6 Side Channel Resistance The Game... Mathematically secure crypto algorithms AES, RSA, Keccak, OCB, Weak implementation 2

7 Side Channel Resistance The Game... Mathematically secure crypto algorithms AES, RSA, Keccak, OCB, Weak implementation 2

8 Side Channel Resistance The Game... Mathematically secure crypto algorithms AES, RSA, Keccak, OCB, Weak implementation Dependency between power consumption and intermediate value (depends on the key) 2

9 Side Channel Resistance 3

10 Side Channel Resistance x Change the key frequently 3

11 Side Channel Resistance x Change the key frequently x Equalize power consumption 3

12 Side Channel Resistance x Change the key frequently x Equalize power consumption Randomize power consumption 3

13 Side Channel Resistance x Change the key frequently x Equalize power consumption Randomize power consumption - Boolean masking 3

14 Side Channel Resistance x Change the key frequently inp^m0 L out^m1 x Equalize power consumption m0 L m1 Randomize power consumption - Boolean masking 3

15 Side Channel Resistance x Change the key frequently x Equalize power consumption Randomize power consumption - Boolean masking 3

16 Side Channel Resistance x Change the key frequently inp^m0 S out^m1 x Equalize power consumption m0 S m1 Randomize power consumption - Boolean masking 3

17 Side Channel Resistance x Change the key frequently inp^m0 S out^m1 x Equalize power consumption m0 S m1 Randomize power consumption - Boolean masking - Multiplicative masking 3

18 Side Channel Resistance x Change the key frequently x Equalize power consumption Randomize power consumption - Boolean masking - Multiplicative masking 3

19 Side Channel Resistance x Change the key frequently x Equalize power consumption Randomize power consumption - Boolean masking - Multiplicative masking - Secret sharing e.g. Threshold Implementations [Nikova 11] 3

20 Side Channel Resistance x Change the key frequently inp^m0^m1 S out^m2^m3 x Equalize power consumption m0 S m2 Randomize power consumption - Boolean masking - Multiplicative masking m1 S m3 - Secret sharing e.g. Threshold Implementations [Nikova 11] 3

21 Side Channel Resistance 4

22 Side Channel Resistance Have the design 4

23 Side Channel Resistance Need efficient impl. Have the design 4

24 Side Channel Resistance Need efficient impl. Have the design Need secure impl. 4

25 Side Channel Resistance Need efficient impl. Have the design Need secure impl. 1 st Order Boolean Mask Multipl. Mask TI 2 nd Order SW?? Still efficient?? HW 4

26 Side Channel Resistance Need efficient impl. Have the design Need secure impl. 1 st Order Boolean Mask Multipl. Mask TI 2 nd Order SW Still efficient HW 5

27 Design - Structure a A 1 A 2 A v C 1 M 1 C u M u K N 16R R T K 0 6

28 Design - Structure a A 1 A 2 A v C 1 M 1 C u M u K N 16R R T K 0 - Similar to duplex sponge 6

29 Design - Structure a A 1 A 2 A v C 1 M 1 C u M u K N 16R R T K 0 - Similar to duplex sponge - Rounds are not keyed 6

30 Design - Structure a A 1 A 2 A v C 1 M 1 C u M u K N 16R R T K 0 - Similar to duplex sponge - Rounds are not keyed Online 6

31 Design - Structure a A 1 A 2 A v C 1 M 1 C u M u K N 16R R T K 0 - Similar to duplex sponge - Rounds are not keyed Online Single pass 6

32 Design - Structure a A 1 A 2 A v C 1 M 1 C u M u K N 16R R T K 0 - Similar to duplex sponge - Rounds are not keyed Online Single pass b k/n/t r FIDES FIDES

33 Design - Structure a A 1 A 2 A v C 1 M 1 C u M u K N 16R R T K 0 - Similar to duplex sponge - Rounds are not keyed Online Single pass b k/n/t r FIDES FIDES

34 Design - Structure a A 1 A 2 A v C 1 M 1 C u M u K N 16R R T K 0 - Similar to duplex sponge - Rounds are not keyed Online Single pass b k/n/t r FIDES FIDES

35 Design - Structure a A 1 A 2 A v C 1 M 1 C u M u K N 16R R T K 0 - Similar to duplex sponge - Rounds are not keyed Online Single pass b k/n/t r FIDES FIDES

36 Design - Structure State SubBytes ShiftRows MixColumns ConstantAddition 10

37 Design - Structure State SubBytes ShiftRows MixColumns ConstantAddition 11

38 Design - Structure State SubBytes ShiftRows MixColumns ConstantAddition 12

39 Design - Structure State SubBytes ShiftRows MixColumns ConstantAddition Almost MDS branch number is 4 13

40 Design - Structure State SubBytes ShiftRows MixColumns ConstantAddition 14

41 Design - S-boxes FIDES-80: 5-bit Almost Bent (AB) - - optimal resistance against differential & linear cryptanalysis degree 2 (two), 3(one), 4(one) FIDES-96: 6-bit Almost Perfect Nonlinear (APN) - optimal resistance against differential cryptanalysis - degree 4 15

42 Design - S-boxes FIDES-80: 5-bit Almost Bent (AB) - - optimal resistance against differential & linear cryptanalysis degree 2 (two), 3(one), 4(one) FIDES-96: 6-bit Almost Perfect Nonlinear (APN) - optimal resistance against differential cryptanalysis - degree 4 ++Low latency++ 15

43 Design - S-boxes FIDES-80: 5-bit Almost Bent (AB) - - optimal resistance against differential & linear cryptanalysis degree 2 (two), 3(one), 4(one) FIDES-96: 6-bit Almost Perfect Nonlinear (APN) - optimal resistance against differential cryptanalysis - degree 4 ++Low latency++ 15

44 Design - S-boxes FIDES-80: 5-bit Almost Bent (AB) - - optimal resistance against differential & linear cryptanalysis degree 2 (two), 3(one), 4(one) FIDES-96: 6-bit Almost Perfect Nonlinear (APN) - optimal resistance against differential cryptanalysis - degree 4 ++Low latency++ 16

45 Design - S-boxes 17

46 Design - S-boxes Affine Equivalent to AB permutation with degree 2 17

47 Design - S-boxes Affine Equivalent to AB permutation with degree 2 Unshared S-box Shared S-box # of S-boxes # of GE (UMC 180nm)

48 Design - S-boxes Affine Equivalent to AB permutation with degree 2 Unshared S-box Shared S-box # of S-boxes # of GE (UMC 180nm)

49 Design - S-boxes Affine Equivalent to AB permutation with degree 2 Unshared S-box Shared S-box # of S-boxes # of GE (UMC 180nm) Similar for APN 18

50 Security Analysis # # Active S-box rnd. any diff. zero diff

51 Security Analysis # # Active S-box rnd. any diff. zero diff Differential & Linear Cryptanalysis 19

52 Security Analysis # # Active S-box rnd. any diff. zero diff Differential & Linear Cryptanalysis 16 rounds: 2-4x48x2 =

53 Security Analysis # # Active S-box rnd. any diff. zero diff Differential & Linear Cryptanalysis 16 rounds: 2-4x48x2 = Collision Trails 19

54 Security Analysis # # Active S-box rnd. any diff. zero diff Differential & Linear Cryptanalysis 16 rounds: 2-4x48x2 = Collision Trails 16 rounds: 2-4x(48+48) =

55 Security Analysis # # Active S-box rnd. any diff. zero diff Differential & Linear Cryptanalysis 16 rounds: 2-4x48x2 = Collision Trails 16 rounds: 2-4x(48+48) = Impossible Differential 19

56 Security Analysis # # Active S-box rnd. any diff. zero diff Differential & Linear Cryptanalysis 16 rounds: 2-4x48x2 = Collision Trails 16 rounds: 2-4x(48+48) = Impossible Differential 9 rounds 19

57 Implementation - FIDES-S - FIDES-4S - FIDES-R - FIDES-T 20

58 Implementation - FIDES-S - FIDES-4S - FIDES-R - FIDES-T 21

59 Implementation - FIDES-S - FIDES-4S - FIDES-R - FIDES-T 21

60 Implementation - FIDES-S - FIDES-4S - FIDES-R - FIDES-T 21

61 Implementation - FIDES-S - FIDES-4S - FIDES-R - FIDES-T 21

62 Implementation - FIDES-S - FIDES-4S - FIDES-R - FIDES-T 21

63 Implementation - FIDES-S - FIDES-4S - FIDES-R - FIDES-T 22

64 Implementation - FIDES-S - FIDES-4S - FIDES-R - FIDES-T 23

65 Implementation - FIDES-S - FIDES-4S - FIDES-R - FIDES-T 23

66 Implementation - FIDES-S - FIDES-4S - FIDES-R - FIDES-T 23

67 Implementation - FIDES-S - FIDES-4S - FIDES-R - FIDES-T 23

68 Implementation - FIDES-S - FIDES-4S - FIDES-R - FIDES-T 23

69 Implementation - FIDES-S - FIDES-4S - FIDES-R - FIDES-T 24

70 Performance FIDES on Different Technologies Area in GE NXP 90nm NANGATE 45nm UMC 130nm FIDES-80-S FIDES-80-4S FIDES-80-R FIDES-80-T FIDES-96-S FIDES-96-4S FIDES-96-R FIDES-96-T 25

71 Performance FIDES-80 FIDES-96 ALE AES-CCM ASC-1 A ASC-1 B c-quark KECCAK-200-MD Hummingbird2 Throughput (kb/s) Area (GE) 26

72 Conclusion FIDES 27

73 Conclusion Lightweight AE - - less than 1500GE online, single-pass FIDES 27

74 Conclusion Lightweight AE - - less than 1500GE online, single-pass with Side Channel Resistance - TI less than 5000 GE FIDES 27

75 Conclusion Lightweight AE - - less than 1500GE online, single-pass with Side Channel Resistance - TI less than 5000 GE and 80-bit or 90-bit security FIDES - - AB and APN permutations almost MDS 27

76 THANK YOU! 28

Similar documents

Threshold Implementations. Svetla Nikova

Threshold Implementations. Svetla Nikova Threshold Implementations Svetla Nikova Threshold Implementations A provably secure countermeasure Against (first) order power analysis based on multi party computation and secret sharing 2 Outline Threshold

More information

Constructing TI-Friendly Substitution Boxes using Shift-Invariant Permutations. Si Gao, Arnab Roy, and Elisabeth Oswald

Constructing TI-Friendly Substitution Boxes using Shift-Invariant Permutations. Si Gao, Arnab Roy, and Elisabeth Oswald Constructing TI-Friendly Substitution Boxes using Shift-Invariant Permutations Si Gao, Arnab Roy, and Elisabeth Oswald Outline Introduction Design Philosophy Sbox Constructions Implementations Summary

More information

Time-Memory Trade-Offs for Side-Channel Resistant Implementations of Block Ciphers. Praveen Vadnala

Time-Memory Trade-Offs for Side-Channel Resistant Implementations of Block Ciphers. Praveen Vadnala Time-Memory Trade-Offs for Side-Channel Resistant Implementations of Block Ciphers Praveen Vadnala Differential Power Analysis Implementations of cryptographic systems leak Leaks from bit 1 and bit 0 are

More information

4. Design Principles of Block Ciphers and Differential Attacks

4. Design Principles of Block Ciphers and Differential Attacks 4. Design Principles of Block Ciphers and Differential Attacks Nonli near 28-bits Trans forma tion 28-bits Model of Block Ciphers @G. Gong A. Introduction to Block Ciphers A Block Cipher Algorithm: E and

More information

SHA-3 and permutation-based cryptography

SHA-3 and permutation-based cryptography SHA-3 and permutation-based cryptography Joan Daemen 1 Joint work with Guido Bertoni 1, Michaël Peeters 2 and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Crypto summer school Šibenik,

More information

Variety of scalable shuffling countermeasures against side channel attacks

Variety of scalable shuffling countermeasures against side channel attacks Variety of scalable shuffling countermeasures against side channel attacks Nikita Veshchikov, Stephane Fernandes Medeiros, Liran Lerman Department of computer sciences, Université libre de Bruxelles, Brussel,

More information

SIDE-CHANNEL attacks exploit the leaked physical information

SIDE-CHANNEL attacks exploit the leaked physical information 546 IEEE TRANSACTIONS ON CIRCUITS AND SYSTEMS II: EXPRESS BRIEFS, VOL. 57, NO. 7, JULY 2010 A Low Overhead DPA Countermeasure Circuit Based on Ring Oscillators Po-Chun Liu, Hsie-Chia Chang, Member, IEEE,

More information

Secret Key Systems (block encoding) Encrypting a small block of text (say 128 bits) General considerations for cipher design:

Secret Key Systems (block encoding) Encrypting a small block of text (say 128 bits) General considerations for cipher design: Secret Key Systems (block encoding) Encrypting a small block of text (say 128 bits) General considerations for cipher design: Secret Key Systems (block encoding) Encrypting a small block of text (say 128

More information

Conditional Cube Attack on Reduced-Round Keccak Sponge Function

Conditional Cube Attack on Reduced-Round Keccak Sponge Function Conditional Cube Attack on Reduced-Round Keccak Sponge Function Senyang Huang 1, Xiaoyun Wang 1,2,3, Guangwu Xu 4, Meiqin Wang 2,3, Jingyuan Zhao 5 1 Institute for Advanced Study, Tsinghua University,

More information

CESEL: Flexible Crypto Acceleration. Kevin Kiningham Dan Boneh, Mark Horowitz, Philip Levis

CESEL: Flexible Crypto Acceleration. Kevin Kiningham Dan Boneh, Mark Horowitz, Philip Levis CESEL: Flexible Crypto Acceleration Kevin Kiningham Dan Boneh, Mark Horowitz, Philip Levis Cryptography Mathematical operations to secure data Fundamental for building secure systems Computationally intensive:

More information

Side-Channel Leakage through Static Power

Side-Channel Leakage through Static Power Side-Channel Leakage through Static Power Should We Care about in Practice? Amir Moradi Horst Görtz Institute for IT Security, Ruhr University Bochum, Germany amir.moradi@rub.de Abstract. By shrinking

More information

Journal of Discrete Mathematical Sciences & Cryptography Vol. ( ), No., pp. 1 10

Journal of Discrete Mathematical Sciences & Cryptography Vol. ( ), No., pp. 1 10 Dynamic extended DES Yi-Shiung Yeh 1, I-Te Chen 2, Ting-Yu Huang 1, Chan-Chi Wang 1, 1 Department of Computer Science and Information Engineering National Chiao-Tung University 1001 Ta-Hsueh Road, HsinChu

More information

Dedicated Cryptanalysis of Lightweight Block Ciphers

Dedicated Cryptanalysis of Lightweight Block Ciphers Dedicated Cryptanalysis of Lightweight Block Ciphers María Naya-Plasencia INRIA, France Šibenik 2014 Outline Introduction Impossible Differential Attacks Meet-in-the-middle and improvements Multiple Differential

More information

OFDM Based Low Power Secured Communication using AES with Vedic Mathematics Technique for Military Applications

OFDM Based Low Power Secured Communication using AES with Vedic Mathematics Technique for Military Applications OFDM Based Low Power Secured Communication using AES with Vedic Mathematics Technique for Military Applications Elakkiya.V 1, Sharmila.S 2, Swathi Priya A.S 3, Vinodha.K 4 1,2,3,4 Department of Electronics

More information

From New Technologies to New Solutions: Exploiting FRAM Memories to Enhance Physical Security

From New Technologies to New Solutions: Exploiting FRAM Memories to Enhance Physical Security From New Technologies to New Solutions: Exploiting FRAM Memories to Enhance Physical Security Stéphanie Kerckhof, François-Xavier Standaert, Eric Peeters CARDIS 2013 November 2013 Microelectronics Laboratory

More information

Methodologies for power analysis attacks on hardware implementations of AES

Methodologies for power analysis attacks on hardware implementations of AES Rochester Institute of Technology RIT Scholar Works Theses Thesis/Dissertation Collections 8-1-2009 Methodologies for power analysis attacks on hardware implementations of AES Kenneth James Smith Follow

More information

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017 COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2017 Previously Pseudorandom Functions and Permutaitons Modes of Operation Pseudorandom Functions Functions that look like random

More information

Design of a High Throughput 128-bit AES (Rijndael Block Cipher)

Design of a High Throughput 128-bit AES (Rijndael Block Cipher) Design of a High Throughput 128-bit AES (Rijndael Block Cipher Tanzilur Rahman, Shengyi Pan, Qi Zhang Abstract In this paper a hardware implementation of a high throughput 128- bits Advanced Encryption

More information

Glitch-Free Implementation of Masking in Modern FPGAs

Glitch-Free Implementation of Masking in Modern FPGAs Glitch-Free Imementation of Masking in Modern FPGAs Amir Moradi and Oliver Mischke Horst Görtz Institute for IT Security, Ruhr University Bochum, Germany {moradi, mischke}@crypto.rub.de Abstract Due to

More information

Diffie-Hellman key-exchange protocol

Diffie-Hellman key-exchange protocol Diffie-Hellman key-exchange protocol This protocol allows two users to choose a common secret key, for DES or AES, say, while communicating over an insecure channel (with eavesdroppers). The two users

More information

DPA Leakage Models for CMOS Logic Circuits

DPA Leakage Models for CMOS Logic Circuits CHES 25 in Edinburgh DPA Leakage Models for CMOS Logic Circuits Daisuke Suzuki Minoru Saeki Mitsubishi Electric Corporation, Information Technology R&D Center Tetsuya Ichikawa Mitsubishi Electric Engineering

More information

CDMA Physical Layer Built-in Security Enhancement

CDMA Physical Layer Built-in Security Enhancement CDMA Physical Layer Built-in Security Enhancement Jian Ren Tongtong Li 220 Engineering Building Department of Electrical & Computer Engineering Michigan State University East Landing, MI 48864-226 Email:

More information

New Linear Cryptanalytic Results of Reduced-Round of CAST-128 and CAST-256

New Linear Cryptanalytic Results of Reduced-Round of CAST-128 and CAST-256 New Linear Cryptanalytic Results of Reduced-Round of CAST-28 and CAST-256 Meiqin Wang, Xiaoyun Wang, and Changhui Hu Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education,

More information

Power Analysis Attacks on SASEBO January 6, 2010

Power Analysis Attacks on SASEBO January 6, 2010 Power Analysis Attacks on SASEBO January 6, 2010 Research Center for Information Security, National Institute of Advanced Industrial Science and Technology Table of Contents Page 1. OVERVIEW... 1 2. POWER

More information

Some Cryptanalysis of the Block Cipher BCMPQ

Some Cryptanalysis of the Block Cipher BCMPQ Some Cryptanalysis of the Block Cipher BCMPQ V. Dimitrova, M. Kostadinoski, Z. Trajcheska, M. Petkovska and D. Buhov Faculty of Computer Science and Engineering Ss. Cyril and Methodius University, Skopje,

More information

Lightweight Mixcolumn Architecture for Advanced Encryption Standard

Lightweight Mixcolumn Architecture for Advanced Encryption Standard Volume 6 No., February 6 Lightweight Micolumn Architecture for Advanced Encryption Standard K.J. Jegadish Kumar Associate professor SSN college of engineering kalvakkam, Chennai-6 R. Balasubramanian Post

More information

Course Business. Harry. Hagrid. Homework 2 Due Now. Midterm is on March 1. Final Exam is Monday, May 1 (7 PM) Location: Right here

Course Business. Harry. Hagrid. Homework 2 Due Now. Midterm is on March 1. Final Exam is Monday, May 1 (7 PM) Location: Right here Course Business Homework 2 Due Now Midterm is on March 1 Final Exam is Monday, May 1 (7 PM) Location: Right here Harry Hagrid 1 Cryptography CS 555 Topic 17: DES, 3DES 2 Recap Goals for This Week: Practical

More information

A Block Cipher Based Pseudo Random Number Generator Secure against Side-Channel Key Recovery

A Block Cipher Based Pseudo Random Number Generator Secure against Side-Channel Key Recovery A Block Cipher Based Pseudo Random Number Generator Secure against Side-Channel Key Recovery Christophe Petit 1, François-Xavier Standaert 1, Olivier Pereira 1, Tal G. Malkin 2, Moti Yung 2 1, Université

More information

Generation of AES Key Dependent S-Boxes using RC4 Algorithm

Generation of AES Key Dependent S-Boxes using RC4 Algorithm 3 th International Conference on AEROSPACE SCIENCES & AVIATION TECHNOLOGY, ASAT- 3, May 26 28, 29, E-Mail: asat@mtc.edu.eg Military Technical College, Kory Elkoah, Cairo, Egypt Tel : +(22) 2425292 243638,

More information

Differential Cryptanalysis of REDOC III

Differential Cryptanalysis of REDOC III Differential Cryptanalysis of REDOC III Ken Shirriff Address: Sun Microsystems Labs, 2550 Garcia Ave., MS UMTV29-112, Mountain View, CA 94043. Ken.Shirriff@eng.sun.com Abstract: REDOC III is a recently-developed

More information

High Diffusion Cipher: Encryption and Error Correction in a Single Cryptographic Primitive

High Diffusion Cipher: Encryption and Error Correction in a Single Cryptographic Primitive High Diffusion Cipher: Encryption and Error Correction in a Single Cryptographic Primitive Chetan Nanjunda Mathur, Karthik Narayan and K.P. Subbalakshmi Department of Electrical and Computer Engineering

More information

Correlation Power Analysis of Lightweight Block Ciphers

Correlation Power Analysis of Lightweight Block Ciphers Correlation Power Analysis of Lightweight Block Ciphers From Theory to Practice Alex Biryukov Daniel Dinu Johann Großschädl SnT, University of Luxembourg ESC 2017 (University of Luxembourg) CPA of Lightweight

More information

Finding the key in the haystack

Finding the key in the haystack A practical guide to Differential Power hunz Zn000h AT gmail.com December 30, 2009 Introduction Setup Procedure Tunable parameters What s DPA? side channel attack introduced by Paul Kocher et al. 1998

More information

DATA SECURITY USING ADVANCED ENCRYPTION STANDARD (AES) IN RECONFIGURABLE HARDWARE FOR SDR BASED WIRELESS SYSTEMS

DATA SECURITY USING ADVANCED ENCRYPTION STANDARD (AES) IN RECONFIGURABLE HARDWARE FOR SDR BASED WIRELESS SYSTEMS INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 6367(Print) ISSN 0976 6375(Online)

More information

Lessons Learned from Designing a 65 nm ASIC for Third Round SHA-3 Candidates

Lessons Learned from Designing a 65 nm ASIC for Third Round SHA-3 Candidates Lessons Learned from Designing a 65 nm ASIC for Third Round SHA-3 Candidates Frank K. Gürkaynak, Kris Gaj, Beat Muheim, Ekawat Homsirikamol, Christoph Keller, Marcin Rogawski, Hubert Kaeslin, Jens-Peter

More information

Classical Cryptography

Classical Cryptography Classical Cryptography CS 6750 Lecture 1 September 10, 2009 Riccardo Pucella Goals of Classical Cryptography Alice wants to send message X to Bob Oscar is on the wire, listening to all communications Alice

More information

Meet-in-the-Middle Attacks on Reduced-Round Midori-64

Meet-in-the-Middle Attacks on Reduced-Round Midori-64 Meet-in-the-Middle Attacks on Reduced-Round Midori-64 Li Lin and Wenling Wu Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China

More information

The number theory behind cryptography

The number theory behind cryptography The University of Vermont May 16, 2017 What is cryptography? Cryptography is the practice and study of techniques for secure communication in the presence of adverse third parties. What is cryptography?

More information

Overview. The Big Picture... CSC 580 Cryptography and Computer Security. January 25, Math Basics for Cryptography

Overview. The Big Picture... CSC 580 Cryptography and Computer Security. January 25, Math Basics for Cryptography CSC 580 Cryptography and Computer Security Math Basics for Cryptography January 25, 2018 Overview Today: Math basics (Sections 2.1-2.3) To do before Tuesday: Complete HW1 problems Read Sections 3.1, 3.2

More information

Generic Attacks on Feistel Schemes

Generic Attacks on Feistel Schemes Generic Attacks on Feistel Schemes -Extended Version- Jacques Patarin PRiSM, University of Versailles, 45 av. des États-Unis, 78035 Versailles Cedex, France This paper is the extended version of the paper

More information

DES Data Encryption standard

DES Data Encryption standard DES Data Encryption standard DES was developed by IBM as a modification of an earlier system Lucifer DES was adopted as a standard in 1977 Was replaced only in 2001 with AES (Advanced Encryption Standard)

More information

Is Your Mobile Device Radiating Keys?

Is Your Mobile Device Radiating Keys? Is Your Mobile Device Radiating Keys? Benjamin Jun Gary Kenworthy Session ID: MBS-401 Session Classification: Intermediate Radiated Leakage You have probably heard of this before App Example of receiving

More information

Formal Hardware Verification: Theory Meets Practice

Formal Hardware Verification: Theory Meets Practice Formal Hardware Verification: Theory Meets Practice Dr. Carl Seger Senior Principal Engineer Tools, Flows and Method Group Server Division Intel Corp. June 24, 2015 1 Quiz 1 Small Numbers Order the following

More information

Hardware Bit-Mixers. Laszlo Hars January, 2016

Hardware Bit-Mixers. Laszlo Hars January, 2016 Hardware Bit-Mixers Laszlo Hars January, 2016 Abstract A new concept, the Bit-Mixer is introduced. It is a function of fixed, possibly different size of input and output, which computes statistically uncorrelated

More information

Lessons Learned from Designing a 65 nm ASIC for Third Round SHA-3 Candidates

Lessons Learned from Designing a 65 nm ASIC for Third Round SHA-3 Candidates Lessons Learned from Designing a 65 nm ASIC for Third Round SHA-3 Candidates Frank K. Gürkaynak, Kris Gaj, Beat Muheim, Ekawat Homsirikamol, Christoph Keller, Marcin Rogawski, Hubert Kaeslin, Jens-Peter

More information

An Architecture-Independent Instruction Shuffler to Protect against Side-Channel Attacks

An Architecture-Independent Instruction Shuffler to Protect against Side-Channel Attacks An Architecture-Independent Instruction Shuffler to Protect against Side-Channel Attacks ALI GALIP BAYRAK, NIKOLA VELICKOVIC, and PAOLO IENNE, Ecole Polytechnique Fédérale de Lausanne (EPFL) WAYNE BURLESON,

More information

JICE: Joint Data Compression and Encryption for Wireless Energy Auditing Networks

JICE: Joint Data Compression and Encryption for Wireless Energy Auditing Networks JICE: Joint Data Compression and Encryption for Wireless Energy Auditing Networks Sheng-Yuan Chiu 1,2, Hoang Hai Nguyen 1, Rui Tan 1, David K.Y. Yau 1,3,Deokwoo Jung 1 1 Advanced Digital Science Center,

More information

Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014

Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014 7 Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014 Cryptography studies techniques for secure communication in the presence of third parties. A typical

More information

DUBLIN CITY UNIVERSITY

DUBLIN CITY UNIVERSITY DUBLIN CITY UNIVERSITY SEMESTER ONE EXAMINATIONS 2013 MODULE: (Title & Code) CA642 Cryptography and Number Theory COURSE: M.Sc. in Security and Forensic Computing YEAR: 1 EXAMINERS: (Including Telephone

More information

Network Security: Secret Key Cryptography

Network Security: Secret Key Cryptography 1 Network Security: Secret Key Cryptography Henning Schulzrinne Columbia University, New York schulzrinne@cs.columbia.edu Columbia University, Fall 2000 cfl1999-2000, Henning Schulzrinne Last modified

More information

Generic Attacks on Feistel Schemes

Generic Attacks on Feistel Schemes Generic Attacks on Feistel Schemes Jacques Patarin 1, 1 CP8 Crypto Lab, SchlumbergerSema, 36-38 rue de la Princesse, BP 45, 78430 Louveciennes Cedex, France PRiSM, University of Versailles, 45 av. des

More information

Keywords: dynamic P-Box and S-box, modular calculations, prime numbers, key encryption, code breaking.

Keywords: dynamic P-Box and S-box, modular calculations, prime numbers, key encryption, code breaking. INTRODUCING DYNAMIC P-BOX AND S-BOX BASED ON MODULAR CALCULATION AND KEY ENCRYPTION FOR ADDING TO CURRENT CRYPTOGRAPHIC SYSTEMS AGAINST THE LINEAR AND DIFFERENTIAL CRYPTANALYSIS M. Zobeiri and B. Mazloom-Nezhad

More information

On Permutation Operations in Cipher Design

On Permutation Operations in Cipher Design On Permutation Operations in Cipher Design Ruby B. Lee, Z. J. Shi and Y. L. Yin Princeton University Department of Electrical Engineering B-218, Engineering Quadrangle Princeton, NJ 08544, U.S.A. Email:

More information

Voice Data Encryption AT Crypt One

Voice Data Encryption AT Crypt One Voice Data Encryption AT Crypt One Example: Customised Add-on Unit AT Crypt One-01 Add-on Unit for voice and data encryption AT Crypt One-02 Encryption Board for radio integration AT Crypt-03 Handset with

More information

Random Bit Generation and Stream Ciphers

Random Bit Generation and Stream Ciphers Random Bit Generation and Stream Ciphers Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 8-1 Overview 1.

More information

Permutation Operations in Block Ciphers

Permutation Operations in Block Ciphers Chapter I Permutation Operations in Block Ciphers R. B. Lee I.1, I.2,R.L.Rivest I.3,M.J.B.Robshaw I.4, Z. J. Shi I.2,Y.L.Yin I.2 New and emerging applications can change the mix of operations commonly

More information

Cryptanalysis on short messages encrypted with M-138 cipher machine

Cryptanalysis on short messages encrypted with M-138 cipher machine Cryptanalysis on short messages encrypted with M-138 cipher machine Tsonka Baicheva Miroslav Dimitrov Institute of Mathematics and Informatics Bulgarian Academy of Sciences 10-14 July, 2017 Sofia Introduction

More information

A low-cost UHF RFID tag chip with AES cryptography engine

A low-cost UHF RFID tag chip with AES cryptography engine SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks 214; 7:365 375 Published online 9 May 213 in Wiley Online Library (wileyonlinelibrary.com)..723 SPECIAL ISSUE PAPER A low-cost UHF RFID tag chip

More information

Smashing the Implementation Records of AES S-box

Smashing the Implementation Records of AES S-box Smashing the Implementation Records of AES S-box Arash Reyhani-Masoleh, Mostafa Taha, and Doaa Ashmawy Western University London, Ontario, Canada CHES-2018 1 Outline Introduction. Proposed AES S-box Architecture.

More information

Cryptology and Graph Theory

Cryptology and Graph Theory Cryptology and Graph Theory Jean-Jacques Quisquater jjq@dice.ucl.ac.be November 16, 2005 http://www.uclcrypto.org Mierlo, Netherlands Warning: Audience may be addicted by Powerpoint. Use with moderation.

More information

How cryptographic benchmarking goes wrong. Thanks to NIST 60NANB12D261 for funding this work, and for not reviewing these slides in advance.

How cryptographic benchmarking goes wrong. Thanks to NIST 60NANB12D261 for funding this work, and for not reviewing these slides in advance. How cryptographic benchmarking goes wrong 1 Daniel J. Bernstein Thanks to NIST 60NANB12D261 for funding this work, and for not reviewing these slides in advance. PRESERVE, ending 2015.06.30, was a European

More information

Cryptanalysis of HMAC/NMAC-Whirlpool

Cryptanalysis of HMAC/NMAC-Whirlpool Cryptanalysis of HMAC/NMAC-Whirlpool Jian Guo, Yu Sasaki, Lei Wang, Shuang Wu ASIACRYPT, Bangalore, India 4 December 2013 Talk Overview 1 Introduction HMAC and NMAC The Whirlpool Hash Function Motivation

More information

Understanding Cryptography: A Textbook For Students And Practitioners PDF

Understanding Cryptography: A Textbook For Students And Practitioners PDF Understanding Cryptography: A Textbook For Students And Practitioners PDF Cryptography is now ubiquitous â moving beyond the traditional environments, such as government communications and banking systems,

More information

Explaining Differential Fault Analysis on DES. Christophe Clavier Michael Tunstall

Explaining Differential Fault Analysis on DES. Christophe Clavier Michael Tunstall Explaining Differential Fault Analysis on DES Christophe Clavier Michael Tunstall 5/18/2006 References 2 Bull & Innovatron Patents Fault Injection Equipment: Laser 3 Bull & Innovatron Patents Fault Injection

More information

Advances in SCA and RF-DNA Fingerprinting Through Enhanced Linear Regression Attacks and Application of Random Forest Classifiers

Advances in SCA and RF-DNA Fingerprinting Through Enhanced Linear Regression Attacks and Application of Random Forest Classifiers Air Force Institute of Technology AFIT Scholar Theses and Dissertations 9-18-2014 Advances in SCA and RF-DNA Fingerprinting Through Enhanced Linear Regression Attacks and Application of Random Forest Classifiers

More information

Lecture 1: Introduction

Lecture 1: Introduction Lecture 1: Introduction Instructor: Omkant Pandey Spring 2018 (CSE390) Instructor: Omkant Pandey Lecture 1: Introduction Spring 2018 (CSE390) 1 / 13 Cryptography Most of us rely on cryptography everyday

More information

Power Analysis an overview. Agenda. Measuring power consumption. Measuring power consumption (2) Benedikt Gierlichs, KU Leuven - COSIC.

Power Analysis an overview. Agenda. Measuring power consumption. Measuring power consumption (2) Benedikt Gierlichs, KU Leuven - COSIC. Power Analysis an overview Agenda Benedikt Gierlichs KU Leuven COSIC, Belgium benedikt.gierlichs@esat.kuleuven.be Measurements Analysis Pre-processing Summer School on Design and security of cryptographic

More information

Lecture 1: Introduction to Digital System Design & Co-Design

Lecture 1: Introduction to Digital System Design & Co-Design Design & Co-design of Embedded Systems Lecture 1: Introduction to Digital System Design & Co-Design Computer Engineering Dept. Sharif University of Technology Winter-Spring 2008 Mehdi Modarressi Topics

More information

Evaluating a New Mac for Current and Next Generation Rfid

Evaluating a New Mac for Current and Next Generation Rfid University of Massachusetts Amherst ScholarWorks@UMass Amherst Masters Theses 1911 - February 2014 2010 Evaluating a New Mac for Current and Next Generation Rfid Serge Zhilyaev University of Massachusetts

More information

EFFICIENT ASIC ARCHITECTURE OF RSA CRYPTOSYSTEM

EFFICIENT ASIC ARCHITECTURE OF RSA CRYPTOSYSTEM EFFICIENT ASIC ARCHITECTURE OF RSA CRYPTOSYSTEM Varun Nehru 1 and H.S. Jattana 2 VLSI Design Division, Semi-Conductor Laboratory, Dept. of Space, S.A.S. Nagar. 1 nehruvarun@gmail.com, 2 hsj@scl.gov.in

More information

Atomic-AES: A Compact Implementation of the AES Encryption/Decryption Core

Atomic-AES: A Compact Implementation of the AES Encryption/Decryption Core Atomic-AES: A Compact Implementation of the AES Encryption/Decryption Core Subhadeep Banik 1, Andrey Bogdanov 2 and Francesco Regazzoni 3 1 Temasek Labs, Nanyang Technological University, Singapore bsubhadeep@ntu.edu.sg

More information

Evaluation of On-chip Decoupling Capacitor s Effect on AES Cryptographic Circuit

Evaluation of On-chip Decoupling Capacitor s Effect on AES Cryptographic Circuit R1-3 SASIMI 2013 Proceedings Evaluation of On-chip Decoupling Capacitor s Effect on AES Cryptographic Circuit Tsunato Nakai Mitsuru Shiozaki Takaya Kubota Takeshi Fujino Graduate School of Science and

More information

DETECTING POWER ATTACKS ON RECONFIGURABLE HARDWARE. Adrien Le Masle, Wayne Luk

DETECTING POWER ATTACKS ON RECONFIGURABLE HARDWARE. Adrien Le Masle, Wayne Luk DETECTING POWER ATTACKS ON RECONFIGURABLE HARDWARE Adrien Le Masle, Wayne Luk Department of Computing, Imperial College London 180 Queen s Gate, London SW7 2BZ, UK email: {al1108,wl}@doc.ic.ac.uk ABSTRACT

More information

Throughput vs. Area Trade-offs in High-Speed Architectures of Five Round 3 SHA-3 Candidates Implemented Using Xilinx and Altera FPGAs

Throughput vs. Area Trade-offs in High-Speed Architectures of Five Round 3 SHA-3 Candidates Implemented Using Xilinx and Altera FPGAs Throughput vs. Area Trade-offs in High-Speed Architectures of Five Round 3 SHA-3 Candidates Implemented Using Xilinx and Altera FPGAs Ekawat Homsirikamol, Marcin Rogawski, and Kris Gaj George Mason University

More information

Course Developer: Ranjan Bose, IIT Delhi

Course Developer: Ranjan Bose, IIT Delhi Course Title: Coding Theory Course Developer: Ranjan Bose, IIT Delhi Part I Information Theory and Source Coding 1. Source Coding 1.1. Introduction to Information Theory 1.2. Uncertainty and Information

More information

Linear Congruences. The solutions to a linear congruence ax b (mod m) are all integers x that satisfy the congruence.

Linear Congruences. The solutions to a linear congruence ax b (mod m) are all integers x that satisfy the congruence. Section 4.4 Linear Congruences Definition: A congruence of the form ax b (mod m), where m is a positive integer, a and b are integers, and x is a variable, is called a linear congruence. The solutions

More information

Image Encryption Based on the Modified Triple- DES Cryptosystem

Image Encryption Based on the Modified Triple- DES Cryptosystem International Mathematical Forum, Vol. 7, 2012, no. 59, 2929-2942 Image Encryption Based on the Modified Triple- DES Cryptosystem V. M. SILVA-GARCÍA 1, R. FLORES-CARAPIA 2, I. LÓPEZ-YAÑEZ 3 and C. RENTERÍA-MÁRQUEZ

More information

Side-Channel Attack Standard Evaluation Board SASEBO-W for Smartcard Testing

Side-Channel Attack Standard Evaluation Board SASEBO-W for Smartcard Testing Side-Channel Attac Standard Evaluation Board -W for Smartcard Testing Toshihiro Katashita ), Yohei ori ), irofumi Saane,2), Aashi Satoh ) ) National Institute of Advanced Industrial Science and Technology,

More information

Image Encryption using Pseudo Random Number Generators

Image Encryption using Pseudo Random Number Generators Image Encryption using Pseudo Random Number Generators Arihant Kr. Banthia Postgraduate student (MTech) Deptt. of CSE & IT, MANIT, Bhopal Namita Tiwari Asst. Professor Deptt. of CSE & IT, MANIT, Bhopal

More information

Alternative forms of representation of Boolean functions in Cryptographic Information Security Facilities. Kushch S.

Alternative forms of representation of Boolean functions in Cryptographic Information Security Facilities. Kushch S. Alternative forms of representation of Boolean functions in Cryptographic Information Security Facilities Kushch S. The work offers a new approach to the formation of functions which are used in cryptography

More information

Investigating the DPA-Resistance Property of Charge Recovery Logics

Investigating the DPA-Resistance Property of Charge Recovery Logics Investigating the DPA-Resistance Property of Charge Recovery Logics Amir Moradi 1, Mehrdad Khatir 1, Mahmoud Salmasizadeh, and Mohammad T. Manzuri Shalmani 1 1 Department of Computer Engineering, Sharif

More information

Secure Function Evaluation

Secure Function Evaluation Secure Function Evaluation 1) Use cryptography to securely compute a function/program. 2) Secure means a) Participant s inputs stay secret even though they are used in the computation. b) No participant

More information

Permutation Polynomials Modulo 2 w

Permutation Polynomials Modulo 2 w Finite Fields and Their Applications 7, 287}292 (2001) doi.10.1006/!ta.2000.0282, available online at http://www.idealibrary.com on Permutation Polynomials Modulo 2 w Ronald L. Rivest Laboratory for Computer

More information

Array-Based Statistical Analysis of the MK-3 Authenticated Encryption Scheme. P. Bajorski, A. Kaminsky, M. Kurdziel, M. Łukowiak, S.

Array-Based Statistical Analysis of the MK-3 Authenticated Encryption Scheme. P. Bajorski, A. Kaminsky, M. Kurdziel, M. Łukowiak, S. Array-Based Statistical Analysis of the MK-3 Authenticated Encryption Scheme P. Bajorski, A. Kaminsky, M. Kurdziel, M. Łukowiak, S. Radziszowski Array-Based Statistical Analysis of the MK-3 Authenticated

More information

Recommendations for Secure IC s and ASIC s

Recommendations for Secure IC s and ASIC s Recommendations for Secure IC s and ASIC s F. Mace, F.-X. Standaert, J.D. Legat, J.-J. Quisquater UCL Crypto Group, Microelectronics laboratory(dice), Universite Catholique de Louvain(UCL), Belgium email:

More information

Successful Implementation of the Hill and Magic Square Ciphers: A New Direction

Successful Implementation of the Hill and Magic Square Ciphers: A New Direction Successful Implementation of the Hill and Magic Square Ciphers: A New Direction ISSN:319-7900 Tomba I. : Dept. of Mathematics, Manipur University, Imphal, Manipur (INDIA) Shibiraj N, : Research Scholar

More information

Triple-DES Block of 96 Bits: An Application to. Colour Image Encryption

Triple-DES Block of 96 Bits: An Application to. Colour Image Encryption Applied Mathematical Sciences, Vol. 7, 2013, no. 23, 1143-1155 HIKARI Ltd, www.m-hikari.com Triple-DES Block of 96 Bits: An Application to Colour Image Encryption V. M. Silva-García Instituto politécnico

More information

Analysis of S-box in Image Encryption Using Root Mean Square Error Method

Analysis of S-box in Image Encryption Using Root Mean Square Error Method Analysis of S-box in Image Encryption Using Root Mean Square Error Method Iqtadar Hussain a, Tariq Shah a, Muhammad Asif Gondal b, and Hasan Mahmood c a Department of Mathematics, Quaid-i-Azam University,

More information

Power Analysis Based Side Channel Attack

Power Analysis Based Side Channel Attack CO411/2::Individual Project I & II Report arxiv:1801.00932v1 [cs.cr] 3 Jan 2018 Power Analysis Based Side Channel Attack Hasindu Gamaarachchi Harsha Ganegoda http://www.ce.pdn.ac.lk Department of Computer

More information

Minimum key length for cryptographic security

Minimum key length for cryptographic security Journal of Applied Mathematics & Bioinformatics, vol.3, no.1, 2013, 181-191 ISSN: 1792-6602 (print), 1792-6939 (online) Scienpress Ltd, 2013 Minimum key length for cryptographic security George Marinakis

More information

Transform. Jeongchoon Ryoo. Dong-Guk Han. Seoul, Korea Rep.

Transform. Jeongchoon Ryoo. Dong-Guk Han. Seoul, Korea Rep. 978-1-4673-2451-9/12/$31.00 2012 IEEE 201 CPA Performance Comparison based on Wavelet Transform Aesun Park Department of Mathematics Kookmin University Seoul, Korea Rep. aesons@kookmin.ac.kr Dong-Guk Han

More information

THE INTEGRATION of nanodevices with complementary

THE INTEGRATION of nanodevices with complementary IEEE TRANSACTIONS ON NANOTECHNOLOGY, VOL. 8, NO. 3, MAY 2009 315 Efficient CMOL Gate Designs for Cryptography Applications Z. Abid, Member, IEEE, A. Alma aitah, Student Member, IEEE, M.Barua, Student Member,

More information

CRYPTANALYSIS OF THE PERMUTATION CIPHER OVER COMPOSITION MAPPINGS OF BLOCK CIPHER

CRYPTANALYSIS OF THE PERMUTATION CIPHER OVER COMPOSITION MAPPINGS OF BLOCK CIPHER CRYPTANALYSIS OF THE PERMUTATION CIPHER OVER COMPOSITION MAPPINGS OF BLOCK CIPHER P.Sundarayya 1, M.M.Sandeep Kumar 2, M.G.Vara Prasad 3 1,2 Department of Mathematics, GITAM, University, (India) 3 Department

More information

Voice and image encryption, and performance analysis of counter mode advanced encryption standard for WiMAX

Voice and image encryption, and performance analysis of counter mode advanced encryption standard for WiMAX The University of Toledo The University of Toledo Digital Repository Theses and Dissertations 2013 Voice and image encryption, and performance analysis of counter mode advanced encryption standard for

More information

Teacher s Notes. Problem of the Month: Courtney s Collection

Teacher s Notes. Problem of the Month: Courtney s Collection Teacher s Notes Problem of the Month: Courtney s Collection Overview: In the Problem of the Month, Courtney s Collection, students use number theory, number operations, organized lists and counting methods

More information

SYNCHRONOUS stream ciphers are lightweight

SYNCHRONOUS stream ciphers are lightweight IEEE TRANSACTIONS ON VERY LARGE SCALE INTEGRATION (VLSI) SYSTEMS, VOL. 22, NO. 9, SEPTEMBER 204 865 New Implementations of the WG Stream Cipher Hayssam El-Razouk, Arash Reyhani-Masoleh, Member, IEEE, and

More information

LOSSLESS CRYPTO-DATA HIDING IN MEDICAL IMAGES WITHOUT INCREASING THE ORIGINAL IMAGE SIZE THE METHOD

LOSSLESS CRYPTO-DATA HIDING IN MEDICAL IMAGES WITHOUT INCREASING THE ORIGINAL IMAGE SIZE THE METHOD LOSSLESS CRYPTO-DATA HIDING IN MEDICAL IMAGES WITHOUT INCREASING THE ORIGINAL IMAGE SIZE J.M. Rodrigues, W. Puech and C. Fiorio Laboratoire d Informatique Robotique et Microlectronique de Montpellier LIRMM,

More information

Embedded System Hardware - Reconfigurable Hardware -

Embedded System Hardware - Reconfigurable Hardware - 2 Embedded System Hardware - Reconfigurable Hardware - Peter Marwedel Informatik 2 TU Dortmund Germany GOPs/J Courtesy: Philips Hugo De Man, IMEC, 27 Energy Efficiency of FPGAs 2, 28-2- Reconfigurable

More information

Pseudorandom Number Generation and Stream Ciphers

Pseudorandom Number Generation and Stream Ciphers Pseudorandom Number Generation and Stream Ciphers Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/

More information

Assessing and. Rui Wang, Assistant professor Dept. of Information and Communication Tongji University.

Assessing and. Rui Wang, Assistant professor Dept. of Information and Communication Tongji University. Assessing and Understanding Performance Rui Wang, Assistant professor Dept. of Information and Communication Tongji University it Email: ruiwang@tongji.edu.cn 4.1 Introduction Pi Primary reason for examining

More information
2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback