a scon a submission to caesar
play

A SCON : A Submission to CAESAR Ch. Dobraunig, M. Eichlseder, F. - PowerPoint PPT Presentation

Jun 28, 2023 •234 likes •562 views

S C I E N C E P A S S I O N T E C H N O L O G Y A SCON : A Submission to CAESAR Ch. Dobraunig, M. Eichlseder, F. Mendel, M. Schl affer Graz University of Technology CECC 2015 www.iaik.tugraz.at www.iaik.tugraz.at The

  1. S C I E N C E P A S S I O N T E C H N O L O G Y A SCON : A Submission to CAESAR Ch. Dobraunig, M. Eichlseder, F. Mendel, M. Schl¨ affer Graz University of Technology CECC 2015 www.iaik.tugraz.at

  2. www.iaik.tugraz.at The Team Christoph Dobraunig Maria Eichlseder Florian Mendel Martin Schl¨ affer Ch. Dobraunig , M. Eichlseder, F . Mendel, M. Schl¨ affer 2 CECC 2015

  3. www.iaik.tugraz.at Overview CAESAR Design of A SCON Security analysis Implementations Ch. Dobraunig , M. Eichlseder, F . Mendel, M. Schl¨ affer 3 CECC 2015

  4. www.iaik.tugraz.at CAESAR CAESAR: Competition for Authenticated Encryption – Security, Applicability, and Robustness http://competitions.cr.yp.to/caesar.html Inspired by AES SHA-3 eStream Ch. Dobraunig , M. Eichlseder, F . Mendel, M. Schl¨ affer 4 CECC 2015

  5. www.iaik.tugraz.at CAESAR – Candidates ACORN ++AE AEGIS AES-CMCC AES-COBRA AES-COPA AES-CPFB AES-JAMBU AES-OTR AEZ Artemia Ascon AVALANCHE Calico CBA CBEAM CLOC Deoxys ELmD Enchilada FASER HKC HS1-SIV ICEPOLE iFeed[AES] Joltik Julius Ketje Keyak KIASU LAC Marble McMambo Minalpher MORUS NORX OCB OMD PAEQ PAES PANDA π -Cipher POET POLAWIS PRIMATEs Prøst Raviyoyla Sablier SCREAM SHELL SILC Silver STRIBOB Tiaoxin TriviA-ck Wheesht YAES Ch. Dobraunig , M. Eichlseder, F . Mendel, M. Schl¨ affer 5 CECC 2015

  6. www.iaik.tugraz.at CAESAR – Candidates ACORN ++AE AEGIS AES-CMCC AES-COBRA AES-COPA AES-CPFB AES-JAMBU AES-OTR AEZ Artemia Ascon AVALANCHE Calico CBA CBEAM CLOC Deoxys ELmD Enchilada FASER HKC HS1-SIV ICEPOLE iFeed[AES] Joltik Julius Ketje Keyak KIASU LAC Marble McMambo Minalpher MORUS NORX OCB OMD PAEQ PAES PANDA π -Cipher POET POLAWIS PRIMATEs Prøst Raviyoyla Sablier SCREAM SHELL SILC Silver STRIBOB Tiaoxin TriviA-ck Wheesht YAES Ch. Dobraunig , M. Eichlseder, F . Mendel, M. Schl¨ affer 6 CECC 2015

  7. www.iaik.tugraz.at A SCON – Design Goals Security Online Efficiency Single pass Lightweight Scalability Simplicity Side-Channel Robustness Ch. Dobraunig , M. Eichlseder, F . Mendel, M. Schl¨ affer 7 CECC 2015

  8. www.iaik.tugraz.at A SCON – General Overview Nonce-based AE scheme Sponge inspired P 1 C 1 P 2 C 2 P t C t 64 64 64 IV p 12 p 6 p 6 p 12 256 256 256 256 128 K � N T 0 ∗ � K K � 0 ∗ 1 K Processing Initialization Finalization Plaintext Ch. Dobraunig , M. Eichlseder, F . Mendel, M. Schl¨ affer 8 CECC 2015

  9. www.iaik.tugraz.at A SCON – Permutation Iterative application of round function One round Constant addition Substitution layer Linear layer Ch. Dobraunig , M. Eichlseder, F . Mendel, M. Schl¨ affer 9 CECC 2015

  10. www.iaik.tugraz.at A SCON – Round Substitution layer x 0 x 1 x 2 x 3 x 4 Linear layer x 0 x 1 x 1 x 2 x 3 x 4 Ch. Dobraunig , M. Eichlseder, F . Mendel, M. Schl¨ affer 10 CECC 2015

  11. www.iaik.tugraz.at A SCON – Round x 4 ⊕ ( x 4 ≫ 7) ⊕ ( x 4 ≫ 41) → x 4 x 4 x 4 x 3 ⊕ ( x 3 ≫ 10) ⊕ ( x 3 ≫ 17) → x 3 x 3 x 3 x 2 ⊕ ( x 2 ≫ 1) ⊕ ( x 2 ≫ 6) → x 2 x 2 x 2 x 1 ⊕ ( x 1 ≫ 61) ⊕ ( x 1 ≫ 39) → x 1 x 1 x 1 x 0 ⊕ ( x 0 ≫ 19) ⊕ ( x 0 ≫ 28) → x 0 x 0 x 0 S-box Linear transformation Ch. Dobraunig , M. Eichlseder, F . Mendel, M. Schl¨ affer 11 CECC 2015

  12. www.iaik.tugraz.at Analysis – A SCON [DEMS15] Attacks on round-reduced versions of A SCON -128 Key-recovery Forgery Analysis of the building blocks Permutation Ch. Dobraunig , M. Eichlseder, F . Mendel, M. Schl¨ affer 12 CECC 2015

  13. www.iaik.tugraz.at Key-recovery – Idea Target initialization Choose nonce Observe key-stream Deduce information about the secret key rounds time method 2 66 6 / 12 cube-like 2 35 5 / 12 A SCON -128 2 36 5 / 12 differential-linear 2 18 4 / 12 Ch. Dobraunig , M. Eichlseder, F . Mendel, M. Schl¨ affer 13 CECC 2015

  14. www.iaik.tugraz.at Key-recovery – Idea Target initialization Choose nonce Observe key-stream Deduce information about the secret key rounds time method 2 66 6 / 12 cube-like 2 35 5 / 12 A SCON -128 2 36 5 / 12 differential-linear 2 18 4 / 12 Ch. Dobraunig , M. Eichlseder, F . Mendel, M. Schl¨ affer 13 CECC 2015

  15. www.iaik.tugraz.at Forgery – Idea P t C t = ∆ P 1 C 1 P 2 C 2 64 64 p 6 p 6 p 12 256 256 256 128 T = ∆ K � 0 ∗ K Ch. Dobraunig , M. Eichlseder, F . Mendel, M. Schl¨ affer 14 CECC 2015

  16. www.iaik.tugraz.at Forgery – A SCON -128 3/12 rounds finalization probability 2 − 33 input difference after 1 round after 2 rounds after 3 rounds x 0 8000000000000000 8000100800000000 8000000002000080 ???????????????? x 1 0000000000000000 8000000001000004 9002904800000000 ???????????????? x 2 0000000000000000 → 0000000000000000 → d200000001840006 → ???????????????? x 3 0000000000000000 0000000000000000 0102000001004084 4291316c5aa02140 x 4 0000000000000000 0000000000000000 0000000000000000 090280200302c084 4/12 rounds finalization probability 2 − 101 input difference after 4 rounds x 0 8000000000000000 ???????????????? x 1 0000000000000000 ???????????????? x 2 0000000000000000 → ???????????????? x 3 0000000000000000 280380ec6a0e9024 x 4 0000000000000000 eb2541b2a0e438b0 Ch. Dobraunig , M. Eichlseder, F . Mendel, M. Schl¨ affer 15 CECC 2015

  17. www.iaik.tugraz.at Analysis – Permutation Zero-sum distinguisher 12 rounds with complexity 2 130 Search for differential and linear characteristics Proof on minimum number of active S-boxes result rounds differential linear 1 1 1 proof 2 4 4 3 15 13 4 44 43 heuristic ≥ 5 > 64 > 64 Ch. Dobraunig , M. Eichlseder, F . Mendel, M. Schl¨ affer 16 CECC 2015

  18. www.iaik.tugraz.at Implementation – A SCON Software 64-bit Intel platforms ARM NEON 8-bit ATmega128 Hardware [GWDE15] High-speed Low-area Threshold implementations Ch. Dobraunig , M. Eichlseder, F . Mendel, M. Schl¨ affer 17 CECC 2015

  19. www.iaik.tugraz.at Software – 64-bit Intel One message per core (Core2Duo) 64 512 1024 4096 A SCON -128 (c/B) 22.0 15.9 15.6 15.2 A SCON -96 (c/B) 17.7 11.0 10.5 10.3 Ch. Dobraunig , M. Eichlseder, F . Mendel, M. Schl¨ affer 18 CECC 2015

  20. www.iaik.tugraz.at Software – 64-bit Intel One message per core (Core2Duo) 64 512 1024 4096 A SCON -128 (c/B) 22.0 15.9 15.6 15.2 A SCON -96 (c/B) 17.7 11.0 10.5 10.3 Four messages per core [Sen15] (Haswell) 64 512 1024 4096 A SCON -128 (c/B) 10.49 7.33 7.11 6.94 A SCON -96 (c/B) 8.55 5.26 5.02 4.85 Ch. Dobraunig , M. Eichlseder, F . Mendel, M. Schl¨ affer 18 CECC 2015

  21. www.iaik.tugraz.at Hardware – Results [GWDE15] Chip Area Throughput Power Energy [kGE] [Mbps] [µW] [µJ/byte] Unprotected Implementations Fast 1 round 7.08 5 524 43 33 Fast 6 rounds 24.93 13 218 184 23 Low-area 2.57 14 15 5 706 Ch. Dobraunig , M. Eichlseder, F . Mendel, M. Schl¨ affer 19 CECC 2015

  22. www.iaik.tugraz.at Hardware – Results [GWDE15] Chip Area Throughput Power Energy [kGE] [Mbps] [µW] [µJ/byte] Unprotected Implementations Fast 1 round 7.08 5 524 43 33 Fast 6 rounds 24.93 13 218 184 23 Low-area 2.57 14 15 5 706 Ch. Dobraunig , M. Eichlseder, F . Mendel, M. Schl¨ affer 19 CECC 2015

  23. www.iaik.tugraz.at Hardware – Results [GWDE15] Chip Area Throughput Power Energy [kGE] [Mbps] [µW] [µJ/byte] Unprotected Implementations Fast 1 round 7.08 5 524 43 33 Fast 6 rounds 24.93 13 218 184 23 Low-area 2.57 14 15 5 706 Threshold Implementations Fast 1 round 28.61 3 774 183 137 Fast 6 rounds 123.52 9 018 830 104 Low-area 7.97 15 45 17 234 Ch. Dobraunig , M. Eichlseder, F . Mendel, M. Schl¨ affer 19 CECC 2015

  24. www.iaik.tugraz.at A SCON -128 – Choice of Parameters Now: (c,r) = (256, 64) Conservative choice Proposed: (c,r) = (192, 128) [BDPA11] Significant speedup (factor 2) Limit on data complexity 2 64 Proposed: (c,r) = (128, 192) [JLM14] Significant speedup (factor 3) More analysis needed Ch. Dobraunig , M. Eichlseder, F . Mendel, M. Schl¨ affer 20 CECC 2015

  25. www.iaik.tugraz.at More Information http://ascon.iaik.tugraz.at Ch. Dobraunig , M. Eichlseder, F . Mendel, M. Schl¨ affer 21 CECC 2015

  26. www.iaik.tugraz.at Acknowledgments The work has been supported in part by the Austrian Science Fund (project P26494-N15) and by the Austrian Research Promotion Agency (FFG) and the Styrian Business Promotion Agency (SFG) under grant number 836628 (SeCoS). Ch. Dobraunig , M. Eichlseder, F . Mendel, M. Schl¨ affer 22 CECC 2015

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Ascon (A Submission to CAESAR) Ch. Dobraunig 1 , M. Eichlseder 1 , F. Mendel 1 , M. Schl affer 2

Ascon (A Submission to CAESAR) Ch. Dobraunig 1 , M. Eichlseder 1 , F. Mendel 1 , M. Schl affer 2

Ascon (A Submission to CAESAR) Ch. Dobraunig 1 , M. Eichlseder 1 , F. Mendel 1 , M. Schl affer 2 1 IAIK, Graz University of Technology, Austria 2 Infineon Technologies AG, Austria 22nd Crypto Day, Infineon, Munich Overview CAESAR Design of

639 views • 25 slides
PRIMATEs v1.1: A Submission to the CAESAR Competition Elena Andreeva, Begl Bilgin, Andrey

PRIMATEs v1.1: A Submission to the CAESAR Competition Elena Andreeva, Begl Bilgin, Andrey

PRIMATEs v1.1: A Submission to the CAESAR Competition Elena Andreeva, Begl Bilgin, Andrey Bogdanov, Atul Luykx, Florian Mendel, Bart Mennink, Nicky Mouha,Qingju Wang, and Kan Yasuda 1 July 2014, Bochum PRIMATEs GIBBON APE HANUMAN 2

953 views • 80 slides
* Dr. Axel Voigt (voigt@caesar.de) research center caesar crystal growth group

* Dr. Axel Voigt (voigt@caesar.de) research center caesar crystal growth group

AMDiS Adaptive Multidimensional simulations: Parallel Concepts Parallel Concepts Christina Stcker (stoecker@caesar.de), Dr. Angel Ribalta (ribalta@caesar.de), Simon Vey (vey@caesar.de), * Dr. Axel Voigt (voigt@caesar.de) research

806 views • 23 slides
Announcement of the CAESAR finalists Daniel J. Bernstein Announcement of the CAESAR finalists

Announcement of the CAESAR finalists Daniel J. Bernstein Announcement of the CAESAR finalists

Announcement of the CAESAR finalists Daniel J. Bernstein Announcement of the CAESAR finalists Daniel J. Bernstein CAESAR timeline planned in 2012 2013.01: Announce tentative schedule. 2014.01: Deadline for first-round submissions.

527 views • 10 slides
Introduction to Authenticated Encryption 1 / 27 www.iaik.tugraz.at Interface K K N , A , C ,

Introduction to Authenticated Encryption 1 / 27 www.iaik.tugraz.at Interface K K N , A , C ,

On A SCON and I SAP About Two Authenticated Encryption Schemes Christoph Dobraunig October 2018 Designed by: . Mendel, M. Schl A SCON : C. Dobraunig, M. Eichlseder, F affer I SAP : C. Dobraunig, M. Eichlseder, S. Mangard, F . Mendel, T.

987 views • 40 slides
ASCON Submission to the CAESAR Compe44on Christoph Dobraunig, Maria Eichlseder, Florian Mendel,

ASCON Submission to the CAESAR Compe44on Christoph Dobraunig, Maria Eichlseder, Florian Mendel,

ASCON Submission to the CAESAR Compe44on Christoph Dobraunig, Maria Eichlseder, Florian Mendel, Mar4n Schlffer DIAC 2016 Our Team Christoph Dobraunig Maria Eichlseder Florian Mendel Mar4n Schlffer ASCON Main Design Goals

688 views • 25 slides
BUILDING STRONG The Friends of Caesar Creek is hosted at the Visitor Center and conducts its

BUILDING STRONG The Friends of Caesar Creek is hosted at the Visitor Center and conducts its

Friends of Caesar Creek is a not-for-profit volunteer organization dedicated to educating the public about the natural resources of the Caesar Creek Lake Region. They support the educational, scientific, and historical activities of the region

497 views • 18 slides
Layering CS 438: Spring 2014 Instructor: Matthew Caesar http://www.cs.illinois.edu/~caesar/cs438

Layering CS 438: Spring 2014 Instructor: Matthew Caesar http://www.cs.illinois.edu/~caesar/cs438

Layering CS 438: Spring 2014 Instructor: Matthew Caesar http://www.cs.illinois.edu/~caesar/cs438 Outline Last time: low-level plumbing Today: top-down architecting of the Internet Goals Layering Protocols The end-to-end

946 views • 58 slides
Information Retrieval Lecture 1 Query Which plays of Shakespeare contain the words Brutus

Information Retrieval Lecture 1 Query Which plays of Shakespeare contain the words Brutus

Information Retrieval Lecture 1 Query Which plays of Shakespeare contain the words Brutus Brutus AND Caesar Caesar but NOT Calpurnia Calpurnia ? Could grep all of Shakespeares plays for Brutus and Caesar, Brutus Caesar, then strip

563 views • 40 slides
Physical Media CS 438: Spring 2014 Instructor: Matthew Caesar

Physical Media CS 438: Spring 2014 Instructor: Matthew Caesar

Physical Media CS 438: Spring 2014 Instructor: Matthew Caesar http://www.cs.illinois.edu/~caesar/cs438 2 Today: Physical Media Networks are made up of devices and communication links Devices and links can be physically threatened

1.01k views • 75 slides
When a submission includes a

When a submission includes a

When a submission includes a payslip with Validation error Should process all valid payslips in the submission and code: 2049 invalid previousLineItemID or

655 views • 31 slides
1 Cant build the matrix Inverted index Term Doc # Documents are parsed to extract words

1 Cant build the matrix Inverted index Term Doc # Documents are parsed to extract words

Query Information Retrieval (IR) Which plays of Shakespeare contain the words Brutus AND Caesar but NOT Calpurnia ? Could grep all of Shakespeares plays for Brutus and Caesar then strip out lines containing Calpurnia ? Slow (for

213 views • 10 slides
1 Cant build the matrix Inverted index Documents are parsed to extract words Term Doc #

1 Cant build the matrix Inverted index Documents are parsed to extract words Term Doc #

Query Information Retrieval (IR) Which plays of Shakespeare contain the words Brutus AND Caesar but NOT Calpurnia ? Could grep all of Shakespeares plays for Brutus and Caesar then strip out lines containing Calpurnia ? Based on slides

419 views • 10 slides
Caesar Cipher If he had anything confidential to say, he wrote it in cipher, that is, by so

Caesar Cipher If he had anything confidential to say, he wrote it in cipher, that is, by so

Caesar Cipher If he had anything confidential to say, he wrote it in cipher, that is, by so changing the order of the letters of the alphabet, that not a word could be made out. If anyone wishes to decipher these, and get at their meaning, he

1.03k views • 5 slides
Mar 17: Paper submission Mar 17 Paper submission Mar 22 Assignment to ACs Papers will be

Mar 17: Paper submission Mar 17 Paper submission Mar 22 Assignment to ACs Papers will be

Mar 17: Paper submission Mar 17 Paper submission Mar 22 Assignment to ACs Papers will be screened for length and inclusion of author information above abstract. Mar 23-30 Reviewer Selection We will desk reject any that do not satisfy

246 views • 11 slides
An Overview of CAESAR Mridul Nandi Indian Statistical Institute, Kolkata SEPTEMBER 2016

An Overview of CAESAR Mridul Nandi Indian Statistical Institute, Kolkata SEPTEMBER 2016

Introduction CAESAR Competition TriviA : A Streamcipher Based AE Scheme Hardware Implementation of TriviA ELmD : A Blockcipher Based AE Scheme An Overview of CAESAR Mridul Nandi Indian Statistical Institute, Kolkata SEPTEMBER 2016

812 views • 48 slides
Assembly Language Programming Introduction to ARM Zbigniew Jurkiewicz, Instytut Informatyki UW

Assembly Language Programming Introduction to ARM Zbigniew Jurkiewicz, Instytut Informatyki UW

Assembly Language Programming Introduction to ARM Zbigniew Jurkiewicz, Instytut Informatyki UW December 19, 2017 Zbigniew Jurkiewicz, Instytut Informatyki UW Assembly Language Programming Introduction to ARM Historia ARM Ltd. company has been

778 views • 29 slides
Software necromancy with Perl Dave Lambley dlambley@cpan.org Accounting software Informix C-ISAM

Software necromancy with Perl Dave Lambley dlambley@cpan.org Accounting software Informix C-ISAM

Software necromancy with Perl Dave Lambley dlambley@cpan.org Accounting software Informix C-ISAM 1987 Perl 1.0 GCC 1.0 TPS report example Historic 4GL Variables bound to database fields. Schema defined outside code using UI.

519 views • 36 slides
Cottage Industries: Live/Work Coops Matthew Keesan matt@3bbrooklyn.com Our agenda today - An

Cottage Industries: Live/Work Coops Matthew Keesan matt@3bbrooklyn.com Our agenda today - An

Cottage Industries: Live/Work Coops Matthew Keesan matt@3bbrooklyn.com Our agenda today - An introduction to cottage industries - Benefits - Challenges - Some practices that worked well for us - Our open source sweat equity model - Q&A

1.24k views • 57 slides
TOS for the Raspberry Pi Yeqing Yan Abhijit Parate Anoja Rajalakshmi Arno Puder Overview:

TOS for the Raspberry Pi Yeqing Yan Abhijit Parate Anoja Rajalakshmi Arno Puder Overview:

TOS for the Raspberry Pi Yeqing Yan Abhijit Parate Anoja Rajalakshmi Arno Puder Overview: Hardware Architecture of the Raspberry Pi ARM Assembly Boot Sequence Context Switch Exception Handling Framebuffer 1 Raspberry

950 views • 79 slides
Congressional Investigations November 13, 2018 Curren ent t Congress ess has initiated ated

Congressional Investigations November 13, 2018 Curren ent t Congress ess has initiated ated

Responding to Congressional Investigations November 13, 2018 Curren ent t Congress ess has initiated ated invest stigat igations ions of non-prof profits ts In June, the chairmen of the House Natural Resources Committee and its

479 views • 19 slides
Top tips for customer retention whos really your most valuable customer? Charlotte Lewis

Top tips for customer retention whos really your most valuable customer? Charlotte Lewis

Top tips for customer retention whos really your most valuable customer? Charlotte Lewis & Rob Willis In 20 minutes you will learn how to... Improve customer retention Maximise the potential of your customer data Segment

294 views • 10 slides
Overview of Logic and Set Theory Basics Robert B. France Logic Logic is concerned with mechanized

Overview of Logic and Set Theory Basics Robert B. France Logic Logic is concerned with mechanized

1/5/2012 Overview of Logic and Set Theory Basics Robert B. France Logic Logic is concerned with mechanized reasoning. Reasoning, as used here, involves determining the truth of some statement (the conclusions) based on assumed truths

221 views • 11 slides
Systems Architecture The ARM Processor The ARM Processor p. 1/14 The ARM Processor ARM:

Systems Architecture The ARM Processor The ARM Processor p. 1/14 The ARM Processor ARM:

Systems Architecture The ARM Processor The ARM Processor p. 1/14 The ARM Processor ARM: Advanced RISC Machine First developed in 1983 by Acorn Computers ARM Ltd was formed in 1988 to continue development Advantages of the ARM

391 views • 14 slides

More recommend