an overview of caesar
play

An Overview of CAESAR Mridul Nandi Indian Statistical Institute, - PowerPoint PPT Presentation

Aug 03, 2023 •313 likes •812 views

Introduction CAESAR Competition TriviA : A Streamcipher Based AE Scheme Hardware Implementation of TriviA ELmD : A Blockcipher Based AE Scheme An Overview of CAESAR Mridul Nandi Indian Statistical Institute, Kolkata SEPTEMBER 2016

  1. Introduction CAESAR Competition TriviA : A Streamcipher Based AE Scheme Hardware Implementation of TriviA ELmD : A Blockcipher Based AE Scheme An Overview of CAESAR Mridul Nandi Indian Statistical Institute, Kolkata SEPTEMBER 2016 Authenticated Encryption

  2. Introduction CAESAR Competition TriviA : A Streamcipher Based AE Scheme Hardware Implementation of TriviA ELmD : A Blockcipher Based AE Scheme Introduction 1 CAESAR Competition 2 TriviA : A Streamcipher Based AE Scheme 3 Hardware Implementation of TriviA 4 ELmD : A Blockcipher Based AE Scheme 5 Authenticated Encryption

  3. Introduction CAESAR Competition TriviA : A Streamcipher Based AE Scheme Hardware Implementation of TriviA ELmD : A Blockcipher Based AE Scheme A Brief Overview A proper integration of Encryption and Authentication First Formalized by Bellare and Namprempre [Asiacrypt 00] Proposed EtM (used in IPSec), MtE (used in SSL/TLS) and E & M (used in SSH). Proposed formal security model for Privacy and Authenticity EtM strongest in this security model Other Important Works AE proposed by Jutla, Gligor et al. (XCBC and XECB), Rogaway et al. (OCB) Later CCM, EAX (improved CCM), EAX’ (Update over EAX) and GCM. GCM was recommended by NIST (SP 800-38D) Authenticated Encryption

  4. Introduction CAESAR Competition TriviA : A Streamcipher Based AE Scheme Classification of CAESAR Candidates by Structure Hardware Implementation of TriviA ELmD : A Blockcipher Based AE Scheme Introduction 1 CAESAR Competition 2 Classification of CAESAR Candidates by Structure TriviA : A Streamcipher Based AE Scheme 3 Hardware Implementation of TriviA 4 ELmD : A Blockcipher Based AE Scheme 5 Authenticated Encryption

  5. Introduction CAESAR Competition TriviA : A Streamcipher Based AE Scheme Classification of CAESAR Candidates by Structure Hardware Implementation of TriviA ELmD : A Blockcipher Based AE Scheme CAESAR CAESAR: Competition for Authenticated Encryption: Security, Applicability, and Robustness Announced in 2013 Offer advantages over AES-GCM Suitable for widespread adoption Functional requirements The algorithm receives PMN , SMN (optional), AD and M The algorithm outputs C and T Privacy for M and SMN , Authenticity for PMN , SMN , AD and M Authenticated Encryption

  6. Introduction CAESAR Competition TriviA : A Streamcipher Based AE Scheme Classification of CAESAR Candidates by Structure Hardware Implementation of TriviA ELmD : A Blockcipher Based AE Scheme First Round of CAESAR 57 Submissions (March, 2014) Classification by Primitives of Important Submissions BC-Based - CLOC, SILC, ElmD, OTR, COPA, Joltik, OCB SC-Based - TriviA, Acorn, AEGIS Sponge Based - Ascon, PRIMATEs Authenticated Encryption

  7. Introduction CAESAR Competition TriviA : A Streamcipher Based AE Scheme Classification of CAESAR Candidates by Structure Hardware Implementation of TriviA ELmD : A Blockcipher Based AE Scheme Filter of First Round Candidates Elemination of Several Candidates 28 candidates are eliminated (some are withdrawn) Some were broken. Some were inefficient Some Important Cryptanalysis Forgery of COBRA, POET, PAES, LAC Cryptanalysis of XLS constructions Forgery and Key recovery of Marble Forgery of iFEED in both standard model and INT-RUP model Forgery and state recovery of PANDA INT-RUP Forgery of AES-CPFB Authenticated Encryption

  8. Introduction CAESAR Competition TriviA : A Streamcipher Based AE Scheme Classification of CAESAR Candidates by Structure Hardware Implementation of TriviA ELmD : A Blockcipher Based AE Scheme Second Round of CAESAR 29 Submissions (July, 2015) Several Attack After Second Round Announcements Key Recovery of 2.5 Round Pi-Cipher Forgery of ICEPOLE INT-RUP Attack on Rate-1 BC based AE (OCB, iFEED) Fault Attack on PAEQ, PRIMATEs, Minalpher, CLOC-SILC Authenticated Encryption

  9. Introduction CAESAR Competition TriviA : A Streamcipher Based AE Scheme Classification of CAESAR Candidates by Structure Hardware Implementation of TriviA ELmD : A Blockcipher Based AE Scheme Third Round of CAESAR 15 Submissions (August, 2016) Structural Classification OTP Mode Counter Mode - N/A Streamcipher Mode - N/A Sequential Feedback Mode without Counter Sponge Mode - Ascon, Ketje, Keyak, NORX, Tiaoxin NON-Sponge Mode - ACORN, AEGIS, AES-JAMBU, CLOC-SILC, MORUS OCB Mode - Deoxys, OCB, OTR Encrypt-Mix-Encrypt Mode - COLM Hash-Counter Mode - AEZ Authenticated Encryption

  10. Introduction CAESAR Competition TriviA : A Streamcipher Based AE Scheme Classification of CAESAR Candidates by Structure Hardware Implementation of TriviA ELmD : A Blockcipher Based AE Scheme Structural Classification of all CAESAR Candidates OTP Mode Counter Mode Streamcipher Mode Sequential Feedback Mode without Counter Sponge Mode NON-Sponge Mode OCB Mode Encrypt-Mix-Encrypt Mode Hash-Counter Mode Authenticated Encryption

  11. Introduction CAESAR Competition TriviA : A Streamcipher Based AE Scheme Classification of CAESAR Candidates by Structure Hardware Implementation of TriviA ELmD : A Blockcipher Based AE Scheme OTP Mode : Counter Mode Uses counter value for encryption of each block Encryption of different blocks can be parallel or the M / C block can be sequentially fed May or may not be online iFEED, AES-CPFB, PAEQ, Pi-Cipher, OMD K Acc M i /C i M i ctr E K ⊕ C i M i /C i Figure: Counter Mode Authenticated Encryption

  12. Introduction CAESAR Competition TriviA : A Streamcipher Based AE Scheme Classification of CAESAR Candidates by Structure Hardware Implementation of TriviA ELmD : A Blockcipher Based AE Scheme OTP Mode : Streamcipher Mode Uses expander function (such as streamcipher) Takes the state, updates state and generate random value This random value XORed with M to generate C TriviA, Wheesht, Sablier, Raviyoyla Figure: Streamcipher Mode Authenticated Encryption

  13. Introduction CAESAR Competition TriviA : A Streamcipher Based AE Scheme Classification of CAESAR Candidates by Structure Hardware Implementation of TriviA ELmD : A Blockcipher Based AE Scheme OTP Mode 3. Sequential Feedback Mode without Counter Similar to Streamcipher mode Except, the state also contains the previously processed M or previously generated C Two types Sponge Mode Non-Sponge Mode Ascon, ICEPOLE, PRIMATEs are Sponge Modes ACorn, CLOC-SILC, MORUS are Non-Sponge Modes d -block delay online security Authenticated Encryption

  14. Introduction CAESAR Competition TriviA : A Streamcipher Based AE Scheme Classification of CAESAR Candidates by Structure Hardware Implementation of TriviA ELmD : A Blockcipher Based AE Scheme Sponge and NON-Sponge Constructions Figure: Sponge Constructions Figure: Non-Sponge Constructions Authenticated Encryption

  15. Introduction CAESAR Competition TriviA : A Streamcipher Based AE Scheme Classification of CAESAR Candidates by Structure Hardware Implementation of TriviA ELmD : A Blockcipher Based AE Scheme OCB or Tweakable Blockcipher Mode ECB like structure Nonce can not be misused AES-OCB, AES-OTR Figure: OCB Authenticated Encryption

  16. Introduction CAESAR Competition TriviA : A Streamcipher Based AE Scheme Classification of CAESAR Candidates by Structure Hardware Implementation of TriviA ELmD : A Blockcipher Based AE Scheme Encrypt-Mix-Encrypt Mode Encryption module between two collision resistant online hash functions 0-Block delay Online ElmD, COPA, Marble, KIASU M 1 M 2 M l M l +1 2 2 .L 7 . 2 l .L ⊕ 7 . 2 l +1 .L ⊕ 2 .L ⊕ ⊕ MM l +1 MM 1 MM 2 MM l E K E K E K E K X l +1 X 1 X 2 X l · · · W 1 W l ρ ρ ρ ρ IV Y 1 Y 2 Y [ l ] Y l +1 E − 1 E − 1 E − 1 E − 1 K K K K CC 1 CC 2 CC l CC l +1 3 2 .L ⊕ 3 2 . 2 .L ⊕ 3 2 . 2 l − 1 .L ⊕ 3 2 . 2 l .L ⊕ C 1 C 2 C l C l +1 Figure: ElmD Authenticated Encryption

  17. Introduction CAESAR Competition TriviA : A Streamcipher Based AE Scheme Classification of CAESAR Candidates by Structure Hardware Implementation of TriviA ELmD : A Blockcipher Based AE Scheme Hash-Counter Mode (2-pass construction) Whole M is Hashed generate the tag and an IV IV is used in counter mode to generate C Not Online SIV, BTM, AEZ Figure: Hash-Counter Mode Authenticated Encryption

  18. Introduction CAESAR Competition TriviA : A Streamcipher Based AE Scheme Hardware Implementation of TriviA ELmD : A Blockcipher Based AE Scheme Introduction 1 CAESAR Competition 2 TriviA : A Streamcipher Based AE Scheme 3 Hardware Implementation of TriviA 4 ELmD : A Blockcipher Based AE Scheme 5 Authenticated Encryption

  19. Introduction CAESAR Competition TriviA : A Streamcipher Based AE Scheme Hardware Implementation of TriviA ELmD : A Blockcipher Based AE Scheme TriviA Encryption Mode Joint work with Avik Chakraborti CAESAR candidate, Accepted at CHES 2015 and JCEN 2016 TriviA-SC - Updated version C of Trivium. Encryption � Key Stream M EHC-Hash - Universal Hash TriviA-SC Authentication � follows EHC technique. Key Stream EHC-Hash TriviA-SC generates encryption and T authentication key stream. Authenticated Encryption

  20. Introduction CAESAR Competition TriviA : A Streamcipher Based AE Scheme Hardware Implementation of TriviA ELmD : A Blockcipher Based AE Scheme Circuit of TriviA-SC � � � � A 1 C 120 A 66 A 75 � A 102 z C 66 � � � B 1 � � C 1 � � B 66 B 96 B 69 � � Authenticated Encryption

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

* Dr. Axel Voigt (voigt@caesar.de) research center caesar crystal growth group

* Dr. Axel Voigt (voigt@caesar.de) research center caesar crystal growth group

AMDiS Adaptive Multidimensional simulations: Parallel Concepts Parallel Concepts Christina Stcker (stoecker@caesar.de), Dr. Angel Ribalta (ribalta@caesar.de), Simon Vey (vey@caesar.de), * Dr. Axel Voigt (voigt@caesar.de) research

806 views • 23 slides
Announcement of the CAESAR finalists Daniel J. Bernstein Announcement of the CAESAR finalists

Announcement of the CAESAR finalists Daniel J. Bernstein Announcement of the CAESAR finalists

Announcement of the CAESAR finalists Daniel J. Bernstein Announcement of the CAESAR finalists Daniel J. Bernstein CAESAR timeline planned in 2012 2013.01: Announce tentative schedule. 2014.01: Deadline for first-round submissions.

527 views • 10 slides
Ascon (A Submission to CAESAR) Ch. Dobraunig 1 , M. Eichlseder 1 , F. Mendel 1 , M. Schl affer 2

Ascon (A Submission to CAESAR) Ch. Dobraunig 1 , M. Eichlseder 1 , F. Mendel 1 , M. Schl affer 2

Ascon (A Submission to CAESAR) Ch. Dobraunig 1 , M. Eichlseder 1 , F. Mendel 1 , M. Schl affer 2 1 IAIK, Graz University of Technology, Austria 2 Infineon Technologies AG, Austria 22nd Crypto Day, Infineon, Munich Overview CAESAR Design of

639 views • 25 slides
BUILDING STRONG The Friends of Caesar Creek is hosted at the Visitor Center and conducts its

BUILDING STRONG The Friends of Caesar Creek is hosted at the Visitor Center and conducts its

Friends of Caesar Creek is a not-for-profit volunteer organization dedicated to educating the public about the natural resources of the Caesar Creek Lake Region. They support the educational, scientific, and historical activities of the region

497 views • 18 slides
Layering CS 438: Spring 2014 Instructor: Matthew Caesar http://www.cs.illinois.edu/~caesar/cs438

Layering CS 438: Spring 2014 Instructor: Matthew Caesar http://www.cs.illinois.edu/~caesar/cs438

Layering CS 438: Spring 2014 Instructor: Matthew Caesar http://www.cs.illinois.edu/~caesar/cs438 Outline Last time: low-level plumbing Today: top-down architecting of the Internet Goals Layering Protocols The end-to-end

946 views • 58 slides
Course Overview CS 438: Spring 2014 Matthew Caesar http://courses.engr.illinois.edu/cs438/

Course Overview CS 438: Spring 2014 Matthew Caesar http://courses.engr.illinois.edu/cs438/

Course Overview CS 438: Spring 2014 Matthew Caesar http://courses.engr.illinois.edu/cs438/ Building Networks is Challenging Networks are large and complex Tremendous scale 2.4 Billion users (34% of world population) 1 Trillion

404 views • 39 slides
Information Retrieval Lecture 1 Query Which plays of Shakespeare contain the words Brutus

Information Retrieval Lecture 1 Query Which plays of Shakespeare contain the words Brutus

Information Retrieval Lecture 1 Query Which plays of Shakespeare contain the words Brutus Brutus AND Caesar Caesar but NOT Calpurnia Calpurnia ? Could grep all of Shakespeares plays for Brutus and Caesar, Brutus Caesar, then strip

563 views • 40 slides
Physical Media CS 438: Spring 2014 Instructor: Matthew Caesar

Physical Media CS 438: Spring 2014 Instructor: Matthew Caesar

Physical Media CS 438: Spring 2014 Instructor: Matthew Caesar http://www.cs.illinois.edu/~caesar/cs438 2 Today: Physical Media Networks are made up of devices and communication links Devices and links can be physically threatened

1.01k views • 75 slides
CS 598: Network Security Matthew Caesar January 15, 2013 1 Networks are Important Networks

CS 598: Network Security Matthew Caesar January 15, 2013 1 Networks are Important Networks

Lecture 1: Course Overview CS 598: Network Security Matthew Caesar January 15, 2013 1 Networks are Important Networks propagate information Information is the enemy of evildoers They can no longer hide in the shadows Can

532 views • 34 slides
1 Cant build the matrix Inverted index Term Doc # Documents are parsed to extract words

1 Cant build the matrix Inverted index Term Doc # Documents are parsed to extract words

Query Information Retrieval (IR) Which plays of Shakespeare contain the words Brutus AND Caesar but NOT Calpurnia ? Could grep all of Shakespeares plays for Brutus and Caesar then strip out lines containing Calpurnia ? Slow (for

213 views • 10 slides
1 Cant build the matrix Inverted index Documents are parsed to extract words Term Doc #

1 Cant build the matrix Inverted index Documents are parsed to extract words Term Doc #

Query Information Retrieval (IR) Which plays of Shakespeare contain the words Brutus AND Caesar but NOT Calpurnia ? Could grep all of Shakespeares plays for Brutus and Caesar then strip out lines containing Calpurnia ? Based on slides

419 views • 10 slides
Caesar Cipher If he had anything confidential to say, he wrote it in cipher, that is, by so

Caesar Cipher If he had anything confidential to say, he wrote it in cipher, that is, by so

Caesar Cipher If he had anything confidential to say, he wrote it in cipher, that is, by so changing the order of the letters of the alphabet, that not a word could be made out. If anyone wishes to decipher these, and get at their meaning, he

1.03k views • 5 slides
0 The evil that men do lives after them. Julius Caesar , by William Shakespeare 0 Where I

0 The evil that men do lives after them. Julius Caesar , by William Shakespeare 0 Where I

Temporal Logic: The Lesser of Three Evils Leslie Lamport Microsoft Research 0 The evil that men do lives after them. Julius Caesar , by William Shakespeare 0 Where I Started Making sure my concurrent algorithms were right. Proving the

1.49k views • 112 slides
Ethernet CS/ECE 438: Spring 2014 Instructor: Matthew Caesar

Ethernet CS/ECE 438: Spring 2014 Instructor: Matthew Caesar

Ethernet CS/ECE 438: Spring 2014 Instructor: Matthew Caesar http://courses.engr.illinois.edu/cs438/ Some History Ethernet was invented as a broadcast technology Each packet received by all attached hosts Easy to set up, cheap to

1.57k views • 123 slides
Toward Fair and Comprehensive Benchmarking of CAESAR Candidates in Hardware: Standard API,

Toward Fair and Comprehensive Benchmarking of CAESAR Candidates in Hardware: Standard API,

Toward Fair and Comprehensive Benchmarking of CAESAR Candidates in Hardware: Standard API, High-Speed ImplementaCons in VHDL/Verilog, and Benchmarking Using FPGAs Ekawat Homsirikamol, William Diehl, Ahmed Ferozpuri, Farnoud Farahmand, Michael

908 views • 53 slides
An Alterna)ve Approach to Hardware Benchmarking of CAESAR Candidates Based on the Use of

An Alterna)ve Approach to Hardware Benchmarking of CAESAR Candidates Based on the Use of

An Alterna)ve Approach to Hardware Benchmarking of CAESAR Candidates Based on the Use of High-Level Synthesis Tools Ekawat Homsirikamol and Kris Gaj George Mason University USA Based on work partially supported by the National Science

775 views • 50 slides
people people name name id id age age

people people name name id id age age

people people name name id id age age stephanie stephanie 1 1 19 19 Query 1 dylan dylan 2 2 26 26 people.filter{p => p.age 18} mary kate mary kate 3 3 17 17 pets

888 views • 43 slides
ACORN A Lightweight Authenticated Cipher Hongjun Wu Nanyang Technological University DIAC 2014

ACORN A Lightweight Authenticated Cipher Hongjun Wu Nanyang Technological University DIAC 2014

ACORN A Lightweight Authenticated Cipher Hongjun Wu Nanyang Technological University DIAC 2014 ACORN 1 ACORN DIAC 2014 ACORN 2 Different Design Approaches: AES-NI (AEGIS) Fast SIMD (MORUS) Mode (JAMBU) Lightweight Dedicated ( ACORN

1.06k views • 13 slides
ACORN v3 A Lightweight Authenticated Cipher Hongjun Wu Nanyang Technological University DIAC

ACORN v3 A Lightweight Authenticated Cipher Hongjun Wu Nanyang Technological University DIAC

ACORN v3 A Lightweight Authenticated Cipher Hongjun Wu Nanyang Technological University DIAC 2016 ACORN 1 Different Design Approaches: AES-NI (AEGIS) Fast SIMD (MORUS) Mode (JAMBU) Lightweight Dedicated ( ACORN ) DIAC 2016 ACORN 2

358 views • 15 slides
Learning from Unlabeled Video Carl Vondrick Columbia University Survivor Bias of Video Data

Learning from Unlabeled Video Carl Vondrick Columbia University Survivor Bias of Video Data

Learning from Unlabeled Video Carl Vondrick Columbia University Survivor Bias of Video Data Large-scale Video Classification with Convolutional Neural Networks, CVPR 2014 Survivor Bias of Video Data Large-scale Video Classification with

760 views • 39 slides
before before before before

before before before before

before before before before

416 views • 4 slides
Mobility in UTB-SOI PFETS: Local Coordinate-Based Modeling with the Density Gradient Method

Mobility in UTB-SOI PFETS: Local Coordinate-Based Modeling with the Density Gradient Method

Mobility in UTB-SOI PFETS: Local Coordinate-Based Modeling with the Density Gradient Method Daniel Connelly, Acorn Technologies D. E. Grupp, Acorn Technologies Daniel Yergeau, Paco Leon: Mixed Technology Associates ACORN Technologies Inc

729 views • 24 slides
Nab: a precise study of unpolarized neutron beta decay Dinko Po cani c , (for the Nab

Nab: a precise study of unpolarized neutron beta decay Dinko Po cani c , (for the Nab

Nab: a precise study of unpolarized neutron beta decay Dinko Po cani c , (for the Nab Collaboration) Institute for Nuclear and Particle Physics, University of Virginia 27 October 2016 2017 Fall Meeting of the APS Division of Nuclear

562 views • 25 slides
MODULE THREE Creativity is like electricity - you dont have to understand it to harness is

MODULE THREE Creativity is like electricity - you dont have to understand it to harness is

MODULE THREE Creativity is like electricity - you dont have to understand it to harness is Maya Angelou Creativity us the Act Of Allowing Consciousness to find expression THROUGH YOUR GIFTS & TALENTS The Evolutionary Impulse is the

321 views • 15 slides

More recommend