comparison of cipher implementations from cipher authors
play

Comparison of Cipher implementations from cipher authors - PowerPoint PPT Presentation

Sep 24, 2022 •454 likes •602 views

Comparison of Cipher implementations from cipher authors 256-bit stream ciphers D. J. Bernstein Timing tools Thanks to: (De Canni` ere) University of Illinois at Chicago Denmark Technical University

  1. � � Comparison of Cipher implementations from cipher authors 256-bit stream ciphers D. J. Bernstein Timing tools Thanks to: (De Canni` ere) � University of Illinois at Chicago � � � � Denmark Technical University Timings Alfred P. Sloan Foundation on various machines Graphing tools (Bernstein) � � � � � Speed graphs in this talk

  2. � � Security disasters Cipher implementations from cipher authors ciphers Attack claimed on Attack claimed on Timing tools Presumably also Py6. (De Canni` ere) � Illinois at Chicago � Attack claimed on � � � echnical University Timings “2 226 .” Foundation on various machines Is there any dispute about these attacks? Graphing tools If not: Reject YAMB (Bernstein) competition for 256-bit � � � � � Speed graphs in this talk

  3. � � Security disasters Cipher implementations from cipher authors Attack claimed on YAMB: “2 58 .” Attack claimed on Py: “2 72 .” Timing tools Presumably also Py6. (De Canni` ere) � � Attack claimed on SOSEMANUK: � � � Timings “2 226 .” on various machines Is there any dispute about these attacks? Graphing tools If not: Reject YAMB etc. as (Bernstein) competition for 256-bit AES. � � � � � Speed graphs in this talk

  4. Security disasters Speed disasters implementations authors Attack claimed on YAMB: “2 58 .” FUBUKI is slower in all of these benchma Attack claimed on Py: “2 72 .” Timing tools Any hope of faster Presumably also Py6. (De Canni` ere) If not: Reject FUBUKI. � � Attack claimed on SOSEMANUK: � VEST is extremely Timings “2 226 .” in all of these benchma machines Is there any dispute On the other hand, about these attacks? VEST is claimed to Graphing tools If not: Reject YAMB etc. as faster in hardware. (Bernstein) competition for 256-bit AES. � � � graphs talk

  5. Security disasters Speed disasters Attack claimed on YAMB: “2 58 .” FUBUKI is slower than AES in all of these benchmarks. Attack claimed on Py: “2 72 .” Any hope of faster FUBUKI? Presumably also Py6. If not: Reject FUBUKI. Attack claimed on SOSEMANUK: VEST is extremely slow “2 226 .” in all of these benchmarks. Is there any dispute On the other hand, about these attacks? VEST is claimed to be If not: Reject YAMB etc. as faster in hardware. competition for 256-bit AES.

  6. disasters Speed disasters Remaining 256-bit CryptMT, DICING, on YAMB: “2 58 .” FUBUKI is slower than AES HC-256, Phelix, Salsa20. in all of these benchmarks. on Py: “2 72 .” Any hope of faster FUBUKI? Could say, e.g., Py6. If not: Reject FUBUKI. “CryptMT is practically on SOSEMANUK: slower than Phelix VEST is extremely slow and should be eliminated”; in all of these benchmarks. but what if Phelix dispute On the other hand, attacks? VEST is claimed to be Attacks on Py, SOSEMANUK AMB etc. as faster in hardware. were published in 256-bit AES. Need more time fo

  7. Speed disasters Remaining 256-bit ciphers: CryptMT, DICING, Dragon, FUBUKI is slower than AES HC-256, Phelix, Salsa20. in all of these benchmarks. Any hope of faster FUBUKI? Could say, e.g., If not: Reject FUBUKI. “CryptMT is practically always slower than Phelix VEST is extremely slow and should be eliminated”; in all of these benchmarks. but what if Phelix is broken? On the other hand, VEST is claimed to be Attacks on Py, SOSEMANUK faster in hardware. were published in December. Need more time for cryptanalysis.

  8. Remaining 256-bit ciphers: Speedup: security CryptMT, DICING, Dragon, er than AES Can speed up AES HC-256, Phelix, Salsa20. enchmarks. by reducing rounds faster FUBUKI? Could say, e.g., from 14 to, e.g., 10. FUBUKI. “CryptMT is practically always No known attacks. slower than Phelix extremely slow Can speed up Salsa20 and should be eliminated”; enchmarks. by reducing rounds but what if Phelix is broken? hand, from 20 to, e.g., 12 claimed to be Attacks on Py, SOSEMANUK No known attacks. re. were published in December. Do any other submissions Need more time for cryptanalysis. have a security ma

  9. Remaining 256-bit ciphers: Speedup: security margin CryptMT, DICING, Dragon, Can speed up AES HC-256, Phelix, Salsa20. by reducing rounds Could say, e.g., from 14 to, e.g., 10. “CryptMT is practically always No known attacks. slower than Phelix Can speed up Salsa20 and should be eliminated”; by reducing rounds but what if Phelix is broken? from 20 to, e.g., 12 or 8. Attacks on Py, SOSEMANUK No known attacks. were published in December. Do any other submissions Need more time for cryptanalysis. have a security margin?

  10. 256-bit ciphers: Speedup: security margin Slowdown: forgeries DICING, Dragon, Can speed up AES Packets must be authenticated. Phelix, Salsa20. by reducing rounds State of the art: P from 14 to, e.g., 10. around 4 cycles per ractically always No known attacks. plus encrypting 16 Phelix Can speed up Salsa20 Fastest encryption eliminated”; by reducing rounds fastest authenticated Phelix is broken? from 20 to, e.g., 12 or 8. Not necessarily! SOSEMANUK No known attacks. Phelix includes authentication. in December. Do any other submissions Benchmarks need for cryptanalysis. have a security margin?

  11. Speedup: security margin Slowdown: forgeries Can speed up AES Packets must be authenticated. by reducing rounds State of the art: Poly1305, from 14 to, e.g., 10. around 4 cycles per byte No known attacks. plus encrypting 16 bytes. Can speed up Salsa20 Fastest encryption implies by reducing rounds fastest authenticated encryption? from 20 to, e.g., 12 or 8. Not necessarily! No known attacks. Phelix includes authentication. Do any other submissions Benchmarks need to cover this. have a security margin?

  12. security margin Slowdown: forgeries Slowdown: timing AES Packets must be authenticated. Typical AES softw rounds leaks key through State of the art: Poly1305, e.g., 10. Often attacker can around 4 cycles per byte attacks. plus encrypting 16 bytes. Constant-time AES Salsa20 is considerably slo Fastest encryption implies rounds fastest authenticated encryption? Slowdown depends e.g., 12 or 8. Not necessarily! CryptMT, Phelix, attacks. Phelix includes authentication. DICING, Dragon, submissions Benchmarks need to cover this. Benchmarks need margin?

  13. Slowdown: forgeries Slowdown: timing attacks Packets must be authenticated. Typical AES software leaks key through timing. State of the art: Poly1305, Often attacker can see timing. around 4 cycles per byte plus encrypting 16 bytes. Constant-time AES software is considerably slower. Fastest encryption implies fastest authenticated encryption? Slowdown depends on cipher. Not necessarily! CryptMT, Phelix, Salsa20: 0. Phelix includes authentication. DICING, Dragon, HC-256: ? Benchmarks need to cover this. Benchmarks need to cover this.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Problem 1 k zero bits n bits IV Block Block Block Block Cipher Cipher Cipher Cipher

Problem 1 k zero bits n bits IV Block Block Block Block Cipher Cipher Cipher Cipher

Problem 1 k zero bits n bits IV Block Block Block Block Cipher Cipher Cipher Cipher removed January 27, 2011 Practical Aspects of Modern Cryptography 2 Problem 1 IV Inverse Inverse Inverse Inverse Cipher Cipher Cipher Cipher

464 views • 20 slides
Vigenre Cipher Like Csar cipher, but use a phrase Example Message THE BOY HAS THE

Vigenre Cipher Like Csar cipher, but use a phrase Example Message THE BOY HAS THE

Vigenre Cipher Like Csar cipher, but use a phrase Example Message THE BOY HAS THE BALL Key VIG Encipher using Csar cipher for each letter: key VIGVIGVIGVIGVIGV plain THEBOYHASTHEBALL cipher OPKWWECIYOPKWIRG May

304 views • 26 slides
Caesar Cipher If he had anything confidential to say, he wrote it in cipher, that is, by so

Caesar Cipher If he had anything confidential to say, he wrote it in cipher, that is, by so

Caesar Cipher If he had anything confidential to say, he wrote it in cipher, that is, by so changing the order of the letters of the alphabet, that not a word could be made out. If anyone wishes to decipher these, and get at their meaning, he

1.03k views • 5 slides
ASIC Implementations of the Block Cipher SEA for Constrained Applications Fran cois Mac e,

ASIC Implementations of the Block Cipher SEA for Constrained Applications Fran cois Mac e,

ASIC Implementations of the Block Cipher SEA for Constrained Applications ASIC Implementations of the Block Cipher SEA for Constrained Applications Fran cois Mac e, Fran cois-Xavier Standaert, Jean-Jacques Quisquater Universit e

189 views • 17 slides
CS 241 Data Organization Ciphers March 22, 2018 Cipher In cryptography, a cipher (or

CS 241 Data Organization Ciphers March 22, 2018 Cipher In cryptography, a cipher (or

CS 241 Data Organization Ciphers March 22, 2018 Cipher In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption. When using a cipher, the original information is known as plaintext , and the

449 views • 41 slides
Classical Ciphers Playfair Cipher Polyalphabetic Ciphers Cryptography Vigen` ere Cipher

Classical Ciphers Playfair Cipher Polyalphabetic Ciphers Cryptography Vigen` ere Cipher

Cryptography Classical Ciphers Caesar Cipher Monoalphabetic Ciphers Classical Ciphers Playfair Cipher Polyalphabetic Ciphers Cryptography Vigen` ere Cipher Vernam Cipher One Time Pad School of Engineering and Technology CQUniversity

687 views • 64 slides
Classical Ciphers Playfair Cipher Polyalphabetic Ciphers Cryptography Vigen` ere Cipher

Classical Ciphers Playfair Cipher Polyalphabetic Ciphers Cryptography Vigen` ere Cipher

Cryptography Classical Ciphers Caesar Cipher Monoalphabetic Ciphers Classical Ciphers Playfair Cipher Polyalphabetic Ciphers Cryptography Vigen` ere Cipher Vernam Cipher School of Engineering and Technology One Time Pad CQUniversity

1.02k views • 64 slides
Tweakable Block Cipher Secure Beyond the Birthday Bound in the Ideal Cipher Model Jooyoung Lee ,

Tweakable Block Cipher Secure Beyond the Birthday Bound in the Ideal Cipher Model Jooyoung Lee ,

Tweakable Block Cipher Secure Beyond the Birthday Bound in the Ideal Cipher Model Jooyoung Lee , Byeonghak Lee KAIST Tweakable Block Cipher A tweakable block cipher accepts an additional input "tweak - Tweaks are publicly used

519 views • 30 slides
ASIC Implementations of the Block Cipher SEA for Constrained Applications e , Fran

ASIC Implementations of the Block Cipher SEA for Constrained Applications e , Fran

ASIC Implementations of the Block Cipher SEA for Constrained Applications e , Fran cois-Xavier Standaert , Jean-Jacques Quisquater Fran cois Mac UCL Crypto Group, Universit e Catholique de Louvain. e-mails:

289 views • 12 slides
Extending the Hill Cipher Two secure modifications of the classic cipher John Chase Matt Davis

Extending the Hill Cipher Two secure modifications of the classic cipher John Chase Matt Davis

Introduction SVK Hill Cipher TF Hill Cipher Summary Extending the Hill Cipher Two secure modifications of the classic cipher John Chase Matt Davis Cryptography 625.480 December 2, 2010 / Final Paper Presentation Introduction SVK Hill

1.31k views • 90 slides
Vigenre Cipher - a polyalphabetic version of the shift cipher Key: (k 1 ,k 2 ,,k m ) Z

Vigenre Cipher - a polyalphabetic version of the shift cipher Key: (k 1 ,k 2 ,,k m ) Z

Vigenre Cipher - a polyalphabetic version of the shift cipher Key: (k 1 ,k 2 ,,k m ) Z 26m , where m is the key length Encryption in blocks: (x 1 , x 2 , , x m ) (x 1 +k 1 , x 2 +k 2 , , x m +k m ) Z 26m Example: encrypt

413 views • 10 slides
Grbner Bases. Applications in Cryptology Description of the Cipher Families Feistel cipher:

Grbner Bases. Applications in Cryptology Description of the Cipher Families Feistel cipher:

Grbner - Crypto J.-C. Faugre Plan Grbner bases: properties Grbner Bases. Applications in Cryptology Description of the Cipher Families Feistel cipher: FLURRY Feistel cipher modelling Jean-Charles Faugre Algorithms Buchberger

694 views • 57 slides
Block Cipher Modes of Operation Electronic Code Book Cipher Block Chaining Mode Cryptography

Block Cipher Modes of Operation Electronic Code Book Cipher Block Chaining Mode Cryptography

Cryptography Block Cipher Modes of Operation Block Ciphers with Multiple Blocks Block Cipher Modes of Operation Electronic Code Book Cipher Block Chaining Mode Cryptography Cipher Feedback Mode School of Engineering and Technology

428 views • 32 slides
COBRA: A Parallelizable Authenticated Online Cipher without Block Cipher Inverse 1 Atul Luykx

COBRA: A Parallelizable Authenticated Online Cipher without Block Cipher Inverse 1 Atul Luykx

COBRA: A Parallelizable Authenticated Online Cipher without Block Cipher Inverse 1 Atul Luykx COSIC KU Leuven and iMinds March 3, 2014 1 Joint work with E. Andreeva, B. Mennink, and K. Yasuda. 1 / 23 Overview COBRA 1 Misuse resistance 2

711 views • 58 slides
Automatic Synthesis of Fault Attack Resistant Cipher Implementations Chester Rebeiro IIT Madras

Automatic Synthesis of Fault Attack Resistant Cipher Implementations Chester Rebeiro IIT Madras

Automatic Synthesis of Fault Attack Resistant Cipher Implementations Chester Rebeiro IIT Madras Side Channel Analysis Electro magnetic Radiation Fault injection Power consumption Timing channels Preventing Side Channel Attacks is

468 views • 34 slides
Advanced Block Cipher Design My crazy boss asked me to design a new block cipher. Whats next?

Advanced Block Cipher Design My crazy boss asked me to design a new block cipher. Whats next?

Advanced Block Cipher Design My crazy boss asked me to design a new block cipher. Whats next? Pascal Junod University of Applied Sciences Western Switzerland Pascal Junod -- Advanced Block Cipher Design 1 ECRYPT II Summer School - May

914 views • 56 slides
Applicant Post Award Process Public Assistance (PA) Program FEMA-DR-4512-VA COVID - 19

Applicant Post Award Process Public Assistance (PA) Program FEMA-DR-4512-VA COVID - 19

Applicant Post Award Process Public Assistance (PA) Program FEMA-DR-4512-VA COVID - 19 Presented by the Finance and Recovery Sections of the Virginia Emergency Support Team (VEST) 1 What Happens Post-Award? 2 What happens next?

431 views • 19 slides
DMLSS and Strategic Sourcing Capability and Pricing Agreements Practical Experience Mr. Ivan

DMLSS and Strategic Sourcing Capability and Pricing Agreements Practical Experience Mr. Ivan

DMLSS and Strategic Sourcing Capability and Pricing Agreements Practical Experience Mr. Ivan Domenech JMLFDC Ms. Katy Furr JMLFDC LCDR Jason Galka, USN DLA-Troop Support Maj Kevin Bourne, USAF DLA-Troop Support CPE Information and

623 views • 21 slides
Cooperative Positioning in Urban Environments: Opportunities and Challenges Joon Wayn Cheong

Cooperative Positioning in Urban Environments: Opportunities and Challenges Joon Wayn Cheong

Cooperative Positioning in Urban Environments: Opportunities and Challenges Joon Wayn Cheong DSRC Proposed for C-ITS Each vehicle broadcasts its own position . Similar to ADS-B or AIS Assumes that sufficiently accurate position of

619 views • 22 slides
ITU-R Study Group 1 on-going activities on Spectrum Management Webpage

ITU-R Study Group 1 on-going activities on Spectrum Management Webpage

ITU-R Study Group 1 on-going activities on Spectrum Management Webpage www.itu.int/ITU-R/go/rsg1 Wael SAYED Chairman, ITU-R Study Group 1 Philippe AUBINEAU ITU-R SG1 Counsellor Study Group 1 Spectrum Management Spectrum

581 views • 25 slides
CSE775: Computer Architecture Chapter 1: Fundamentals of Chapter 1: Fundamentals of Computer

CSE775: Computer Architecture Chapter 1: Fundamentals of Chapter 1: Fundamentals of Computer

CSE775: Computer Architecture Chapter 1: Fundamentals of Chapter 1: Fundamentals of Computer Design 1 Computer Architecture Topics Input/Output and Storage Disks, WORM, Tape p RAID Emerging Technologies DRAM Interleaving Memories

703 views • 37 slides
It Takes a Village: Reasoning About Concurrent Processes David Castro, Francisco Ferreira,

It Takes a Village: Reasoning About Concurrent Processes David Castro, Francisco Ferreira,

It Takes a Village: Reasoning About Concurrent Processes David Castro, Francisco Ferreira, Lorenzo Gheri, and Nobuko Yoshida 2020 VEST Workshop Motivating Meta-Theory Certified tool + reasoning environment Certified code Reasoning

394 views • 26 slides
Scope of coordination system in the pension field VC/2010/1536 Dalila Ghailani Researcher,

Scope of coordination system in the pension field VC/2010/1536 Dalila Ghailani Researcher,

Scope of coordination system in the pension field VC/2010/1536 Dalila Ghailani Researcher, European social observatory ghailani@ose.be Administrative Commission for the Coordination of Social Security Systems Brussels, 20th June 2013

483 views • 11 slides
Incentive Plans for Startups PwC Kellerhals Carrard R em o Schm id , Partner K arim M aizar ,

Incentive Plans for Startups PwC Kellerhals Carrard R em o Schm id , Partner K arim M aizar ,

9/14/18 Swiss Startup Day 25 Septem ber 2018 - Bern Incentive Plans for Startups PwC Kellerhals Carrard R em o Schm id , Partner K arim M aizar , Partner remo.schmid@ch.pwc.com karim.maizar@kellerhals-carrrard.ch +41 58 792 46 08 +41 58 200

520 views • 36 slides

More recommend