fides
play

FIDES: Lightweight Authentication Cipher with Side-Channel - PowerPoint PPT Presentation

May 28, 2023 •521 likes •1.29k views

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware Begl Bilgin, Andrey Bogdanov, Miroslav Kne evi , Florian Mendel, and Qingju Wang 1 DIAC 2013, Chicago Side Channel Resistance 2 Side

  1. FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware Begül Bilgin, Andrey Bogdanov, Miroslav Kne ž evi ć , Florian Mendel, and Qingju Wang 1 DIAC 2013, Chicago

  2. Side Channel Resistance 2

  3. Side Channel Resistance The Game... 2

  4. Side Channel Resistance The Game... ‣ Mathematically secure crypto algorithms 2

  5. Side Channel Resistance The Game... ‣ Mathematically secure crypto algorithms ✓ AES, RSA, Keccak, OCB, … 2

  6. Side Channel Resistance The Game... ‣ Mathematically secure crypto algorithms ✓ AES, RSA, Keccak, OCB, … ‣ Weak implementation 2

  7. Side Channel Resistance The Game... ‣ Mathematically secure crypto algorithms ✓ AES, RSA, Keccak, OCB, … ‣ Weak implementation 2

  8. Side Channel Resistance The Game... ‣ Mathematically secure crypto algorithms ✓ AES, RSA, Keccak, OCB, … ‣ Weak implementation Dependency between power consumption and intermediate value (depends on the key) 2

  9. Side Channel Resistance 3

  10. Side Channel Resistance x Change the key frequently 3

  11. Side Channel Resistance x Change the key frequently x Equalize power consumption 3

  12. Side Channel Resistance x Change the key frequently x Equalize power consumption ✓ Randomize power consumption 3

  13. Side Channel Resistance x Change the key frequently x Equalize power consumption ✓ Randomize power consumption - Boolean masking 3

  14. Side Channel Resistance inp^m 0 out^m 1 x Change the key frequently L x Equalize power consumption m 0 m 1 L ✓ Randomize power consumption - Boolean masking 3

  15. Side Channel Resistance x Change the key frequently x Equalize power consumption ✓ Randomize power consumption - Boolean masking 3

  16. Side Channel Resistance inp^m 0 out^m 1 x Change the key frequently S x Equalize power consumption m 0 m 1 S ✓ Randomize power consumption - Boolean masking 3

  17. Side Channel Resistance inp^m 0 out^m 1 x Change the key frequently S x Equalize power consumption m 0 m 1 S ✓ Randomize power consumption - Boolean masking - Multiplicative masking 3

  18. Side Channel Resistance x Change the key frequently x Equalize power consumption ✓ Randomize power consumption - Boolean masking - Multiplicative masking 3

  19. Side Channel Resistance x Change the key frequently x Equalize power consumption ✓ Randomize power consumption - Boolean masking - Multiplicative masking Secret sharing e.g. Threshold Implementations [Nikova’11] - 3

  20. Side Channel Resistance inp^m 0 ^m 1 out^m 2 ^m 3 x Change the key frequently S x Equalize power consumption m 0 m 2 S ✓ Randomize power consumption m 1 S m 3 - Boolean masking - Multiplicative masking Secret sharing e.g. Threshold Implementations [Nikova’11] - 3

  21. Side Channel Resistance 4

  22. Side Channel Resistance Have the design 4

  23. Side Channel Resistance Need efficient impl. Have the design 4

  24. Side Channel Resistance Need efficient impl. Need Have the secure impl. design 4

  25. Side Channel Resistance Need efficient impl. Need Have the secure impl. design 1 st Order Multipl. Mask Boolean Mask TI 2 nd Order SW HW ?? Still efficient ?? 4

  26. Side Channel Resistance Need efficient impl. Need Have the secure impl. design 1 st Order Multipl. Mask Boolean Mask TI 2 nd Order SW HW Still efficient 5

  27. Design - Structure a A 1 A 2 A v C 1 C u M u M 1 16R 16R 1R 1R 1R 1R 1R 1R K || N T . . . . . . K || 0 6

  28. Design - Structure a A 1 A 2 A v C 1 C u M u M 1 16R 16R 1R 1R 1R 1R 1R 1R K || N T . . . . . . K || 0 Similar to duplex sponge - 6

  29. Design - Structure a A 1 A 2 A v C 1 C u M u M 1 16R 16R 1R 1R 1R 1R 1R 1R K || N T . . . . . . K || 0 Similar to duplex sponge - Rounds are not keyed - 6

  30. Design - Structure a A 1 A 2 A v C 1 C u M u M 1 16R 16R 1R 1R 1R 1R 1R 1R K || N T . . . . . . K || 0 Similar to duplex sponge - Rounds are not keyed - Online ✓ 6

  31. Design - Structure a A 1 A 2 A v C 1 C u M u M 1 16R 16R 1R 1R 1R 1R 1R 1R K || N T . . . . . . K || 0 Similar to duplex sponge - Rounds are not keyed - Online ✓ Single pass ✓ 6

  32. Design - Structure a A 1 A 2 A v C 1 C u M u M 1 16R 16R 1R 1R 1R 1R 1R 1R K || N T . . . . . . K || 0 Similar to duplex sponge - b k/n/t r Rounds are not keyed - FIDES-80 160 80 10 Online ✓ FIDES-96 192 96 12 Single pass ✓ 6

  33. Design - Structure a A 1 A 2 A v C 1 C u M u M 1 16R 16R 1R 1R 1R 1R 1R 1R K || N T . . . . . . K || 0 Similar to duplex sponge - b k/n/t r Rounds are not keyed - FIDES-80 160 80 10 Online ✓ FIDES-96 192 96 12 Single pass ✓ 7

  34. Design - Structure a A 1 A 2 A v C 1 C u M u M 1 16R 16R 1R 1R 1R 1R 1R 1R K || N T . . . . . . K || 0 Similar to duplex sponge - b k/n/t r Rounds are not keyed - FIDES-80 160 80 10 Online ✓ FIDES-96 192 96 12 Single pass ✓ 8

  35. Design - Structure a A 1 A 2 A v C 1 C u M u M 1 16R 16R 1R 1R 1R 1R 1R 1R K || N T . . . . . . K || 0 Similar to duplex sponge - b k/n/t r Rounds are not keyed - FIDES-80 160 80 10 Online ✓ FIDES-96 192 96 12 Single pass ✓ 9

  36. Design - Structure 1R State SubBytes ShiftRows MixColumns ConstantAddition 10

  37. Design - Structure 1R State SubBytes ShiftRows MixColumns ConstantAddition 11

  38. Design - Structure 1R State 0 SubBytes 1 2 ShiftRows 7 MixColumns ConstantAddition 12

  39. Design - Structure 1R State SubBytes ShiftRows MixColumns ConstantAddition Almost MDS branch number is 4 13

  40. Design - Structure 1R State SubBytes ShiftRows MixColumns ConstantAddition 14

  41. Design - S-boxes • FIDES-80: 5-bit Almost Bent (AB) - optimal resistance against differential & linear cryptanalysis - degree 2 (two), 3(one), 4(one) • FIDES-96: 6-bit Almost Perfect Nonlinear (APN) - optimal resistance against differential cryptanalysis - degree 4 15

  42. Design - S-boxes • FIDES-80: 5-bit Almost Bent (AB) - optimal resistance against differential & linear cryptanalysis - degree 2 (two), 3(one), 4(one) • FIDES-96: 6-bit Almost Perfect Nonlinear (APN) - optimal resistance against differential cryptanalysis - degree 4 ++Low latency++ 15

  43. Design - S-boxes • FIDES-80: 5-bit Almost Bent (AB) - optimal resistance against differential & linear cryptanalysis - degree 2 (two), 3(one), 4(one) • FIDES-96: 6-bit Almost Perfect Nonlinear (APN) - optimal resistance against differential cryptanalysis - degree 4 ++Low latency++ 15

  44. Design - S-boxes • FIDES-80: 5-bit Almost Bent (AB) - optimal resistance against differential & linear cryptanalysis - degree 2 (two), 3(one), 4(one) • FIDES-96: 6-bit Almost Perfect Nonlinear (APN) - optimal resistance against differential cryptanalysis - degree 4 ++Low latency++ 16

  45. Design - S-boxes 17

  46. Design - S-boxes Affine Equivalent to AB permutation with degree 2 17

  47. Design - S-boxes Affine Equivalent to AB permutation with degree 2 Shared S-box Unshared S-box 25000 25000 20000 20000 # of S-boxes 15000 15000 10000 10000 5000 5000 0 0 45 50 55 60 65 70 75 80 85 90 95 100 105 245 255 135 145 155 165 175 185 195 205 215 225 235 # of GE (UMC 180nm) 17

  48. Design - S-boxes Affine Equivalent to AB permutation with degree 2 Shared S-box Unshared S-box 25000 25000 20000 20000 # of S-boxes 15000 15000 10000 10000 5000 5000 0 0 45 50 55 60 65 70 75 80 85 90 95 100 105 245 255 135 145 155 165 175 185 195 205 215 225 235 # of GE (UMC 180nm) 18

  49. Design - S-boxes Affine Equivalent to AB permutation with degree 2 Shared S-box Unshared S-box 25000 25000 20000 20000 # of S-boxes 15000 15000 10000 10000 5000 5000 0 0 45 50 55 60 65 70 75 80 85 90 95 100 105 245 255 135 145 155 165 175 185 195 205 215 225 235 # of GE (UMC 180nm) Similar for APN 18

  50. Security Analysis # Active Active S-box # # rnd. any diff. zero diff. 1 0 - 2 4 - 3 7 - 4 16 - 5 22 - 6 32 52 7 42 49 8 48 48 19

  51. Security Analysis # Active Active S-box # # rnd. any diff. zero diff. • Differential & Linear Cryptanalysis 1 0 - 2 4 - 3 7 - 4 16 - 5 22 - 6 32 52 7 42 49 8 48 48 19

  52. Security Analysis # Active Active S-box # # rnd. any diff. zero diff. • Differential & Linear Cryptanalysis 1 0 - 16 rounds: 2 -4x48x2 = 2 -384 2 4 - 3 7 - 4 16 - 5 22 - 6 32 52 7 42 49 8 48 48 19

  53. Security Analysis # Active Active S-box # # rnd. any diff. zero diff. • Differential & Linear Cryptanalysis 1 0 - 16 rounds: 2 -4x48x2 = 2 -384 2 4 - • Collision Trails 3 7 - 4 16 - 5 22 - 6 32 52 7 42 49 8 48 48 19

  54. Security Analysis # Active Active S-box # # rnd. any diff. zero diff. • Differential & Linear Cryptanalysis 1 0 - 16 rounds: 2 -4x48x2 = 2 -384 2 4 - • Collision Trails 3 7 - 16 rounds: 2 -4x(48+48) = 2 -384 4 16 - 5 22 - 6 32 52 7 42 49 8 48 48 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

DSpace at UTS DSpace at UTS Fides Datu Lawton Fides Datu Lawton fides.lawton@uts.edu.au

DSpace at UTS DSpace at UTS Fides Datu Lawton Fides Datu Lawton fides.lawton@uts.edu.au

DSpace at UTS DSpace at UTS Fides Datu Lawton Fides Datu Lawton fides.lawton@uts.edu.au fides.lawton@uts.edu.au Director (Library Resources Unit) Director (Library Resources Unit) UTS:Library UTS:Library Repository Market Day Repository

165 views • 16 slides
Learning I/O Automata Fides Aarts and Frits Vaandrager ICIS, Radboud Universiteit Nijmegen

Learning I/O Automata Fides Aarts and Frits Vaandrager ICIS, Radboud Universiteit Nijmegen

Introduction I/O Behavior and Determinism Interface Automata Learning IOAs Conclusions and Future Work Learning I/O Automata Fides Aarts and Frits Vaandrager ICIS, Radboud Universiteit Nijmegen CONCUR 2010, Paris Fides Aarts and Frits

1.15k views • 56 slides
Establishing Regular Measurements of Halocarbons at Taunus Observatory Tanja Schuck, Fides

Establishing Regular Measurements of Halocarbons at Taunus Observatory Tanja Schuck, Fides

Establishing Regular Measurements of Halocarbons at Taunus Observatory Tanja Schuck, Fides Lefrancois, Franziska Gallmann, and Andreas Engel Goethe University Frankfurt, Institute for Atmospheric and Environmental Sciences Taunus Observatory

791 views • 21 slides
Cryptanalysis of FIDES Itai Dinur 1 Jrmy Jean 1 , 2 1 cole Normale Suprieure, France 2

Cryptanalysis of FIDES Itai Dinur 1 Jrmy Jean 1 , 2 1 cole Normale Suprieure, France 2

Introduction State Recovery Forgery Tradeoffs The end Cryptanalysis of FIDES Itai Dinur 1 Jrmy Jean 1 , 2 1 cole Normale Suprieure, France 2 Nanyang Technological University, Singapore FSE 2014 March 3, 2014 FSE 2014 Itai Dinur,

725 views • 33 slides
O On Automata Learning A t t L i and and Conformance Testing onformance est ng Bengt

O On Automata Learning A t t L i and and Conformance Testing onformance est ng Bengt

O On Automata Learning A t t L i and and Conformance Testing onformance est ng Bengt Jonsson Bengt Jonsson Uppsala University Acknowledgments Fides Aarts Therese Berg Johan Blom Olga Fides Aarts, Therese Berg, Johan Blom, Olga

1.47k views • 126 slides
Lightweight Cryptography - Hardware Perspective - Miroslav Kne evi NXP Semiconductors

Lightweight Cryptography - Hardware Perspective - Miroslav Kne evi NXP Semiconductors

Lightweight Cryptography - Hardware Perspective - Miroslav Kne evi NXP Semiconductors Thanks to the teams of KATAN, SPONGENT, PRINCE, FIDES Design and Security of Cryptographic Functions, Algorithms, and Devices, PAGE: 1 of 33 Summer

590 views • 45 slides
WIND INDUSTRY PERSPECTIVE Dave Belote, Col (ret), USAF Managing Partner & CEO DARE

WIND INDUSTRY PERSPECTIVE Dave Belote, Col (ret), USAF Managing Partner & CEO DARE

WIND INDUSTRY PERSPECTIVE Dave Belote, Col (ret), USAF Managing Partner & CEO DARE Strategies LLC Bona Fides 32 AOS/CC, Ramstein AB GE, 2001-03 32 EASOS/CC, Tel Aviv, Operation IRAQI FREEDOM 3 ASOG/CC, Fort Hood TX, 2004-06

456 views • 9 slides
One-Sided Access in Two-Sided Markets Marianne Verdier Universit de Lille 1, Laboratoire

One-Sided Access in Two-Sided Markets Marianne Verdier Universit de Lille 1, Laboratoire

One-Sided Access in Two-Sided Markets Marianne Verdier Universit de Lille 1, Laboratoire EQUIPPE I acknowledge financial support from FIDES, Forum sur les Institutions, le Droit, l'Economie et la Socit, to present at the EARIE (2013)

481 views • 34 slides
Cooper Cooperativ tive Ma Manag nagemen ment of of the the South South China China Sea: Sea:

Cooper Cooperativ tive Ma Manag nagemen ment of of the the South South China China Sea: Sea:

Cooper Cooperativ tive Ma Manag nagemen ment of of the the South South China China Sea: Sea: Lessons Lessons fr from other other Seas Seas Fides A. Quintos Foreign Service Institute What is Maritime Security? No universal legal definition

190 views • 18 slides
Learning of Automata Models Learning of Automata Models Extended with Data B Bengt Jonsson t J

Learning of Automata Models Learning of Automata Models Extended with Data B Bengt Jonsson t J

Learning of Automata Models Learning of Automata Models Extended with Data B Bengt Jonsson t J Uppsala University Uppsala University Acknowledgments Fid Fides Aarts A t M ik M Maik Mertens t Therese Bohlin Therese Bohlin Harald

1.19k views • 59 slides
Steps to Culture Change Appropriate Use of Antipsychotics in Dementia Strategies and Resources

Steps to Culture Change Appropriate Use of Antipsychotics in Dementia Strategies and Resources

Steps to Culture Change Appropriate Use of Antipsychotics in Dementia Strategies and Resources Seniors Health Strategic Clinical Network (SCN) In collaboration with Addiction & Mental Health SCN People and Change: what have you noticed?

481 views • 14 slides
Social aspects of change A tale of Prometheus & Grafana Richard Hartmann, RichiH@ {

Social aspects of change A tale of Prometheus & Grafana Richard Hartmann, RichiH@ {

Introduction Background Social Challenges Outro Social aspects of change A tale of Prometheus & Grafana Richard Hartmann, RichiH@ { freenode,OFTC,IRCnet } , richih@ { fosdem,debian,richih } .org, richard.hartmann@space.net 2017-08-17

557 views • 20 slides
The Uncomfortable Notion of Change Prepared by: Lance Drummond June 19, 2015 If it aint

The Uncomfortable Notion of Change Prepared by: Lance Drummond June 19, 2015 If it aint

The Uncomfortable Notion of Change Prepared by: Lance Drummond June 19, 2015 If it aint broke, why change it? 2 The Joy of the Status Quo Reassuring Certain Proven Structured Familiar Comfortable 3 Reality is

475 views • 16 slides
1 In Practice Change Management Issues Can managers expect people to j ust accept a new

1 In Practice Change Management Issues Can managers expect people to j ust accept a new

Sources "Informat ion Technology Proj ect Management by Jack T. Marchewka, Chapt er 11 Professional Issues The Cycle of Change by Kevin Craine From t he book Designing a Document S t rat egy - http:/ /

517 views • 5 slides
Quality Improvement Methodology Beth Hickerson Quality Improvement Advisor September 18, 2017

Quality Improvement Methodology Beth Hickerson Quality Improvement Advisor September 18, 2017

Quality Improvement Methodology Beth Hickerson Quality Improvement Advisor September 18, 2017 WHAT IS QUALITY IMPROVEMENT? What is Quality Improvement? Quality Improvement is systematic and continuous action that lead to measurable

513 views • 30 slides
HARNESSING THE POWER OF MENTAL AGILITY Tapping Into The Science of Change Nicole Lipkin, Psy.D.,

HARNESSING THE POWER OF MENTAL AGILITY Tapping Into The Science of Change Nicole Lipkin, Psy.D.,

HARNESSING THE POWER OF MENTAL AGILITY Tapping Into The Science of Change Nicole Lipkin, Psy.D., MBA Equilibria Leadership Consulting NAP SNOOZE PILLOW NIGHT PYJAMAS QUIET DREAM BLANKET DOZE BED THOUGHTS FEELINGS BEHAVIORS Mental

1.11k views • 23 slides
L ogic of resources and capabilities Apostolos Tzimoulis joint work with Marta Blkov,

L ogic of resources and capabilities Apostolos Tzimoulis joint work with Marta Blkov,

L ogic of resources and capabilities Apostolos Tzimoulis joint work with Marta Blkov, Giuseppe Greco, Alessandra Palmigiano and Nachoem Wijnberg TACL 2017 - Prague M otivation Organizations are social units of agents structured and

465 views • 15 slides
SDN and ForCES based optimal network topology discovery 1 IETF 94, Yokohama, Japan (remote)

SDN and ForCES based optimal network topology discovery 1 IETF 94, Yokohama, Japan (remote)

SDN and ForCES based optimal network topology discovery 1 IETF 94, Yokohama, Japan (remote) Monday 02 November 2015 George Tarnaras (gtarn91@gmail.com) Evangelos Haleplidis (ehalep@ece.upatras.gr) Spyros Denazis (sdena@upatras.gr) 1Tarnaras,

519 views • 7 slides
MC714 - Sistemas Distribuidos slides by Maarten van Steen (adapted from Distributed System - 3rd

MC714 - Sistemas Distribuidos slides by Maarten van Steen (adapted from Distributed System - 3rd

MC714 - Sistemas Distribuidos slides by Maarten van Steen (adapted from Distributed System - 3rd Edition) Chapter 02: Architectures Version: March 12, 2020 Architectures: Architectural styles Architectural styles Basic idea A style is

690 views • 30 slides
XOR Arbiter PUFs have Systematic Response Bias Nils Wisiol and Niklas Pirnay Financial

XOR Arbiter PUFs have Systematic Response Bias Nils Wisiol and Niklas Pirnay Financial

XOR Arbiter PUFs have Systematic Response Bias Nils Wisiol and Niklas Pirnay Financial Cryptography 2020 Kota Kinabalu 10 Feb 2020 nils.wisiol@tu-berlin.de niklas.pirnay@campus.tu-berlin.de 1 2 3 How To Start Your Financial Crypto

676 views • 16 slides
Background Response rates (RR) have been declining over time. Proven methods to increase

Background Response rates (RR) have been declining over time. Proven methods to increase

5/22/2013 How Important are High Response Rates for College Surveys? Kevin Fosnacht Shimon Sarraf Elijah Howe Leah Peck Indiana University Center for Postsecondary Research Background Response rates (RR) have been declining over time.

527 views • 15 slides
DEFINING KEY WORDS AND TERMS Difference Identity 1 3/23/2016 PROGRAM APPROACHES Cultural

DEFINING KEY WORDS AND TERMS Difference Identity 1 3/23/2016 PROGRAM APPROACHES Cultural

3/23/2016 SESSION OBJECTIVES - PARTICIPANTS WILL: Investigate the spectrum of commonly used terms in anti-bias approaches Identify fundamental gaps in implementing an anti-bias approach and develop program-level visions for improving

430 views • 8 slides
Self-report data, part 2 Spring 2017 Michelle Mazurek Some content adapted from Bilge Mutlu,

Self-report data, part 2 Spring 2017 Michelle Mazurek Some content adapted from Bilge Mutlu,

Self-report data, part 2 Spring 2017 Michelle Mazurek Some content adapted from Bilge Mutlu, Vibha Sazawal, 1 Todays class Finish self-reporting Interviews and surveys Start fieldwork 2 Biases in self-reporting data Social

570 views • 16 slides
NEEDFINDING IN HUMAN CENTERED DESIGN What is need finding? What is need finding? What is need

NEEDFINDING IN HUMAN CENTERED DESIGN What is need finding? What is need finding? What is need

NEEDFINDING IN HUMAN CENTERED DESIGN What is need finding? What is need finding? What is need finding? Needfinding is the process of uncovering User needs Opportunities for improvement Design Insights by learning about their goals

418 views • 14 slides

More recommend