fixslicing application to some nist lwc round 2 candidates
play

Fixslicing - Application to some NIST LWC round 2 candidates - PowerPoint PPT Presentation

Sep 15, 2023 •259 likes •510 views

Fixslicing - Application to some NIST LWC round 2 candidates Alexandre Adomnicai Thomas Peyrin Nanyang Technological University, Singapore Temasek Laboratories, Singapore Lightweight Cryptography Workshop 2020 What this talk is about B Constant-time

  1. Fixslicing - Application to some NIST LWC round 2 candidates Alexandre Adomnicai Thomas Peyrin Nanyang Technological University, Singapore Temasek Laboratories, Singapore Lightweight Cryptography Workshop 2020

  2. What this talk is about B Constant-time software implementations on 32-bit platforms B Application of the fixslicing implementation strategy to some NIST LWC round 2 candidates built upon AES-128, GIFT-128 and Skinny-128 primitives B Benchmarking results on ARM Cortex-M3 for payloads up to 256 bytes Fixslicing - Application to some NIST LWC round 2 candidates - LWC Workshop 2020 2 / 14

  3. B Fixsliced GIFT-128 runs about 7x faster on ARM Cortex-M3 compared to a naive bitsliced implementation B Consists in fixing a slice to never move and adjusting the others for the S-box layer The fixslicing implementation strategy B Initially introduced as a new representation for the GIFT block ciphers [ANP20] Fixslicing - Application to some NIST LWC round 2 candidates - LWC Workshop 2020 3 / 14

  4. B Consists in fixing a slice to never move and adjusting the others for the S-box layer The fixslicing implementation strategy B Initially introduced as a new representation for the GIFT block ciphers [ANP20] B Fixsliced GIFT-128 runs about 7x faster on ARM Cortex-M3 compared to a naive bitsliced implementation Fixslicing - Application to some NIST LWC round 2 candidates - LWC Workshop 2020 3 / 14

  5. The fixslicing implementation strategy B Initially introduced as a new representation for the GIFT block ciphers [ANP20] B Fixsliced GIFT-128 runs about 7x faster on ARM Cortex-M3 compared to a naive bitsliced implementation B Consists in fixing a slice to never move and adjusting the others for the S-box layer Fixslicing - Application to some NIST LWC round 2 candidates - LWC Workshop 2020 3 / 14

  6. Classical representation of GIFT-128 127 126 125 124 123 122 121 120 119 118 117 116 115 114 113 112 111 110 109 108 107 106 105 104 103 102 101 100 99 98 97 96 95 94 93 92 91 90 89 88 87 86 85 84 83 82 81 80 79 78 77 76 75 74 73 72 71 70 69 68 67 66 65 64 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S k i S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S k i +1 S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S k i +2 S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S k i +3 S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S k i +4 S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S

  7. Fixsliced representation of GIFT-128 127 126 125 124 123 122 121 120 119 118 117 116 115 114 113 112 111 110 109 108 107 106 105 104 103 102 101 100 99 98 97 96 95 94 93 92 91 90 89 88 87 86 85 84 83 82 81 80 79 78 77 76 75 74 73 72 71 70 69 68 67 66 65 64 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S k ′ i S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S k ′ i +1 S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S k ′ i +2 S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S k ′ i +3 S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S k i +4 S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S S

  8. NOPE! B Many ciphers spend cycles to move bits within the slices to achieve better diffusion ⇒ alternative representations might be valuable even for more complex linear layers Genericity of the fixslicing technique Figure: Extract from [ANP20] B So, only of interest for Substitution-bitPermutation Networks (SbPN)? Fixslicing - Application to some NIST LWC round 2 candidates - LWC Workshop 2020 6 / 14

  9. Genericity of the fixslicing technique Figure: Extract from [ANP20] B So, only of interest for Substitution-bitPermutation Networks (SbPN)? NOPE! B Many ciphers spend cycles to move bits within the slices to achieve better diffusion ⇒ alternative representations might be valuable even for more complex linear layers Fixslicing - Application to some NIST LWC round 2 candidates - LWC Workshop 2020 6 / 14

  10. Application to AES-like ciphers SubBytes ShiftRows MixColumns AddRoundKey   2 3 1 1 <<< 1 1 2 3 1   S ×   1 1 2 3   <<< 2 3 1 1 2 <<< 3 Figure: AES round function Fixslicing - Application to some NIST LWC round 2 candidates - LWC Workshop 2020 7 / 14

  11. Application to AES-like ciphers ART ShiftRows MixColumns >>> 1 SC AC >>> 2 >>> 3 Figure: Skinny round function Fixslicing - Application to some NIST LWC round 2 candidates - LWC Workshop 2020 7 / 14

  12. Application to AES-like ciphers ART ShiftRows MixColumns >>> 1 SC AC >>> 2 >>> 3 Figure: Skinny round function B Performance improvements for AES and Skinny-128 on ARM Cortex-M and E31 RISC-V processors [AP20] Fixslicing - Application to some NIST LWC round 2 candidates - LWC Workshop 2020 7 / 14

  13. Implementation results on ARM Cortex-M3 300 2 blocks 250 cycles per byte (cpb) 200 160 150 116 100 83 73 50 0 AES-128 GIFTb-128 Skinny-128-384 Skinny-128-384+ Performance for constant-time implementations on ARM Cortex-M3 Fixslicing - Application to some NIST LWC round 2 candidates - LWC Workshop 2020 8 / 14

  14. Implementation results on ARM Cortex-M3 300 1 block 264 2 blocks 250 cycles per byte (cpb) 200 191 167 160 150 116 100 83 73 73 50 0 AES-128 GIFTb-128 Skinny-128-384 Skinny-128-384+ Performance for constant-time implementations on ARM Cortex-M3 Fixslicing - Application to some NIST LWC round 2 candidates - LWC Workshop 2020 8 / 14

  15. Bitslicing a single block for Skinny-128 b 0 b 1 b 2 b 3 b 4 b 5 b 6 b 7 b 2 b 3 b 7 b 4 b 6 b 1 b 0 b 5 Fixslicing - Application to some NIST LWC round 2 candidates - LWC Workshop 2020 9 / 14

  16. Bitslicing a single block for Skinny-128 b 0 b 1 b 2 b 3 b 4 b 5 b 6 b 7 1st layer 2nd layer 3rd layer 4th layer last permutation output b 0 b 4 b 0 b 4 b 7 b 1 b 7 b 1 b 7 b 0 b 2 b 6 b 1 b 5 b 1 b 2 b 4 b 2 b 4 b 5 b 4 b 5 b 3 b 1 b 2 b 6 b 5 b 3 b 5 b 3 b 2 b 6 b 2 b 6 b 7 b 0 b 3 b 7 b 6 b 7 b 6 b 0 b 3 b 0 b 3 b 1 b 4 b 5 b 2 b 3 b 7 b 4 b 6 b 1 b 0 b 5 Fixslicing - Application to some NIST LWC round 2 candidates - LWC Workshop 2020 9 / 14

  17. Speed optimized Skinny tweakey schedule LFSR LFSR P T Extracted round tweakey (a) Single round Fixslicing - Application to some NIST LWC round 2 candidates - LWC Workshop 2020 10 / 14

  18. Speed optimized Skinny tweakey schedule LFSR LFSR P T Extracted round tweakey (a) Single round LFSR LFSR P 2 T LFSR LFSR Extracted Extracted round tweakey round tweakey (b) Double round Figure: Skinny tweakey schedule round function Fixslicing - Application to some NIST LWC round 2 candidates - LWC Workshop 2020 10 / 14

  19. Speed optimized Skinny tweakey schedule LFSR 3 LFSR 3 LFSR 3 LFSR 3 .... LFSR 3 LFSR 3 LFSR 3 LFSR 3 .... LFSR 3 LFSR 3 LFSR 3 LFSR 3 .... LFSR 3 LFSR 3 LFSR 3 LFSR 3 .... TK 3 LFSR 2 LFSR 2 LFSR 2 LFSR 2 .... LFSR 2 LFSR 2 LFSR 2 LFSR 2 .... LFSR 2 LFSR 2 LFSR 2 LFSR 2 .... LFSR 2 LFSR 2 LFSR 2 LFSR 2 .... TK 2 .... .... .... .... TK 1 P 2 P 4 P 14 T T T RTK 0 RTK 1 RTK 2 RTK 3 RTK 4 RTK 13 RTK 14 RTK 15 .... Fixslicing - Application to some NIST LWC round 2 candidates - LWC Workshop 2020 11 / 14

  20. Benchmark results on ARM Cortex-M3 GIFT-COFB SAEAES-128-64-128 1.2 1e5 1.2 1e5 1.0 1.0 0.8 0.8 0.6 0.6 Skinny-AEAD-M1+ 0.4 0.4 1.2 1e5 0.2 0.2 1.0 0.0 0.0 0 32 64 96 128 160 192 224 256 0 32 64 96 128 160 192 224 256 0.8 0.6 Romulus-M Romulus-N 0.4 1.2 1e5 1.2 1e5 0.2 1.0 1.0 0.0 0 32 64 96 128 160 192 224 256 0.8 0.8 0.6 0.6 0.4 0.4 0.2 0.2 0.0 0.0 0 32 64 96 128 160 192 224 256 0 32 64 96 128 160 192 224 256 Fixslicing - Application to some NIST LWC round 2 candidates - LWC Workshop 2020 12 / 14

  21. What about other candidates? B Fixslicing may be valuable for other candidates ! ◦ PHOTON -Beetle? (AES-like primitive) ◦ Elephant? (Spongent is an SbPN) ◦ ... Fixslicing - Application to some NIST LWC round 2 candidates - LWC Workshop 2020 13 / 14

  22. What about other candidates? B Fixslicing may be valuable for other candidates ! ◦ PHOTON -Beetle? (AES-like primitive) ◦ Elephant? (Spongent is an SbPN) ◦ ... B Some primitives are fixsliced by design (e.g. Ascon-p) Fixslicing - Application to some NIST LWC round 2 candidates - LWC Workshop 2020 13 / 14

  23. Thanks for your attention! Questions? Feel free to contact us at firstname.lastname@ntu.edu.sg Fixslicing - Application to some NIST LWC round 2 candidates - LWC Workshop 2020 14 / 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Sharing Resources Between AES and the SHA-3 Second Round Candidates Fugue and Grstl Kimmo

Sharing Resources Between AES and the SHA-3 Second Round Candidates Fugue and Grstl Kimmo

Sharing Resources Between AES and the SHA-3 Second Round Candidates Fugue and Grstl Kimmo Jrvinen Department of Information and Computer Science Aalto University, School of Science and Technology Espoo, Finland AES-inspired SHA-3

311 views • 12 slides
Round XI Timeline for Participation and Grant Application Presentation January 2020 Round

Round XI Timeline for Participation and Grant Application Presentation January 2020 Round

The Texas Historic Courthouse Preservation Program Round XI (FY 2020-21) Grant Application Cycle Round XI Timeline for Participation and Grant Application Presentation January 2020 Round XI Timeline for Participation and Grant

167 views • 13 slides
Software Benchmarking of the 2 nd round CAESAR Candidates Ralph Ankele 1 , Robin Ankele 2 1 Royal

Software Benchmarking of the 2 nd round CAESAR Candidates Ralph Ankele 1 , Robin Ankele 2 1 Royal

Software Benchmarking of the 2 nd round CAESAR Candidates Ralph Ankele 1 , Robin Ankele 2 1 Royal Holloway, University of London, UK 2 University of Oxford, UK September 27, 2016 Directions in Authenticated Ciphers - Nagoya, Japan Software

972 views • 46 slides
Fixslicing: A New GIFT Representation Fast Constant-Time Implementations of GIFT and GIFT-COFB on

Fixslicing: A New GIFT Representation Fast Constant-Time Implementations of GIFT and GIFT-COFB on

Fixslicing: A New GIFT Representation Fast Constant-Time Implementations of GIFT and GIFT-COFB on ARM Cortex-M Alexandre Adomnicai 1,2 Zakaria Najm 1,2,3 Thomas Peyrin 1,2 1 Nanyang Technological University, Singapore 2 Temasek Laboratories,

457 views • 34 slides
YHDP Round 3 New Project Application June 3, 2020 Lena McGinn, ICF Jen Best, ICF In

YHDP Round 3 New Project Application June 3, 2020 Lena McGinn, ICF Jen Best, ICF In

YHDP Round 3 New Project Application June 3, 2020 Lena McGinn, ICF Jen Best, ICF In Introduction Learning Objectives: Navigate to the project application in e-snaps Complete the application formlets (i.e., screens) Submit the

833 views • 58 slides
YHDP Round 3 New Project Application May 6, 2020 Lena McGinn, ICF Jen Best, ICF Introduction

YHDP Round 3 New Project Application May 6, 2020 Lena McGinn, ICF Jen Best, ICF Introduction

YHDP Round 3 New Project Application May 6, 2020 Lena McGinn, ICF Jen Best, ICF Introduction Learning Objectives: Navigate to the project application in e-snaps Complete the application formlets (i.e., screens) Submit the

1.01k views • 51 slides
Lattice-based public-key cryptosystems D. J. Bernstein NIST post-quantum competition: 69

Lattice-based public-key cryptosystems D. J. Bernstein NIST post-quantum competition: 69

1 Lattice-based public-key cryptosystems D. J. Bernstein NIST post-quantum competition: 69 submissions in first round, from hundreds of people. (+13 submissions that NIST declared incomplete or improper.) 22 signature-system submissions. 5

1.97k views • 196 slides
Health Care Innovation Awards ROUND TWO Webinar 7: Application Road Map July 18, 2013 Agenda

Health Care Innovation Awards ROUND TWO Webinar 7: Application Road Map July 18, 2013 Agenda

Health Care Innovation Awards ROUND TWO Webinar 7: Application Road Map July 18, 2013 Agenda Overview Application Package Helpful Hints 2 Innovation Awards Round Two Goals Engage innovators from the field to: Identify new

371 views • 36 slides
Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or horizontal half-planes Round 1 Round 1 Round 1 Round 1 Round 1 h 1 D 2 &quot; 1 =0.30 ! =0.42 1 Round 2 Round 2 Round 2 Round 2 Round

188 views • 5 slides
NIST Gaithersburgs Approach to a Solar PV Array Project John.R.Bollinger@nist.gov 2 NIST

NIST Gaithersburgs Approach to a Solar PV Array Project John.R.Bollinger@nist.gov 2 NIST

NIST Gaithersburgs Approach to a Solar PV Array Project John.R.Bollinger@nist.gov 2 NIST had awarded larger ESPC ($45M) with 4 ECMs the previous year (June 2015) Non-selected ECM was fixed-tilt, ground-mounted solar array on federal

559 views • 17 slides
Psychosocial Evaluation of Adult Cardiothoracic Transplant Candidates and Candidates for

Psychosocial Evaluation of Adult Cardiothoracic Transplant Candidates and Candidates for

Psychosocial Evaluation of Adult Cardiothoracic Transplant Candidates and Candidates for Long-term Mechanical Circulatory Support by Kathleen L. Grady, PhD, RN, MS, FAAN Administrative Director, Center for Heart Failure, Bluhm Cardiovascular

589 views • 47 slides
www.ExploreCalling.org www.ExploreCalling.org/presentations/aumcpbo 7436 active candidates 1295

www.ExploreCalling.org www.ExploreCalling.org/presentations/aumcpbo 7436 active candidates 1295

www.ExploreCalling.org www.ExploreCalling.org/presentations/aumcpbo 7436 active candidates 1295 candidates are under 30 35% of NEW candidates are U35* Under 35 Years Old * 2012 - 2013 NEW candidates by track* Chaplain Deacon Elder Local

898 views • 34 slides
2015 Grant Round Information Session Agenda Introduction 2015 Grant Round Elements and

2015 Grant Round Information Session Agenda Introduction 2015 Grant Round Elements and

2015 Grant Round Information Session Agenda Introduction 2015 Grant Round Elements and Process What makes a good application/Tips for applying Questions Who We Are: Over Sixty Years of Community Philanthropy in the Geelong

614 views • 22 slides
On the Stability by Union of Reducibility Candidates Colin Riba INPL &amp; LORIA

On the Stability by Union of Reducibility Candidates Colin Riba INPL &amp; LORIA

Introduction Reducibility Candidates Stability by Union Application to Conclusion &amp; Future work On the Stability by Union of Reducibility Candidates Colin Riba INPL &amp; LORIA http://loria.fr/~riba/ Journe Dduction Modulo

896 views • 37 slides
AHFA 2018 HOME/Housing Credit/HTF APPLICATION WORKSHOP Culmination of year round efforts to

AHFA 2018 HOME/Housing Credit/HTF APPLICATION WORKSHOP Culmination of year round efforts to

AHFA 2018 HOME/Housing Credit/HTF APPLICATION WORKSHOP Culmination of year round efforts to provide information via: www.ahfa.com: Trainings/Meetings: Plans (prior and current) Public Hearings Application Documents

857 views • 82 slides
NIST Trustworthy Email Project High Assurance Domain Project Scott Rose, NIST scottr@nist.gov

NIST Trustworthy Email Project High Assurance Domain Project Scott Rose, NIST scottr@nist.gov

NIST Trustworthy Email Project High Assurance Domain Project Scott Rose, NIST scottr@nist.gov ICANN Meeting Oct. 15 th , 2014 Los Angeles CA First, A Bit of History 2011 USG DNSSEC Tiger Team has a 2 nd goal: authenticated email

308 views • 4 slides
THE NEXT EXPERIMENT Ben Jones University of Texas at Arlington 2 Measure topology this end

THE NEXT EXPERIMENT Ben Jones University of Texas at Arlington 2 Measure topology this end

1 THE NEXT EXPERIMENT Ben Jones University of Texas at Arlington 2 Measure topology this end Measure energy this end 3 The NEXT Program Sequence of HPGXe TPCs, focused on achieving big, very low background xenon 0 detector

575 views • 34 slides
A negative ion TPC with GridPix readout C. Ligtenberg , M. van Beuzekom, Y. Bilevych, K. Desch, H.

A negative ion TPC with GridPix readout C. Ligtenberg , M. van Beuzekom, Y. Bilevych, K. Desch, H.

A negative ion TPC with GridPix readout C. Ligtenberg , M. van Beuzekom, Y. Bilevych, K. Desch, H. van der Graaf, M. Gruber, F. Hartjes, K. Heijhoff, J. Kaminski, P.M. Kluit, N. van der Kolk, G. Raven, T. Schiffer, J. Timmermans Lepcol / LCTPC-WP

376 views • 18 slides
Foundations of Chemical Kinetics Lecture 31: Kramers theory Marc R. Roussel Department of

Foundations of Chemical Kinetics Lecture 31: Kramers theory Marc R. Roussel Department of

Foundations of Chemical Kinetics Lecture 31: Kramers theory Marc R. Roussel Department of Chemistry and Biochemistry The Langevin equation Langevin equations are an alternative way to treat diffusion in which we focus on a single particle.

491 views • 17 slides
Metastability in irreversible diffusion processes and stochastic resonance Joint work with Nils

Metastability in irreversible diffusion processes and stochastic resonance Joint work with Nils

SIAM Annual Meeting Boston, MA, 12 July 2006 Barbara Gentz Metastability in irreversible diffusion processes and stochastic resonance Joint work with Nils Berglund (CPTCNRS Marseille) WIAS Berlin, Germany gentz@wias-berlin.de

290 views • 16 slides
Handling Resistance Drift in Phase Change Memory Device, Circuit, Architecture, and System

Handling Resistance Drift in Phase Change Memory Device, Circuit, Architecture, and System

Handling Resistance Drift in Phase Change Memory Device, Circuit, Architecture, and System Solutions Manu Awasthi , Manjunath Shevgoor , Kshi j Sudan , Rajeev Balasubramonian , Bipin Rajendran , Viji Srinivasan

337 views • 19 slides
Update on the HPgTPC System Alan Bross Near Detector General Meeting September 5, 2018

Update on the HPgTPC System Alan Bross Near Detector General Meeting September 5, 2018

Update on the HPgTPC System Alan Bross Near Detector General Meeting September 5, 2018 High-Pressure gas TPC (HPgTPC) System 4 Components HPgTPC itself ECAL Also neutron detector Magnet system (coils + steel) tag

512 views • 49 slides
NetFPGA Summer Course Presented by: Noa Zilberman Yury Audzevich Technion August 2 August

NetFPGA Summer Course Presented by: Noa Zilberman Yury Audzevich Technion August 2 August

NetFPGA Summer Course Presented by: Noa Zilberman Yury Audzevich Technion August 2 August 6, 2015 http://NetFPGA.org Summer Course Technion, Haifa, IL 2015 1 USING NETFPGA AS AN APPLICATION Summer Course Technion, Haifa, IL 2015 2

942 views • 52 slides
The Belle II Experiment: status and physics prospects Jake Bennett Carnegie Mellon

The Belle II Experiment: status and physics prospects Jake Bennett Carnegie Mellon

The Belle II Experiment: status and physics prospects Jake Bennett Carnegie Mellon University B factories Belle/KEKB (KEK) and BaBar/PEP-II (SLAC) Very successful physics programs with a total recorded sample over 1.5 ab -1 (1.25 x 10 9

727 views • 48 slides

More recommend