gift a small present
play

GIFT : A Small Present Towards Reaching the Limit of Lightweight - PowerPoint PPT Presentation

Sep 20, 2023 •47 likes •457 views

Introduction Specification Design Rationale Security and Performances Conclusion GIFT : A Small Present Towards Reaching the Limit of Lightweight Encryption Subhadeep Banik 1 , 2 Sumit Kumar Pandey 1 Thomas Peyrin 1 Yu Sasaki 3 Siang Meng Sim 1

  1. Introduction Specification Design Rationale Security and Performances Conclusion GIFT : A Small Present Towards Reaching the Limit of Lightweight Encryption Subhadeep Banik 1 , 2 Sumit Kumar Pandey 1 Thomas Peyrin 1 Yu Sasaki 3 Siang Meng Sim 1 Yosuke Todo 3 1. Nanyang Technological University, Singapore 2. ´ Ecole Polytechnique F´ ed´ erale de Lausanne, Switzerland 3. NTT Secure Platform Laboratories, Japan CHES2017 1 / 41

  2. Introduction Specification Design Rationale Security and Performances Conclusion Table of Contents Introduction 1 Specification 2 Round Function Key Schedule and Round Constants Design Rationale 3 Understanding PRESENT Bit Permutation Designing the GIFT Permutation Searching for the GIFT Sbox Security and Performances 4 Differential and Linear Cryptanalysis Hardware and Software Performances Conclusion 5 2 / 41

  3. Introduction Specification Design Rationale Security and Performances Conclusion Table of Contents Introduction 1 Specification 2 Round Function Key Schedule and Round Constants Design Rationale 3 Understanding PRESENT Bit Permutation Designing the GIFT Permutation Searching for the GIFT Sbox Security and Performances 4 Differential and Linear Cryptanalysis Hardware and Software Performances Conclusion 5 3 / 41

  4. Introduction Specification Design Rationale Security and Performances Conclusion 10 Years Ago... A decade ago, a lightweight block cipher, PRESENT , was presented at CHES2007. 31-round SPN block cipher with 64-bit block size. Very simple design of Sbox layer and bit permutation (cost 0GE in hardware). In 2012, selected as ISO standards, ISO/IEC 29192. 4 / 41

  5. Introduction Specification Design Rationale Security and Performances Conclusion Block Cipher PRESENT Its resistance against differential cryptanalysis (DC) comes from its Sbox which has differential branching number 3. Differential branching number x (BN x ): Total Hamming weight of any nonzero input and output differences is at least x . Figure: Hamming wt2 Example. Figure: Hamming wt3 Example. 5 / 41

  6. Introduction Specification Design Rationale Security and Performances Conclusion Block Cipher PRESENT However, BN3 Sboxes are costly in general. PRESENT Sbox (BN3) costs 21.33GE, while SKINNY Sbox (BN2) costs 13.33GE. This difference is multiplied in round based implementation. Also, it is weaker against linear cryptanalysis (LC). 6 / 41

  7. Introduction Specification Design Rationale Security and Performances Conclusion Now... In CHES2017, we present a new lightweight block cipher, improving over PRESENT , we called it — GIFT . By carefully crafting the bit permutation in conjunction with the Sbox properties, we can remove the constraint of BN3. Advantages of GIFT compared to PRESENT : smaller area thanks to smaller Sbox and also lesser subkey additions, better resistance against LC thanks to good choice of Sbox and bit permutation, lesser rounds and higher throughput, simpler and faster key schedule. 7 / 41

  8. Introduction Specification Round Function Design Rationale Key Schedule and Round Constants Security and Performances Conclusion Table of Contents Introduction 1 Specification 2 Round Function Key Schedule and Round Constants Design Rationale 3 Understanding PRESENT Bit Permutation Designing the GIFT Permutation Searching for the GIFT Sbox Security and Performances 4 Differential and Linear Cryptanalysis Hardware and Software Performances Conclusion 5 8 / 41

  9. Introduction Specification Round Function Design Rationale Key Schedule and Round Constants Security and Performances Conclusion Block Cipher GIFT There are 2 versions of GIFT : GIFT-64 , 28-round with 64-bit block size, GIFT-128 , 40-round with 128-bit block size. Both versions have 128-bit key size. 9 / 41

  10. Introduction Specification Round Function Design Rationale Key Schedule and Round Constants Security and Performances Conclusion Round Function Each round of GIFT consists of 3 steps: SubCells, PermBits and AddRoundKey. 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 GS GS GS GS GS GS GS GS GS GS GS GS GS GS GS GS Denote rightmost bit as LSB b 0 and { b 4 i + j } as bit j . E.g. b 1 , b 5 , b 9 , . . . are bit 1. 10 / 41

  11. Introduction Specification Round Function Design Rationale Key Schedule and Round Constants Security and Performances Conclusion SubCells Apply 16 4-bit Sboxes, GS , in parallel to every nibble of the state. Table: GIFT Sbox GS x 0 1 2 3 4 5 6 7 8 9 a b c d e f GS ( x ) 1 a 4 c 6 f 3 9 2 d b 7 5 0 8 e 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 GS GS GS GS GS GS GS GS GS GS GS GS GS GS GS GS 11 / 41

  12. Introduction Specification Round Function Design Rationale Key Schedule and Round Constants Security and Performances Conclusion PermBits Pure bit permutation without any XOR gate. 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 GS GS GS GS GS GS GS GS GS GS GS GS GS GS GS GS Map bit j to bit j . 12 / 41

  13. Introduction Specification Round Function Design Rationale Key Schedule and Round Constants Security and Performances Conclusion AddRoundKey Add 32-bit round key RK to the state, RK = U � V = u 15 ... u 0 � v 15 ... v 0 . U and V are XORed to bit 1 and bit 0 respectively. 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 GS GS GS GS GS GS GS GS GS GS GS GS GS GS GS GS 13 / 41

  14. Introduction Specification Round Function Design Rationale Key Schedule and Round Constants Security and Performances Conclusion AddRoundKey Add a single bit ‘1’ is to the most significant bit, and a 6-bit round constant C = c 5 c 4 c 3 c 2 c 1 c 0 is XORed to bit 3 of the first 6 nibbles. 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 GS GS GS GS GS GS GS GS GS GS GS GS GS GS GS GS 14 / 41

  15. Introduction Specification Round Function Design Rationale Key Schedule and Round Constants Security and Performances Conclusion Table of Contents Introduction 1 Specification 2 Round Function Key Schedule and Round Constants Design Rationale 3 Understanding PRESENT Bit Permutation Designing the GIFT Permutation Searching for the GIFT Sbox Security and Performances 4 Differential and Linear Cryptanalysis Hardware and Software Performances Conclusion 5 15 / 41

  16. Introduction Specification Round Function Design Rationale Key Schedule and Round Constants Security and Performances Conclusion Round Key The 128-bit key is split into 8 16-bit words. K = k 7 � k 6 � . . . � k 1 � k 0 , where k i is 16-bit words. k 1 and k 0 are extracted as the round key RK = U � V . Key state is updated after key extraction. where ≫ i is an i bits right rotation within a 16-bit word. 16 / 41

  17. Introduction Specification Round Function Design Rationale Key Schedule and Round Constants Security and Performances Conclusion Round Constants Round constants are generated using a 6-bit affine LFSR with 1 XNOR gate (same as SKINNY ’s). Initialised to zero, and updated before using as round constants. Rounds Constants 1 - 16 01,03,07,0F,1F,3E,3D,3B,37,2F,1E,3C,39,33,27,0E 17 - 32 1D,3A,35,2B,16,2C,18,30,21,02,05,0B,17,2E,1C,38 33 - 48 31,23,06,0D,1B,36,2D,1A,34,29,12,24,08,11,22,04 17 / 41

  18. Introduction Specification Understanding PRESENT Bit Permutation Design Rationale Designing the GIFT Permutation Security and Performances Searching for the GIFT Sbox Conclusion Table of Contents Introduction 1 Specification 2 Round Function Key Schedule and Round Constants Design Rationale 3 Understanding PRESENT Bit Permutation Designing the GIFT Permutation Searching for the GIFT Sbox Security and Performances 4 Differential and Linear Cryptanalysis Hardware and Software Performances Conclusion 5 18 / 41

  19. Introduction Specification Understanding PRESENT Bit Permutation Design Rationale Designing the GIFT Permutation Security and Performances Searching for the GIFT Sbox Conclusion PRESENT Bit Permutation To understand why BN2 Sboxes do not work for PRESENT , we have to look into the PRESENT bit permutation. PRESENT bit permutation can be partitioned into 4 independent 16-bit permutations. S 15 S 14 S 13 S 12 S 11 S 10 S 9 S 8 S 7 S 6 S 5 S 4 S 3 S 2 S 1 S 0 S 15 S 14 S 13 S 12 S 11 S 10 S 9 S 8 S 7 S 6 S 5 S 4 S 3 S 2 S 1 S 0 19 / 41

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

E N J O Y T H E G E N U I N E 1. DNA molecule imaged by AFM. Uncoiled regions are marked by

E N J O Y T H E G E N U I N E 1. DNA molecule imaged by AFM. Uncoiled regions are marked by

Enter the Gift code at www.ntmdt.com and get a www.ntmdt.com and get a present from NT-MDT Co. present from NT-MDT Co. Attention: limited quantity! Attention: limited quantity! Be in time to get your gift! Be in time to get your gift! E N J

493 views • 13 slides
83% of consumers enjoy receiving fashion as a gift Accepted by over 15,500 Industry-wide fashion

83% of consumers enjoy receiving fashion as a gift Accepted by over 15,500 Industry-wide fashion

Mission To make fashion cheque the most enjoyed and most frequently purchased gift in Europe. To build fashion cheque into the first international cross- border fashion gift card. Only 17% of the Dutch population gives fashion as a present

582 views • 26 slides
Major Gift Fundraising in a Small Major Gift Fundraising in a Small Organization Organization

Major Gift Fundraising in a Small Major Gift Fundraising in a Small Organization Organization

Major Gift Fundraising in a Small Major Gift Fundraising in a Small Organization Organization David R. Cooper, CFRE David R. Cooper, CFRE January 2007 January 2007 The Narrowing of the Gift The Narrowing of the Gift Pyramid Pyramid 95%

408 views • 10 slides
God has given us the perfect gift; a holy gift; the gift of salvation. The Son of Man (Jesus)

God has given us the perfect gift; a holy gift; the gift of salvation. The Son of Man (Jesus)

God has given us the perfect gift; a holy gift; the gift of salvation. The Son of Man (Jesus) came to seek and to save what was lost. Luke 19:10 Surely the arm of the LORD is not too short to save, nor His ear too dull to hear, but

984 views • 39 slides
If you were going to throw Jesus a party, and wanted to present Him with a gift that brought great

If you were going to throw Jesus a party, and wanted to present Him with a gift that brought great

If you were going to throw Jesus a party, and wanted to present Him with a gift that brought great honor to Him, what would you offer Him? "Six days before the Passover, Jesus therefore came to Bethany, where Lazarus was, whom Jesus had

368 views • 16 slides
Fixslicing: A New GIFT Representation Fast Constant-Time Implementations of GIFT and GIFT-COFB on

Fixslicing: A New GIFT Representation Fast Constant-Time Implementations of GIFT and GIFT-COFB on

Fixslicing: A New GIFT Representation Fast Constant-Time Implementations of GIFT and GIFT-COFB on ARM Cortex-M Alexandre Adomnicai 1,2 Zakaria Najm 1,2,3 Thomas Peyrin 1,2 1 Nanyang Technological University, Singapore 2 Temasek Laboratories,

457 views • 34 slides
Strategies for Effective Donor Cultivation THE PAST IS PRESENT Agenda Trends &

Strategies for Effective Donor Cultivation THE PAST IS PRESENT Agenda Trends &

Strategies for Effective Donor Cultivation THE PAST IS PRESENT Agenda Trends & Observations Annual Fund Cultivation Major Gift Cultivation Questions Fundraising Trends Master Plan Major Gift Initiative vs.

312 views • 18 slides
1. [Group] GTB - Grateful v2 copy 2. Present !!"!!"&';%( 3. Mattvideoclip 4.

1. [Group] GTB - Grateful v2 copy 2. Present !!"!!"&';%( 3. Mattvideoclip 4.

!!"!!"#!;%& 1. [Group] GTB - Grateful v2 copy 2. Present !!"!!"&';%( 3. Mattvideoclip 4. Present How we receive a gift is important! How we receive a gift is important! On the way to Jerusalem he was passing along

252 views • 10 slides
GIRRINGUN FESTIVAL "The artist is nothing without the gift, but the gift is nothing without

GIRRINGUN FESTIVAL "The artist is nothing without the gift, but the gift is nothing without

Issue 13, Nov. 02, 2007 THOUGHT FOR THE DAY GIRRINGUN FESTIVAL "The artist is nothing without the gift, but the gift is nothing without work." - Emile Zola CARDWELL COMRIE TABUAI ON THE MOVE Once again, the festive spirit has

267 views • 4 slides
1 Corinthians 12:7,11 (NLT) A spiritual gift is given to each of us so we can help each other.

1 Corinthians 12:7,11 (NLT) A spiritual gift is given to each of us so we can help each other.

1 Corinthians 12:7,11 (NLT) A spiritual gift is given to each of us so we can help each other. 11 It is the one and only Spirit who distributes all these gifts. He alone decides which gift each person should have. Charis means grace ,

717 views • 18 slides
Gujarat International Finance Tec-City What is GIFT-IFSC GIFT, being an SEZ, is

Gujarat International Finance Tec-City What is GIFT-IFSC GIFT, being an SEZ, is

Gujarat International Finance Tec-City What is GIFT-IFSC GIFT, being an SEZ, is conceptualized as a global Financial and IT Services hub, a first of its kind in India, designed to be at or above par with globally benchmarked financial centres

1.61k views • 23 slides
Support for Claiming Gift Aid Welcome! Support for Claiming Gift Aid 1. Welcome, purpose,

Support for Claiming Gift Aid Welcome! Support for Claiming Gift Aid 1. Welcome, purpose,

Support for Claiming Gift Aid Welcome! Support for Claiming Gift Aid 1. Welcome, purpose, introductions 2. What is Gift Aid What you can count and what you cant Who you can count donations from 3. Consent to claim OSM vs non-OSM Collating

465 views • 35 slides
What You Dont Know Can Hurt You A Review of Recent Developments in Estate and Gift

What You Dont Know Can Hurt You A Review of Recent Developments in Estate and Gift

What You Dont Know Can Hurt You A Review of Recent Developments in Estate and Gift Taxation and Administration Charles D. Fox IV www.mcguirewoods.com We virtually ended the estate tax or death tax, as it is often called, on small

1.3k views • 81 slides
SELL YOUR GIFT CARDS ONLINE, AND INCREASE YOUR FOOTFALL Increase the sales of your existing gift

SELL YOUR GIFT CARDS ONLINE, AND INCREASE YOUR FOOTFALL Increase the sales of your existing gift

SELL YOUR GIFT CARDS ONLINE, AND INCREASE YOUR FOOTFALL Increase the sales of your existing gift cards by adding a new sales channel. A new web shop for gift cards is convenient for your customers. The all new gift card web shop allows your

92 views • 7 slides
Gift Acceptance Policy & Gift Agreement Language Updates Caroline Johansson Director of

Gift Acceptance Policy & Gift Agreement Language Updates Caroline Johansson Director of

Gift Acceptance Policy & Gift Agreement Language Updates Caroline Johansson Director of Advancement Services August 28, 2015 University Corporation, SF State 2 Topics for Todays Presentation Recent CSU Audit led to the updating and

551 views • 17 slides
The past, the present and the future for Small Water and Wastewater Systems Hallvard degaard *

The past, the present and the future for Small Water and Wastewater Systems Hallvard degaard *

1 IWA Specialized Conference on Small Water and Wastewater Systems Athens 14-16 September 2016. The past, the present and the future for Small Water and Wastewater Systems Hallvard degaard * Prof. em. Norwegian University of Science and

504 views • 34 slides
Gifts vs. Grants Implications for Indirect Costs Claude Canizares, Richelle Nessralla, Lorry

Gifts vs. Grants Implications for Indirect Costs Claude Canizares, Richelle Nessralla, Lorry

TOPICS IN RESEARCH ADMINISTRATION Gifts vs. Grants Implications for Indirect Costs Claude Canizares, Richelle Nessralla, Lorry Spitzer, Shawna Vogel Office of the General Counsel Office of the Provost Agenda 1. Institutional Context and

417 views • 39 slides
CHARTWAY INDUSTRIAL SERVICES CORPORATE PRESENTATION A LITTLE HISTORY Chartway locate a source

CHARTWAY INDUSTRIAL SERVICES CORPORATE PRESENTATION A LITTLE HISTORY Chartway locate a source

CHARTWAY INDUSTRIAL SERVICES CORPORATE PRESENTATION A LITTLE HISTORY Chartway locate a source of supply in China and by the end of 2002 established a trading partnership called Chartway Chartway Ownership changes. (Asia) Ltd, producing hot

391 views • 16 slides
Deism and the Founding of the United States An Online Professional Development Seminar Ryan K.

Deism and the Founding of the United States An Online Professional Development Seminar Ryan K.

Deism and the Founding of the United States An Online Professional Development Seminar Ryan K. Smith Associate Professor of History Virginia Commonwealth University We will begin promptly on the hour. The silence you hear is normal. If you

538 views • 34 slides
Two lesser-known works Marco Huysmans Ni Hao - Good afternoon; my name is Marco Huysmans.

Two lesser-known works Marco Huysmans Ni Hao - Good afternoon; my name is Marco Huysmans.

Two lesser-known works Marco Huysmans Ni Hao - Good afternoon; my name is Marco Huysmans. Let me start by saying how very honoured I am to be standing here today in the company of so many eminent scholars and distinguished guests who

447 views • 22 slides
Your Next Planned Gift is Just a Phone Call Away! How Telephone Outreach Can Significantly Impact

Your Next Planned Gift is Just a Phone Call Away! How Telephone Outreach Can Significantly Impact

Your Next Planned Gift is Just a Phone Call Away! How Telephone Outreach Can Significantly Impact Your Planned Giving Program May 24, 2019 Anthony R. Alonso President Catapult Fundraising, Inc. Headquarters: Henderson, Nevada

439 views • 20 slides
The Ins and Outs of GRATS, With a Discussion of GST Planning Daniel R. Cooper, Esq. Ellen J.

The Ins and Outs of GRATS, With a Discussion of GST Planning Daniel R. Cooper, Esq. Ellen J.

Chapter LL The Ins and Outs of GRATS, With a Discussion of GST Planning Daniel R. Cooper, Esq. Ellen J. Deringer, Esq. Morgan Lewis & Bockius, LLP Philadelphia LL-1 LL-2 Biographies Daniel R. Cooper, Esq. Mr. Cooper is an associate in

619 views • 22 slides
BOXES BOXES PRESENTATION POP-UP GIFT CARD BOXES Boxes are made from recycled board. IMPRINT ME!

BOXES BOXES PRESENTATION POP-UP GIFT CARD BOXES Boxes are made from recycled board. IMPRINT ME!

BOXES BOXES PRESENTATION POP-UP GIFT CARD BOXES Boxes are made from recycled board. IMPRINT ME! Custom minimum 500. U.S. Patent #8.47 Standard hot stamping costs do not apply. Call for quote. *Lime Ice and Pearl Pillows cannot be hot

440 views • 4 slides
Reporting GRATS, GRUTS, ILITS and IDGTs on Form 709: GST Exemption Allocation Calculations and

Reporting GRATS, GRUTS, ILITS and IDGTs on Form 709: GST Exemption Allocation Calculations and

FOR LIVE PROGRAM ONLY Reporting GRATS, GRUTS, ILITS and IDGTs on Form 709: GST Exemption Allocation Calculations and Strategies WEDNESDAY , JULY 13, 2016, 1:00-2:50 pm Eastern IMPORTANT INFORMATION FOR THE LIVE PROGRAM IMPORTANT INFORMATION

1.08k views • 62 slides

More recommend