how much crypto in one microjoule
play

How much crypto in one microJoule? Ingrid Verbauwhede - PDF document

May 24, 2023 •449 likes •603 views

Real World Crypto Stanford, CA January 2013 How much crypto in one microJoule? Ingrid Verbauwhede ingrid.verbauwhede-at-esat.kuleuven.be KU Leuven, COSIC Acknowledgements: Current and former Ph.D. students at UCLA and KU Leuven KU Leuven

  1. Real World Crypto – Stanford, CA January 2013 How much crypto in one microJoule? Ingrid Verbauwhede ingrid.verbauwhede-at-esat.kuleuven.be KU Leuven, COSIC Acknowledgements: Current and former Ph.D. students at UCLA and KU Leuven KU Leuven - COSIC Real World Crypto 2013 - 1 Stanford, January 2013 Light weight crypto for IoT • Example: Medical Internet of Things • Design constraints: area - time - energy/power • Energy – Flexibility trade-off • ASIC design, hardware specialization • Cost of crypto primitives • Cost of countermeasures KU Leuven - COSIC ECRYPT - VAMPIRE 2012 - 2 Antwerp, November 2012 Ingrid Verbauwhede, KU Leuven - COSIC 1

  2. Real World Crypto – Stanford, CA January 2013 Medical Internet of Things IMEC: Human++, NERF - brain stimulant Deep Brain stimulation [ Sources: ¡J. ¡Rabaey, ¡National ¡Institutes ¡of ¡Health, ¡Neurology ¡journal] ¡ KU Leuven - COSIC Real World Crypto 2013 - 3 Stanford, January 2013 Medical implants • Power is limited – Cooling!! – Implanted devices only temperature ∆ < 1 ° C • Energy Battery is limited – Pace maker battery is not rechargeable – One AAA battery is 1300 … 5000 Joules • How much crypto in one micro Joule or 10 microWatt ? KU Leuven - COSIC Real World Crypto 2013 - 4 Stanford, January 2013 Ingrid Verbauwhede, KU Leuven - COSIC 2

  3. Real World Crypto – Stanford, CA January 2013 Other applications • Smartcards • RFID tags • Smart meters • Keys • … Ari Juels: RFID tracking problem KU Leuven - COSIC Real World Crypto 2013 - 5 Stanford, January 2013 IoT Devices NEED BOTH • Efficient, lightweight implementations – Within power, area, timing budgets – Public key: 2048 bits RSA, 200 bit ECC on 8 bit µ C and 100 µ W – Public key on a passive RFID tag • Trustworthy implementation – Resistant to attacks – Active attacks: probing, power glitches, JTAG scan chain – Passive attacks: side channel attacks KU Leuven - COSIC Real World Crypto 2013 - 6 Stanford, January 2013 Ingrid Verbauwhede, KU Leuven - COSIC 3

  4. Real World Crypto – Stanford, CA January 2013 Hardware Design Parameters Embedded security: Area, delay, power, energy , physical security KU Leuven - COSIC Real World Crypto 2013 - 7 Stanford, January 2013 Power and Energy are not the same! • Power = P = I x V (current x voltage) (= Watt) – instantaneous – Typically checked for cooling or for peak performance • Energy = Power x execution time (= Joule) – Battery content is expressed in Joules – Gives idea of how much Joules to get the job done Low power processor ≠ low energy solution ! Power Power Time Time KU Leuven - COSIC Real World Crypto 2013 - 8 Stanford, January 2013 Ingrid Verbauwhede, KU Leuven - COSIC 4

  5. Real World Crypto – Stanford, CA January 2013 Cost of crypto primitives Crypto for 1 micro-Joule: Energy - flexibility trade-off KU Leuven - COSIC Real World Crypto 2013 - 9 Stanford, January 2013 Illustrate with examples • Example 1: Secret Key: AES, KATAN • Example 2: NIST SHA3 • Example 3: Public key, ECC for RFID • Example 4: cost of physical security KU Leuven - COSIC Real World Crypto 2013 - 10 Stanford, January 2013 Ingrid Verbauwhede, KU Leuven - COSIC 5

  6. Real World Crypto – Stanford, CA January 2013 Example: Rijndael/AES S S S S S S S S S S S S S S S S round Key Schedule round S S S S S S S S S S S S S S S S MixColumns MixColumns MixColumns MixColumns round . . . . . round • key length: 16/24/32 bytes • block length: 16/24/32 bytes KU Leuven - COSIC Real World Crypto 2013 - 11 Stanford, January 2013 Throughput – Energy numbers Throughput Power Figure of Merit AES 128bit key (Gb/s/W = Gb/J) 128bit data 0.18um CMOS 11 (1/1) 3.84 Gbits/sec 350 mW FPGA [1] 1.32 Gbit/sec 490 mW 2.7 (1/4) Intel ISA for AES [6] 95 W 0.34 (1/33) 32 Gbit/sec ASM StrongARM [2] 31 Mbit/sec 240 mW 0.13 (1/85) 0.015 (1/800) Asm Pentium III [3] 41.4 W 648 Mbits/sec C Emb. Sparc [4] 133 Kbits/sec 0.0011 (1/10.000) 120 mW Java [5] Emb. Sparc 450 bits/sec 0.0000037 (1/3.000.000) 120 mW [ 1] Amphion CS5230 on Virtex2 + Xilinx Virtex2 Power Estimator [2] Dag Arne Osvik: 544 cycles AES – ECB on StrongArm SA-1110 [3] Helger Lipmaa PIII assembly handcoded + Intel Pentium III (1.13 GHz) Datasheet [4] gcc, 1 mW/MHz @ 120 Mhz Sparc – assumes 0.25 u CMOS [5] Java on KVM (Sun J2ME, non-JIT) on 1 mW/MHz @ 120 MHz Sparc – assumes 0.25 u CMOS [6] Shay Gueron, Intel KU Leuven - COSIC Real World Crypto 2013 - 12 Stanford, January 2013 Ingrid Verbauwhede, KU Leuven - COSIC 6

  7. Real World Crypto – Stanford, CA January 2013 Match between algorithm & platform Application Close the gap: • Dedicated HW: ASIC, SOC • Programmable HW: FPGA ASIC Cost • Dedicated instructions, hand- Power coded assembly Fixed • Compiled code • JAVA on virtual machine, ??? compiled on a real machine Platform General Purpose Energy - flexibility trade-off KU Leuven - COSIC Real World Crypto 2013 - 13 Stanford, January 2013 1 microJoule • 11000 bits AES (optimized version) • 3000 to 10K gates area = small KU Leuven - COSIC Real World Crypto 2013 - 14 Stanford, January 2013 Ingrid Verbauwhede, KU Leuven - COSIC 7

  8. Real World Crypto – Stanford, CA January 2013 Light weight crypto: KATAN - KTANTAN CHES 2009: De Canniere, Dunkelman, Knezevic 80 bits key 32 - 48 - 64 bits block 254 rounds Max 1000 gates Key size Block size Datapath + Control Memory “ redundant ” logic [slide input: Miroslav Kne ž evi ć ] KU Leuven - COSIC Real World Crypto 2013 - 15 Stanford, January 2013 1 microJoule • 110000 bits KATAN, <1000 gates • 11000 bits AES (ASIC) 3000 to 10K gates ‘ light ’ ≠ low Joules only small area KU Leuven - COSIC Real World Crypto 2013 - 16 Stanford, January 2013 Ingrid Verbauwhede, KU Leuven - COSIC 8

  9. Real World Crypto – Stanford, CA January 2013 SHA3 – competition: One size fits all KU Leuven - COSIC Real World Crypto 2013 - 17 Stanford, January 2013 SHA 3 ASIC (90nm) synthesis Throughput Mbits Gate Energy (@250MHz) (GE) (pJ/bit) SHA256 2000 12K 2 Blake 6000 30K 2.5 Grøstl 13000 86K 2.5 JH 4600 30K 2 Keccak 15000 30K 1 Skein 6700 43K 6 [slide input: Miroslav Kne ž evi ć ] KU Leuven - COSIC Real World Crypto 2013 - 18 Stanford, January 2013 Ingrid Verbauwhede, KU Leuven - COSIC 9

  10. Real World Crypto – Stanford, CA January 2013 Keccak in SW • Keccak on ATtiny45 at 8MHz • 540 microWatt at 1MHz (spec) • 716 * 10^3 clock cycles to hash 500 Bytes • Result: 100 pJ/bit • So again: SW is 100 less efficient than HW J. Balasch, B. Ege, Th. Eisenbarth, B. Gérard, Z Gong, T Güneysu, S Heyse, S Indesteege, S Kerckhof, F Koeune, T Nad, T Plos, T Pöppelman, F Regazzoni, F Standaert, G Van Assche, I von Maurich, L van Oldeneel Open Source Implementations of Hash Functions in an Atmel AtTiny45, ECRYPT. KU Leuven - COSIC Real World Crypto 2013 - 19 Stanford, January 2013 1 microJoule • 110000 bits KATAN, < 1000 gates • 11000 bits AES encryption, 3000 gates • 1000 bits Keccak hash, 30K gates KU Leuven - COSIC Real World Crypto 2013 - 20 Stanford, January 2013 Ingrid Verbauwhede, KU Leuven - COSIC 10

  11. Real World Crypto – Stanford, CA January 2013 Example 3:Public key - Elliptic Curve Cryptography Push for lowest energy to fit budget of IoT KU Leuven - COSIC Real World Crypto 2013 - 21 Stanford, January 2013 Challenge: low power public key … Address at all design abstraction levels! • Protocol : asymmetric (most work for the reader) Scalable • Algorithm : Elliptic curve (163 bits) Tracking Cloning instead of RSA (min 1024 bits) • Field Operation : Binary and not Prime Binary field 2^163 fields: easier field operations Elliptic curve • Projective coordinate system: (X, Y, Projective Z) instead of (x,y): no field inversions Java Montgomery ladder JCA • Special coordinate system : no need to store Y coordinates (Lopez-Dahab) Common Z coord JVM and common Z (only one Z coordinate) 8 bit uP CPU REG MALU • Minimize storage : Only 5 registers MEM MEM (with mult/add/square unit) or 6 Vcc Vcc registers (with mult/add-only unit) compared to 9+ registers before. D Q D Q CLK CLK KU Leuven - COSIC Real World Crypto 2013 - 22 Stanford, January 2013 Ingrid Verbauwhede, KU Leuven - COSIC 11

  12. Real World Crypto – Stanford, CA January 2013 Results • Results: ECC co-processor that can compute: – ECC point multiplications (163 by 4) – Scalar modular operations (8 bit processor with redundancy) • Schnorr (secure ID transfer, but no tracking protection): one PM • More advanced protocols: up to four PM on tag • 14K gates, 79K cycles • At 500 KHz, corresponds to 30 microWatt and 158 msec • One point multiplication = 4.8 microJoule KU Leuven - COSIC Real World Crypto 2013 - 23 Stanford, January 2013 1 microJoule • 110000 bits KATAN • 11000 bits AES encryption • 1000 bits KECCAK hash • 1/5 of one point multiplication Still to add physical security … KU Leuven - COSIC Real World Crypto 2013 - 24 Stanford, January 2013 Ingrid Verbauwhede, KU Leuven - COSIC 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE

CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE

CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE WILLIAMSBURG, VA THURSDAY, OCTOBER 17 TH , 2019 JOHN KELLY, PE IOWA DEPARTMENT OF PUBLIC HEALTH DISCLAIMER THIS PRESENTATION: IS INTENDED FOR

843 views • 40 slides
Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Bart Jacobs

Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Bart Jacobs

Crypto intro Crypto intro Symmetric crypto Symmetric crypto Achieving security goals with symmetric crypto Radboud University Nijmegen Achieving security goals with symmetric crypto Radboud University Nijmegen e-Passport example

269 views • 7 slides
- The First Crypto Merchant - Crypto Payment Crypto Payment for online shops for retail shops

- The First Crypto Merchant - Crypto Payment Crypto Payment for online shops for retail shops

- The First Crypto Merchant - Crypto Payment Crypto Payment for online shops for retail shops Did you know? Our payment system has ZERO FEES for processing payments How it works? It takes only a few minutes to complete Merchant Initiate

269 views • 11 slides
Javascript Crypto &amp; The Case Against Crypto Reductionism Ben Adida Mozilla Workshop on

Javascript Crypto &amp; The Case Against Crypto Reductionism Ben Adida Mozilla Workshop on

Javascript Crypto &amp; The Case Against Crypto Reductionism Ben Adida Mozilla Workshop on Real-World Crypto January 2013 promote openness, innovation &amp; opportunity on the Web. previously easy to deploy easy to use privacy

610 views • 22 slides
Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Achieving security

Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Achieving security

Crypto intro Crypto intro Symmetric crypto Symmetric crypto Achieving security goals with symmetric crypto Achieving security goals with symmetric crypto Radboud University Nijmegen Radboud University Nijmegen e-Passport example

1.11k views • 12 slides
Computer Security: Secret Key Crypto B. Jacobs Institute for Computing and Information Sciences

Computer Security: Secret Key Crypto B. Jacobs Institute for Computing and Information Sciences

Crypto intro Symmetric crypto Achieving security goals with symmetric crypto Radboud University Nijmegen e-Passport example Encryption: modes of operation Computer Security: Secret Key Crypto B. Jacobs Institute for Computing and Information

856 views • 73 slides
Outline Public key crypto RSA Essentials Computer Security: Public Key Crypto Public Key Crypto

Outline Public key crypto RSA Essentials Computer Security: Public Key Crypto Public Key Crypto

Public key crypto Public key crypto RSA Essentials RSA Essentials Public Key Crypto in Java Public Key Crypto in Java Radboud University Nijmegen Radboud University Nijmegen Public key protocols Public key protocols Diffie-Hellman and El

448 views • 16 slides
w w w . a d i t u s . n e t Crypto-currencies have created a new class of a ffl uent individuals

w w w . a d i t u s . n e t Crypto-currencies have created a new class of a ffl uent individuals

Aditus Luxury Access Platform for Crypto A ffl uents Presentation 21 Nov 2017 w w w . a d i t u s . n e t Crypto-currencies have created a new class of a ffl uent individuals Crypto-currency values have been the best performing asset class

206 views • 19 slides
Algorithms, cryptography and protocols DONT EVER ROLL YOUR OWN PROTOCOL, CRYPTO ALGO, CRYPTO

Algorithms, cryptography and protocols DONT EVER ROLL YOUR OWN PROTOCOL, CRYPTO ALGO, CRYPTO

Algorithms, cryptography and protocols DONT EVER ROLL YOUR OWN PROTOCOL, CRYPTO ALGO, CRYPTO Use this space to add an image. IMPLEMENTATION, OR CRYPTO RNG Insert an image and change the scale to cover this box. ALSO, KEY MANAGEMENT IS

1.01k views • 81 slides
19 big enough? What marketing says Generate public keys 56-bit crypto: Broken. on a

19 big enough? What marketing says Generate public keys 56-bit crypto: Broken. on a

Is 2 255 19 big enough? What marketing says Generate public keys 56-bit crypto: Broken. on a strong elliptic curve 128-bit crypto: Okay. over the field Z (2 255 19). 256-bit crypto: High security! Is that safe? 512-bit

121 views • 11 slides
Ethereum and the crypto landscape Different Crypto Value Propositions Name Payment Platform

Ethereum and the crypto landscape Different Crypto Value Propositions Name Payment Platform

Ethereum and the crypto landscape Different Crypto Value Propositions Name Payment Platform Stable Coin Dapps Sum $ Bitcoin 154.00 $ Ethereum 29.00 $ XRP 18.70 $ BCH 7.70 $ EOS 7.20 $ LiteCoin 7.00 $ BNB 4.70 $ Tether

160 views • 12 slides
Getting Post-Quantum Crypto Algorithms Ready for Deployment End of ECRYPT II Event: Crypto for

Getting Post-Quantum Crypto Algorithms Ready for Deployment End of ECRYPT II Event: Crypto for

Getting Post-Quantum Crypto Algorithms Ready for Deployment End of ECRYPT II Event: Crypto for 2020 Tim Gneysu Hardware Security Group Horst Grtz Institute for IT-Security, Bochum 1/24/2013 Outline Introduction Alternative Public-Key

735 views • 55 slides
Future Challenges for Lightweight Cryptography F.-X. Standaert UCL Crypto Group Crypto for 2020,

Future Challenges for Lightweight Cryptography F.-X. Standaert UCL Crypto Group Crypto for 2020,

Future Challenges for Lightweight Cryptography F.-X. Standaert UCL Crypto Group Crypto for 2020, Tenerife, January 2013 Outline 1 1. Past results 2. Future challenges 1. Block ciphers 2 TEA, NOEKEON, AES, SERPENT, ICEBERG, HIGHT,

844 views • 68 slides
Computer Security: Public Key Crypto B. Jacobs Institute for Computing and Information Sciences

Computer Security: Public Key Crypto B. Jacobs Institute for Computing and Information Sciences

Public key crypto RSA Essentials Public Key Crypto in Java Radboud University Nijmegen Public key protocols Diffie-Hellman and El Gamal Computer Security: Public Key Crypto B. Jacobs Institute for Computing and Information Sciences

1.23k views • 100 slides
Crypto Meets Web Security [Finish Asymmetric Crypto; Web Certificates] Fall 2017 Franziska

Crypto Meets Web Security [Finish Asymmetric Crypto; Web Certificates] Fall 2017 Franziska

CSE 484 / CSE M 584: Computer Security and Privacy Crypto Meets Web Security [Finish Asymmetric Crypto; Web Certificates] Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi

849 views • 25 slides
Outline More crypto protocols CSci 5271 Introduction to Computer Security Announcements

Outline More crypto protocols CSci 5271 Introduction to Computer Security Announcements

Outline More crypto protocols CSci 5271 Introduction to Computer Security Announcements intermission More crypto protocols and failures Stephen McCamant More causes of crypto failure University of Minnesota, Computer Science &amp;

430 views • 4 slides
METHAMPHETAMINE TASK FORCE OVERVIEW &amp; UPDATES HEALTH COMMISSION FINANCE &amp; PLANNING

METHAMPHETAMINE TASK FORCE OVERVIEW &amp; UPDATES HEALTH COMMISSION FINANCE &amp; PLANNING

SAN FRANCISCO METHAMPHETAMINE TASK FORCE OVERVIEW &amp; UPDATES HEALTH COMMISSION FINANCE &amp; PLANNING COMMITTEE FEBRUARY 18, 2020 PATRICK CHANG OFFICE OF POLICY &amp; PLANNING PRESENTATION OVERVIEW Methamphetamine Use in SF

453 views • 12 slides
My project pitch: Looking inside the minds of your children . By Sophie W Elevator speech:

My project pitch: Looking inside the minds of your children . By Sophie W Elevator speech:

My project pitch: Looking inside the minds of your children . By Sophie W Elevator speech: For my capstone project for the humanities class, I wanted to introduce a subject that was not necessarily something people think of everyday, but is

307 views • 11 slides
3/30/20 ADHD Medication Answers with Laurie Dupar, PMHNP, RN, PCC Nurse Practitioner, ADHD

3/30/20 ADHD Medication Answers with Laurie Dupar, PMHNP, RN, PCC Nurse Practitioner, ADHD

3/30/20 ADHD Medication Answers with Laurie Dupar, PMHNP, RN, PCC Nurse Practitioner, ADHD Life Coach &amp; Founder, International ADHD Coach Training Center iACTcenter.com The International ADHD Coach Training Center Class # 5: Cracking

426 views • 7 slides
ADHD: ADHD: Differential Diagnosis and Treatment Differential Diagnosis and Treatment

ADHD: ADHD: Differential Diagnosis and Treatment Differential Diagnosis and Treatment

UNC- -CH School of Social Work CH School of Social Work UNC Clinical Lecture Series Clinical Lecture Series ADHD: ADHD: Differential Diagnosis and Treatment Differential Diagnosis and Treatment Strategies Across the Life Course Strategies

686 views • 36 slides
iRODS and the RENCI Data Working Group Howard Lander Michael Shoffner The Renaissance Computing

iRODS and the RENCI Data Working Group Howard Lander Michael Shoffner The Renaissance Computing

iRODS and the RENCI Data Working Group Howard Lander Michael Shoffner The Renaissance Computing Institute Formed in 2004 as a collaborative institute involving the University of North Carolina at Chapel Hill, Duke University and North

506 views • 15 slides
Agility: Possibilities at a Personal Level Linda Rising linda@lindarising.org

Agility: Possibilities at a Personal Level Linda Rising linda@lindarising.org

Agility: Possibilities at a Personal Level Linda Rising linda@lindarising.org www.lindarising.org Coffee, tea, or cola? The most popular drinks in the world. Different taste and smell, but all contain significant amounts of caffeine.

804 views • 28 slides
Vote For Your Favorite Costume! B C A D E F &quot;Dog Parade&quot; by editrixie is licensed

Vote For Your Favorite Costume! B C A D E F &quot;Dog Parade&quot; by editrixie is licensed

Vote For Your Favorite Costume! B C A D E F &quot;Dog Parade&quot; by editrixie is licensed under CC BY-ND 2.0 and annulla 1 Day 2 October 17, 2019 Learning Session 2 Welcome and Recap of Day 1 Jennifer Leonardo, PhD, MSW, LCSW

946 views • 82 slides
Below the Stomach 121 Counter Attack Lines close close Bearish Bullish Bearish Bullish 122

Below the Stomach 121 Counter Attack Lines close close Bearish Bullish Bearish Bullish 122

Below the Stomach 121 Counter Attack Lines close close Bearish Bullish Bearish Bullish 122 Not Counter Attack Lines Second session did not open high enough Both sessions were not long real bodies 123 Bullish Counter Attack 124

211 views • 20 slides

More recommend