lightweight circuits with shift and swap
play

Lightweight Circuits with Shift and Swap Subhadeep Banik Asian - PowerPoint PPT Presentation

Dec 07, 2023 •49 likes •489 views

Lightweight Circuits with Shift and Swap Subhadeep Banik Asian Symmetric Key Workshop, ISI Kolkata November 18, 2018 Introduction Types of Circuits: Brief background. Block cipher circuits: Round based vs Serial. Eg: Working example

  1. Lightweight Circuits with Shift and Swap Subhadeep Banik Asian Symmetric Key Workshop, ISI Kolkata November 18, 2018

  2. Introduction • Types of Circuits: Brief background. • Block cipher circuits: Round based vs Serial. ⇒ Eg: Working example with PRESENT • Relevance of lightweight circuits to current problem. • Results. 2 of 44

  3. bc bc Combinatorial vs Sequential • Combinatorial Circuits: • Behavior of the circuit is described completely by logic gates. • Eg: Multiplexer, AES S-box etc. A B ⊕ AB+CD C D Figure: Combinatorial Circuit 3 of 44

  4. bc bc bc bc Combinatorial vs Sequential • Sequential Circuits: • Behavior of the circuit is described over time. • Eg: Any circuit in which S t +1 = F ( S t ). Q In F S 0 Load Reg CLK 4 of 44 Figure: Combinatorial Circuit

  5. bc bc bc bc Combinatorial vs Sequential • Sequential Circuits: • Behavior of the circuit is described over time. • Eg: Any circuit in which S t +1 = F ( S t ). Q In F S 0 Load Reg CLK 1 0 CLK Load 0x1234 S 0 0x1234 0x2345 0x3456 In 0xXXXX 0x1234 0x2345 Q F ( Q ) 0xXXXX 0x2345 0x3456 5 of 44 Figure: Combinatorial Circuit

  6. bc bc bc bc b b b b Block Cipher Circuits • Repeated application of Round Fn: similar to previous circuit. • However can be implemented using both ideologies. • Eg: Fully unrolled AES. RF 1 RF 2 RF 3 RF 10 PT CT KS 1 KS 2 KS 3 KS 10 K 6 of 44 Figure: Combinatorial Circuit

  7. bc bc bc bc Block Cipher Circuits • Round Based Circuits. • One round Function Executed per clock cycle. • S 0 = PT || K || 0, F = RF || KS || ( i → i + 1). Q In F S 0 Load Reg CLK 7 of 44 Figure: Combinatorial Circuit

  8. bc bc bc bc b b b b b b b b Block Cipher Circuits: PRESENT • Serialized Circuit: One S-box (lightweight implementation). • Circuit by Rolfes et al. [CARDIS 08]. • Less than 1000 GE. K XX XX XX XX XX S 0 ← PT For i = 1 → 31 do ⊕ S A . U i ← Sbox ( S i − 1 ⊕ K i − 1 ) PT B . S i ← P.Layer ( U i ) XX XX XX XX 8 of 44

  9. bc bc bc bc b b b b b b b b Block Cipher Circuits: PRESENT • Serialized Circuit: One S-box (lightweight implementation). • Circuit by Rolfes et al. [CARDIS 08]. • Less than 1000 GE. K K 19 XX XX XX XX S 0 ← PT For i = 1 → 31 do ⊕ S A . U i ← Sbox ( S i − 1 ⊕ K i − 1 ) PT B . S i ← P.Layer ( U i ) XX XX XX XX 9 of 44

  10. bc bc bc bc b b b b b b b b Block Cipher Circuits: PRESENT • Serialized Circuit: One S-box (lightweight implementation). • Circuit by Rolfes et al. [CARDIS 08]. • Less than 1000 GE. K K 18 K 19 XX XX XX S 0 ← PT For i = 1 → 31 do ⊕ S A . U i ← Sbox ( S i − 1 ⊕ K i − 1 ) PT B . S i ← P.Layer ( U i ) XX XX XX XX 10 of 44

  11. bc bc bc bc b b b b b b b b Block Cipher Circuits: PRESENT • Serialized Circuit: One S-box (lightweight implementation). • Circuit by Rolfes et al. [CARDIS 08]. • Less than 1000 GE. K K 17 K 18 K 19 XX XX S 0 ← PT For i = 1 → 31 do ⊕ S A . U i ← Sbox ( S i − 1 ⊕ K i − 1 ) PT B . S i ← P.Layer ( U i ) XX XX XX XX 11 of 44

  12. bc bc bc bc b b b b b b b b Block Cipher Circuits: PRESENT • Serialized Circuit: One S-box (lightweight implementation). • Circuit by Rolfes et al. [CARDIS 08]. • Less than 1000 GE. K K 16 K 17 K 18 K 19 XX S 0 ← PT For i = 1 → 31 do ⊕ S A . U i ← Sbox ( S i − 1 ⊕ K i − 1 ) PT B . S i ← P.Layer ( U i ) XX XX XX XX 12 of 44

  13. bc bc bc bc b b b b b b b b Block Cipher Circuits: PRESENT • Serialized Circuit: One S-box (lightweight implementation). • Circuit by Rolfes et al. [CARDIS 08]. • Less than 1000 GE. K K 15 K 16 K 17 K 18 XX S 0 ← PT For i = 1 → 31 do ⊕ S A . U i ← Sbox ( S i − 1 ⊕ K i − 1 ) PT B . S i ← P.Layer ( U i ) P 15 XX XX XX 13 of 44

  14. bc bc bc bc b b b b b b b b Block Cipher Circuits: PRESENT • Serialized Circuit: One S-box (lightweight implementation). • Circuit by Rolfes et al. [CARDIS 08]. • Less than 1000 GE. K K 0 K 1 K 2 K 3 K 19 S 0 ← PT Q 15 For i = 1 → 31 do ⊕ S A . U i ← Sbox ( S i − 1 ⊕ K i − 1 ) PT B . S i ← P.Layer ( U i ) P 0 P 1 P 2 P 15 14 of 44

  15. bc bc bc bc b b b b b b b b Block Cipher Circuits: PRESENT • Serialized Circuit: One S-box (lightweight implementation). • Circuit by Rolfes et al. [CARDIS 08]. • Less than 1000 GE. K K 19 K 0 K 1 K 2 K 18 S 0 ← PT Q 14 For i = 1 → 31 do ⊕ S A . U i ← Sbox ( S i − 1 ⊕ K i − 1 ) PT B . S i ← P.Layer ( U i ) Q 15 P 0 P 1 P 14 15 of 44

  16. bc bc bc bc b b b b b b b b Block Cipher Circuits: PRESENT • Serialized Circuit: One S-box (lightweight implementation). • Circuit by Rolfes et al. [CARDIS 08]. • Less than 1000 GE. K K 18 K 19 K 0 K 1 K 17 S 0 ← PT Q 13 For i = 1 → 31 do ⊕ S A . U i ← Sbox ( S i − 1 ⊕ K i − 1 ) PT B . S i ← P.Layer ( U i ) Q 14 Q 15 P 0 P 13 16 of 44

  17. bc bc bc bc b b b b b b b b Block Cipher Circuits: PRESENT • After 20+16 cycles. • 1st round key addition and Substitution done. • Now to do the Permutation layer. K K 4 K 5 K 6 K 7 K 3 S 0 ← PT For i = 1 → 31 do ⊕ S A . U i ← Sbox ( S i − 1 ⊕ K i − 1 ) PT B . S i ← P.Layer ( U i ) Q 0 Q 1 Q 2 Q 15 17 of 44

  18. b b b b b b b b b b b b b b b b b b b b b bc bc bc bc b b b b b b b b b Block Cipher Circuits: PRESENT • 17th cycle dedicated to permutation layer. • Also prepare the next roundkey. • Each flip flop needs to be a scan flip-flop (144 in total). K L 19 K 4 K 5 K 6 K 7 K 3 S 0 ← PT For i = 1 → 31 do ⊕ S A . U i ← Sbox ( S i − 1 ⊕ K i − 1 ) PT B . S i ← P.Layer ( U i ) Q 0 Q 1 Q 2 Q 15 T 0 18 of 44

  19. bc bc bc bc b b b b b b b b Block Cipher Circuits: PRESENT • 1st Round now completely done. • Repeat the 17 cycles to do round 2. • Repeat 31 times. K L 0 L 1 L 2 L 3 L 19 S 0 ← PT For i = 1 → 31 do ⊕ S A . U i ← Sbox ( S i − 1 ⊕ K i − 1 ) PT B . S i ← P.Layer ( U i ) T 0 T 1 T 15 T 2 19 of 44

  20. b b b b b b b b b b b b bc bc bc bc b b b b Block Cipher Circuits: PRESENT • CHES 2017: Bit Sliding: (reducing datapath to 1 bit!!). • Use the fact that P = P 4 2 ◦ P 1 . • #Scan flip-flops: 35 (=24+11) → Area 850 GE. b 63 b 62 b 61 b 60 b 59 b 58 b 49 b 48 b 47 b 46 b 45 b 44 b 43 b 42 b 33 b 32 b 31 b 30 b 29 b 28 b 27 b 26 b 17 b 16 b 15 b 14 b 13 b 12 b 11 b 10 b 1 b 0 20 of 44

  21. b b b b Current problem Before us • More Scan flip-flops = More hardware area. • Can we reduce #Scan flip-flops to 2 ? • If so we reduce the number of implementable functions • Only Possible if P can be implemented efficiently. b 63 b 62 b 61 b 1 b 0 Sel Sel 21 of 44

  22. b b b b Current problem Before us • What functions can be implemented?. • If Sel=0, r = One bit rotate towards the left. • If Sel=1, ( b 63 , b 62 , . . . , b 1 , b 0 ) → ( b 63 , b 61 , . . . , b 0 , b 62 ) • The above function v = r ◦ w where w =SWAP( b 63 , b 62 ). b 63 b 62 b 61 b 1 b 0 Sel Sel 22 of 44

  23. b b b b Current problem Before us • Can P expressed as a composition of r , v ? • Answer is YES. • In fact r , w generate S 64 . • Delve into the theory of Permutation Groups. b 63 b 62 b 61 b 1 b 0 Sel Sel 23 of 44

  24. r , w = (63 , 62) Generate S 64 Proof • Set of all Swaps generates S 64 . • G = { (63 , 62) , (62 , 61) , (61 , 60) , . . . (1 , 0) } generates S 64 . ( i , j ) = ( i , i − 1) ◦ ( i − 1 , j ) ◦ ( i , i − 1) = ( i , i − 1) ◦ ( i − 1 , i − 2) ◦ ( i − 2 , j ) ◦ ( i − 1 , i − 2) ◦ ( i , i − 1) • Given the following identity π ◦ ( i 1 , i 2 , . . . , i k ) ◦ π − 1 = ( π ( i 1 ) , π ( i 2 ) , . . . , π ( i k )) , • Easy to see that r − (63 − i ) ◦ (63 , 62) ◦ r (63 − i ) = ( r − (63 − i ) (63) , r − (63 − i ) (62)) = ( i , i − 1) 24 of 44

  25. # Operations? Analysis • Consider (49 , 40). How many operations required ? (49 , 40) = (49 , 48) ◦ (48 , 40) ◦ (49 , 48) = (49 , 48) ◦ (48 , 47) ◦ (47 , 40) ◦ (48 , 47) ◦ (49 , 48) = (49 , 48) ◦ (48 , 47) ◦ · · · (42 , 41) ◦ (41 , 40) ◦ (42 , 41) · · · (48 , 47) ◦ (49 , 48) • (49 , 48) = r − 14 ◦ w ◦ r 14 , (48 , 47) = r − 15 ◦ w ◦ r 15 , . . . , (41 , 40) = r − 22 ◦ w ◦ r 22 • So we have (49 , 40) = r − 14 ◦ w ◦ [ r − 1 ◦ w ◦ · · · ◦ r − 1 ◦ w ] ◦ r 14 ◦ [ r ◦ w ◦ · · · ◦ r ◦ w ] � �� � � �� � 8 times 8 times = [ r 49 ◦ v ◦ r 14 ] ◦ [ r 48 ◦ v ◦ r 15 ] ◦ · · · ◦ [ r 42 ◦ v ◦ r 21 ] ◦ [ r 41 ◦ v 9 ◦ r 14 ] • 9 brackets: each takes 64 operations → 64 ∗ (49 − 40) = 576 cycles !!! 25 of 44

  26. Present Permutation Table: Specifications of Present bit-permutation layer. i 0 1 2 3 4 5 6 7 P ( i ) 0 16 32 48 1 17 33 49 8 9 10 11 12 13 14 15 i P ( i ) 2 18 34 50 3 19 35 51 i 16 17 18 19 20 21 22 23 P ( i ) 4 20 36 52 5 21 37 53 24 25 26 27 28 29 30 31 i P ( i ) 6 22 38 54 7 23 39 55 i 32 33 34 35 36 37 38 39 P ( i ) 8 24 40 56 9 25 41 57 40 41 42 43 44 45 46 47 i P ( i ) 10 26 42 58 11 27 43 59 i 48 49 50 51 52 53 54 55 P ( i ) 12 28 44 60 13 29 45 61 56 57 58 59 60 61 62 63 i P ( i ) 14 30 46 62 15 31 47 63 26 of 44

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

MDS Matrices with Lightweight Circuits Sbastien Duval Gatan Leurent Sebastien.Duval@inria.fr

MDS Matrices with Lightweight Circuits Sbastien Duval Gatan Leurent Sebastien.Duval@inria.fr

MDS Matrices with Lightweight Circuits Sbastien Duval Gatan Leurent Sebastien.Duval@inria.fr February 14, 2019 Introduction Lightweight Our approach Formal Results Instantiation Conclusion Security of Block Ciphers Shannons

745 views • 59 slides
Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits Shun Li , Siwei Sun,

Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits Shun Li , Siwei Sun,

Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits Shun Li , Siwei Sun, Chaoyun Li, Zihao Wei, Lei Hu FSE 2019 @ Paris, France Li, Sun et al. Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits FSE

782 views • 44 slides
Shortcuts in Dj Vu X3 vs. Dj Vu X2 Function Dj Vu X3 Shortcut Dj Vu X2 Shortcut

Shortcuts in Dj Vu X3 vs. Dj Vu X2 Function Dj Vu X3 Shortcut Dj Vu X2 Shortcut

Shortcuts in Dj Vu X3 vs. Dj Vu X2 Function Dj Vu X3 Shortcut Dj Vu X2 Shortcut Undo Ctrl+Z Ctrl+Z Redo Ctrl+Y Ctrl+Y Swap Word with Next Ctrl+Shift+N Ctrl+Shift+N Swap Word with Previous Ctrl+Shift+B Ctrl+Shift+B

413 views • 3 slides
MDS Matrices with Lightweight Circuits S ebastien Duval Ga etan Leurent March 26, 2019

MDS Matrices with Lightweight Circuits S ebastien Duval Ga etan Leurent March 26, 2019

MDS Matrices with Lightweight Circuits S ebastien Duval Ga etan Leurent March 26, 2019 Introduction Objective Search Algorithm Instantiating the Results Comparison with the Literature 2 / 18 SPN Ciphers Plaintext Shannons

482 views • 34 slides
CENG 342 Digital Systems Shift Registers Larry Pyeatt SDSM&T Compare Two Circuits What

CENG 342 Digital Systems Shift Registers Larry Pyeatt SDSM&T Compare Two Circuits What

CENG 342 Digital Systems Shift Registers Larry Pyeatt SDSM&T Compare Two Circuits What is the difference between these two circuits? What are their functions? d q d q d q d q I 3 I 2 I 1 I 0 clk clk clk clk R Q 3 Q 2 Q 1 Q

1.07k views • 9 slides
Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1.

Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1.

Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1. About Think Lightweight 2. What are Lightweight Structures? 3. Industry Applications 4. Product Line Review 5. Think Lightweight Component

832 views • 43 slides
Re-wiring plant genetic circuits - a paradigm shift from metabolic engineering to synthetic

Re-wiring plant genetic circuits - a paradigm shift from metabolic engineering to synthetic

Re-wiring plant genetic circuits - a paradigm shift from metabolic engineering to synthetic biology in plants Genes and standard components in plant engineering In the dark 3 weeks Callus ready Immature Immature embryo (2,4 D) for

238 views • 19 slides
ECED2200 Digital Circuits Serial Protocols, Registers, Shift Registers 23/07/2012 Colin

ECED2200 Digital Circuits Serial Protocols, Registers, Shift Registers 23/07/2012 Colin

ECED2200 Digital Circuits Serial Protocols, Registers, Shift Registers 23/07/2012 Colin OFlynn - CC BY-SA 1 General Notes See updates to these slides: www.newae.com/teaching These slides licensed under Creative Commons

393 views • 23 slides
Sequential Circuits Chapter 4 S. Dandamudi Outline Introduction Example chips

Sequential Circuits Chapter 4 S. Dandamudi Outline Introduction Example chips

Sequential Circuits Chapter 4 S. Dandamudi Outline Introduction Example chips Clock signal Example sequential circuits Propagation delay Shift registers Counters Latches Sequential circuit design SR

1k views • 46 slides
Sequential Circuits Chapter 4 S. Dandamudi Outline Introduction Example chips

Sequential Circuits Chapter 4 S. Dandamudi Outline Introduction Example chips

Sequential Circuits Chapter 4 S. Dandamudi Outline Introduction Example chips Clock signal Example sequential circuits Propagation delay Shift registers Latches Counters Sequential circuit design SR

107 views • 8 slides
Interest Rate Swap and Interest Rate Swap and Variable Rate Debt Programs Variable Rate Debt

Interest Rate Swap and Interest Rate Swap and Variable Rate Debt Programs Variable Rate Debt

Interest Rate Swap and Interest Rate Swap and Variable Rate Debt Programs Variable Rate Debt Programs Managing On-Going Responsibilities California Debt and Investment Advisory Commission April 11, 2008 Swap Financial Group Peter Shapiro 76

395 views • 17 slides
Z AMBIA UN Y OUTH SWAP 2015 Led: chair of the Zambia Youth SWAP (ILO) in coordination with the

Z AMBIA UN Y OUTH SWAP 2015 Led: chair of the Zambia Youth SWAP (ILO) in coordination with the

Z AMBIA UN Y OUTH SWAP 2015 Led: chair of the Zambia Youth SWAP (ILO) in coordination with the Resident Coordinator UN Agencies based in Zambia - FAO, ILO, IOM, UNECA, UNICEF, UNDP, UNFPA, UNHCR, WFP The Ministry of Youth and Sports

837 views • 6 slides
Implementation of the SWAP study findings SWAP was funded by Health Education England North

Implementation of the SWAP study findings SWAP was funded by Health Education England North

Implementation of the SWAP study findings SWAP was funded by Health Education England North Central East London and undertaken by Allied Health Solutions Purpose of this presentation This slide deck has been produced for AHP managers and AHP

211 views • 17 slides
HOLY SHIFT! Linda Zheng Roadmap You are here My Shift Introduction Shift AST Experience

HOLY SHIFT! Linda Zheng Roadmap You are here My Shift Introduction Shift AST Experience

HOLY SHIFT! Linda Zheng Roadmap You are here My Shift Introduction Shift AST Experience Overview with Shift What is the Shift Project? Abstract Syntax Tree (AST) Binary Expression Identifier Identifier PLUS a + b a b

632 views • 28 slides
Cushman & Wakefield SWAP Presentation SWAP - Safe Work Assurance Platform Overview What We

Cushman & Wakefield SWAP Presentation SWAP - Safe Work Assurance Platform Overview What We

Cushman & Wakefield SWAP Presentation SWAP - Safe Work Assurance Platform Overview What We Will Learn Today Today we will be covering: What is SWAP How it will benefit you How to register How to register

447 views • 30 slides
The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will

The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will

The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will revolutionise the international high-rise construction industry Tony Zaccarini and Dr Patrick OBrien The lightweight beam for Heavyweight

417 views • 12 slides
Yasser F. O. Mohammad 2010.2.23 REMINDER 1: Active Attacks Masquerade Modification Replay DoS

Yasser F. O. Mohammad 2010.2.23 REMINDER 1: Active Attacks Masquerade Modification Replay DoS

Yasser F. O. Mohammad 2010.2.23 REMINDER 1: Active Attacks Masquerade Modification Replay DoS REMINDER 2: Security Services in X.800 Authentication 1. Pear entity authentication Data origin authentication Access Control 2.

618 views • 13 slides
Strings l Chapter 3s problem context is cryptography, but mostly it is about strings and

Strings l Chapter 3s problem context is cryptography, but mostly it is about strings and

Starting chapter 3 Strings l Chapter 3s problem context is cryptography, but mostly it is about strings and related ideas l Strings are basically sequences of characters l A string literal is enclosed in quotes ( '' or in Python):

292 views • 12 slides
Cryptography and Network Security Bhaskaran Raman Department of CSE, IIT Kanpur Reference:

Cryptography and Network Security Bhaskaran Raman Department of CSE, IIT Kanpur Reference:

Cryptography and Network Security Bhaskaran Raman Department of CSE, IIT Kanpur Reference: Whitfield Diffie and Martin E. Hellman, Privacy and Authentication: An Introduction to Cryptography, in Proc. IEEE, vol. 67, no.3, pp. 397 - 427,

360 views • 17 slides
McBits: fast constant-time code-based cryptography (to appear at CHES 2013) D. J. Bernstein

McBits: fast constant-time code-based cryptography (to appear at CHES 2013) D. J. Bernstein

McBits: fast constant-time code-based cryptography (to appear at CHES 2013) D. J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Joint work with: Tung Chou Technische Universiteit Eindhoven Peter

823 views • 46 slides
Computational Survivalism Compiler(s) for the End of Moores Law: a case study Pierre-

Computational Survivalism Compiler(s) for the End of Moores Law: a case study Pierre-

Computational Survivalism Compiler(s) for the End of Moores Law: a case study Pierre- Evariste Dagand Joint work with Darius Mercadier Based on an original idea from Xavier Leroy LIP6 CNRS Inria Sorbonne Universit e 1 / 31

775 views • 76 slides
On Keccak and SHA-3 Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2 Gilles Van Assche 1 1

On Keccak and SHA-3 Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2 Gilles Van Assche 1 1

On Keccak and SHA-3 Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2 Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Icebreak 2013 Reykjavik, Iceland June 8, 2013 1 / 61 Outline 1 Origins 2 The sponge construction 3 Inside

1.12k views • 71 slides
Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller Daniele Micciancio 1 Chris Peikert 2 1

Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller Daniele Micciancio 1 Chris Peikert 2 1

Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller Daniele Micciancio 1 Chris Peikert 2 1 UC San Diego 2 Georgia Tech IBM Research 8 September 2011 1 / 17 Lattice-Based Cryptography p d o m x g = y N = = p m e mod N

1.2k views • 82 slides
Mod-NTRU trapdoors and applications Alexandre Wallet Lattices: From Theory to Practice Simons

Mod-NTRU trapdoors and applications Alexandre Wallet Lattices: From Theory to Practice Simons

Mod-NTRU trapdoors and applications Alexandre Wallet Lattices: From Theory to Practice Simons Institute, 29/04/2020 Based on a joint work with Chitchanok Chuengsatiansup, Thomas Prest, Damien Stehl and Keita Xagawa, ePrint 2019/1456 1/17 A.

540 views • 28 slides

More recommend