present runs fast efficient and secure implementation in
play

PRESENT runs fast: Efficient and Secure Implementation in Software - PowerPoint PPT Presentation

Jan 09, 2024 •377 likes •733 views

PRESENT runs fast: Efficient and Secure Implementation in Software Tiago Reis , Diego Aranha, Julio L opez Institute of Computing University of Campinas September 28, 2017 T. Reis, D. Aranha, J. L opez PRESENT runs fast September 28,

  1. PRESENT runs fast: Efficient and Secure Implementation in Software Tiago Reis , Diego Aranha, Julio L´ opez Institute of Computing University of Campinas September 28, 2017 T. Reis, D. Aranha, J. L´ opez PRESENT runs fast September 28, 2017 1 / 25

  2. Introduction Lightweight crypto: focus not only on new designs, but maybe revisit old ones. PRESENT has received great deal of cryptanalytic attention. Efficiency is the goal, but we have to keep an eye on side-channel security. T. Reis, D. Aranha, J. L´ opez PRESENT runs fast September 28, 2017 2 / 25

  3. The PRESENT block cipher Proposed by Bogdanov et al. during CHES 2007 as an ultra-lightweight block cipher, with 80-bit and 128-bit key versions, operating on a 64-bit block. Substitution-permutation network built over bit permutations: hardware-friendly design, not ideal for software. k i S S S S S S S S S S S S S S S S k i +1 S S S S S S S S S S S S S S S S T. Reis, D. Aranha, J. L´ opez PRESENT runs fast September 28, 2017 3 / 25

  4. The PRESENT block cipher Input: A 64-bit block of plaintext B , a key K . Output: A 64-bit block of ciphertext C . 1: subkey = ( subkey 1 , subkey 2 , ..., subkey 32 ) ← keySchedule ( K ) 2: C ← B 3: for i = 1 to 31 do C ← C ⊕ subkey i 4: C ← S ( C ) 5: C ← P ( C ) 6: 7: end for 8: C ← C ⊕ subkey 32 9: return C T. Reis, D. Aranha, J. L´ opez PRESENT runs fast September 28, 2017 4 / 25

  5. The PRESENT block cipher The s-box, in hexadecimal notation: x 0 1 2 3 4 5 6 7 8 9 A B C D E F S ( x ) C 5 6 B 9 0 A D 3 E F 8 4 7 1 2 T. Reis, D. Aranha, J. L´ opez PRESENT runs fast September 28, 2017 5 / 25

  6. The PRESENT block cipher The s-box, in hexadecimal notation: x 0 1 2 3 4 5 6 7 8 9 A B C D E F S ( x ) C 5 6 B 9 0 A D 3 E F 8 4 7 1 2 It can be interpreted as a boolean function from { 0 , 1 } 4 to { 0 , 1 } 4 . #define PRESENT SBOX( x0 , x1 , x2 , x3 ) \ T1 = x2 ˆ x1 ; T2 = x1 & T1 ; \ T3 = x0 ˆ T2 ; T5 = x3 ˆ T3 ; \ T2 = T1 & T3 ; T1 = T1 ˆ T5 ; \ T2 = T2 ˆ x1 ; T4 = x3 | T2 ; \ x2 = T1 ˆ T4 ; x3 = ˜x3 ; \ T2 = T2 ˆ x3 ; x0 = x2 ˆ T2 ; \ T2 = T2 | T1 ; x1 = T3 ˆ T2 ; \ x3 = T5 ; T. Reis, D. Aranha, J. L´ opez PRESENT runs fast September 28, 2017 5 / 25

  7. The PRESENT block cipher Permutation P moves the i -th bit of the state to the position P ( i ): � 16 i mod 63 , if i � = 63 , P ( i ) = 63 , if i = 63 .  00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15  16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31   B =   32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47  ,  48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63  00 04 08 12 16 20 24 28 32 36 40 44 48 52 56 60  01 05 09 13 17 21 25 29 33 37 41 45 49 53 57 61   P ( B ) =   02 06 10 14 18 22 26 30 34 38 42 46 50 54 58 62  .  03 07 11 15 19 23 27 31 35 39 43 47 51 55 59 63 T. Reis, D. Aranha, J. L´ opez PRESENT runs fast September 28, 2017 6 / 25

  8. The PRESENT block cipher Permutation P moves the i -th bit of the state to the position P ( i ): � 16 i mod 63 , if i � = 63 , P ( i ) = 63 , if i = 63 .  00 01 02 03    B =    ,   00  01   P ( B ) =   02  .  03 T. Reis, D. Aranha, J. L´ opez PRESENT runs fast September 28, 2017 6 / 25

  9. The PRESENT block cipher Permutation P moves the i -th bit of the state to the position P ( i ): � 16 i mod 63 , if i � = 63 , P ( i ) = 63 , if i = 63 .  00 01 02 03 04 05 06 07    B =    ,   00 04  01 05   P ( B ) =   02 06  .  03 07 T. Reis, D. Aranha, J. L´ opez PRESENT runs fast September 28, 2017 6 / 25

  10. The PRESENT block cipher Permutation P moves the i -th bit of the state to the position P ( i ): � 16 i mod 63 , if i � = 63 , P ( i ) = 63 , if i = 63 .  00 01 02 03 04 05 06 07 08 09 10 11    B =    ,   00 04 08  01 05 09   P ( B ) =   02 06 10  .  03 07 11 T. Reis, D. Aranha, J. L´ opez PRESENT runs fast September 28, 2017 6 / 25

  11. The PRESENT block cipher Permutation P moves the i -th bit of the state to the position P ( i ): � 16 i mod 63 , if i � = 63 , P ( i ) = 63 , if i = 63 .  00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15    B =    ,   00 04 08 12  01 05 09 13   P ( B ) =   02 06 10 14  .  03 07 11 15 T. Reis, D. Aranha, J. L´ opez PRESENT runs fast September 28, 2017 6 / 25

  12. The PRESENT block cipher Permutation P moves the i -th bit of the state to the position P ( i ): � 16 i mod 63 , if i � = 63 , P ( i ) = 63 , if i = 63 .   00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31   B =   32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47  ,  48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63   00 04 08 12 16 20 24 28 32 36 40 44 48 52 56 60 01 05 09 13 17 21 25 29 33 37 41 45 49 53 57 61   P ( B ) =   02 06 10 14 18 22 26 30 34 38 42 46 50 54 58 62  .  03 07 11 15 19 23 27 31 35 39 43 47 51 55 59 63 T. Reis, D. Aranha, J. L´ opez PRESENT runs fast September 28, 2017 6 / 25

  13. Implementation strategies Two usual strategies: using large lookup tables to merge permutations and s-boxes; bitslicing. Large tables open vulnerabilities to exploits using side-channel leakage and lead to high memory usage. Bitsliced ciphers are hard to use in practice. Demand for specific situations and mode of operation. Our proposals: first, interchange permutations and s-boxes; second, decompose the permutations. T. Reis, D. Aranha, J. L´ opez PRESENT runs fast September 28, 2017 7 / 25

  14. Our proposal for PRESENT encryption Instead of applying S and then P:   00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 S ( B ) =   32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47   48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 T. Reis, D. Aranha, J. L´ opez PRESENT runs fast September 28, 2017 8 / 25

  15. Our proposal for PRESENT encryption Instead of applying S and then P:   00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 S ( B ) =   32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47   48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63   00 04 08 12 16 20 24 28 32 36 40 44 48 52 56 60 01 05 09 13 17 21 25 29 33 37 41 45 49 53 57 61 P ( S ( B )) =   02 06 10 14 18 22 26 30 34 38 42 46 50 54 58 62   03 07 11 15 19 23 27 31 35 39 43 47 51 55 59 63 T. Reis, D. Aranha, J. L´ opez PRESENT runs fast September 28, 2017 8 / 25

  16. Our proposal for PRESENT encryption We apply P and then S BS :   00 04 08 12 16 20 24 28 32 36 40 44 48 52 56 60 01 05 09 13 17 21 25 29 33 37 41 45 49 53 57 61 P ( B ) =   02 06 10 14 18 22 26 30 34 38 42 46 50 54 58 62   03 07 11 15 19 23 27 31 35 39 43 47 51 55 59 63 T. Reis, D. Aranha, J. L´ opez PRESENT runs fast September 28, 2017 9 / 25

  17. Our proposal for PRESENT encryption We apply P and then S BS :   00 04 08 12 16 20 24 28 32 36 40 44 48 52 56 60 01 05 09 13 17 21 25 29 33 37 41 45 49 53 57 61 P ( B ) =   02 06 10 14 18 22 26 30 34 38 42 46 50 54 58 62   03 07 11 15 19 23 27 31 35 39 43 47 51 55 59 63   00 04 08 12 16 20 24 28 32 36 40 44 48 52 56 60 01 05 09 13 17 21 25 29 33 37 41 45 49 53 57 61 S BS ( P ( B )) =   02 06 10 14 18 22 26 30 34 38 42 46 50 54 58 62   03 07 11 15 19 23 27 31 35 39 43 47 51 55 59 63 T. Reis, D. Aranha, J. L´ opez PRESENT runs fast September 28, 2017 9 / 25

  18. Our proposal for PRESENT encryption T. Reis, D. Aranha, J. L´ opez PRESENT runs fast September 28, 2017 10 / 25

  19. Our proposal for PRESENT encryption Input: A 64-bit block of plaintext B , a key K . Output: A 64-bit block of ciphertext C . 1: subkey = ( subkey 1 , subkey 2 , ..., subkey 32 ) ← keySchedule ( K ) 2: C ← B 3: for i = 1 to 15 do C ← C ⊕ subkey 2 i − 1 4: C ← P 0 ( C ) 5: C ← S BS ( C ) 6: C ← P 1 ( C ) 7: C ← C ⊕ P ( subkey 2 i ) 8: C ← S BS ( C ) 9: 10: end for 11: C ← C ⊕ subkey 31 12: C ← P ( C ) 13: C ← S BS ( C ) 14: C ← C ⊕ subkey 32 15: return C T. Reis, D. Aranha, J. L´ opez PRESENT runs fast September 28, 2017 11 / 25

  20. Our proposal for PRESENT encryption  00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15  16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31   B =   32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47  ,  48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63  00 16 32 48 04 20 36 52 08 24 40 56 12 28 44 60  01 17 33 49 05 21 37 53 09 25 41 57 13 29 45 61   P 0 ( B ) =   02 18 34 50 06 22 38 54 10 26 42 58 14 30 46 62  ,  03 19 35 51 07 23 39 55 11 27 43 59 15 31 47 63  00 01 02 03 16 17 18 19 32 33 34 35 48 49 50 51  04 05 06 07 20 21 22 23 36 37 38 39 52 53 54 55   P 1 ( B ) =   08 09 10 11 24 25 26 27 40 41 42 43 56 57 58 59  .  12 13 14 15 28 29 30 31 44 45 46 47 60 61 62 63 T. Reis, D. Aranha, J. L´ opez PRESENT runs fast September 28, 2017 12 / 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data

Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data

Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data Weichao Wang, Zhiwei Li, Rodney Owens, Bharat Bhargava CCSW 2009: The ACM Cloud Computing Security Workshop 1 The Problem Providing secure and

414 views • 19 slides
A Formulation of Fast Carry Chains Suitable for Efficient Implementation with Majority Elements

A Formulation of Fast Carry Chains Suitable for Efficient Implementation with Majority Elements

A Formulation of Fast Carry Chains Suitable for Efficient Implementation with Majority Elements Behrooz Parhami (2nd author) Dept. Electrical & Computer Eng. Univ. of California, Santa Barbara Dariush Abedi Ghassem Jaberipur Shahid

361 views • 25 slides
CryptoManiac: A Fast Flexible Architecture for Secure Communication Lisa Wu, Chris Weaver, and

CryptoManiac: A Fast Flexible Architecture for Secure Communication Lisa Wu, Chris Weaver, and

CryptoManiac: A Fast Flexible Architecture for Secure Communication Lisa Wu, Chris Weaver, and Todd Austin Presented by Dan Amelang Background Rise of the Internet created demand for fast and efficient cryptographic processing

309 views • 14 slides
Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message

Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message

Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message Transmission Schemes Yvo Desmedt 1 , 2 Stelios Erotokritou 1 Reihaneh Safavi-Naini 3 1 Department of Computer Science University College London, UK 2

459 views • 33 slides
Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE

Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE

Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE Convenient What is Secure Returns ? Secure Returns is a secure website where you and your clients can securely upload & download confidential

202 views • 9 slides
Efficient Pattern Recognition Algorithm Including a Fast Retina Keypoint FPGA Implementation

Efficient Pattern Recognition Algorithm Including a Fast Retina Keypoint FPGA Implementation

Efficient Pattern Recognition Algorithm Including a Fast Retina Keypoint FPGA Implementation Lester Kalms Maximilian Hajduk Diana Ghringer Technische Universitt Technische Universitt Technische Universitt Dresden, Germany Dresden,

1.35k views • 25 slides
The FASK algorithm FASK (Fast Adjacency Skewness) appeals to Skewness. It runs the Fast

The FASK algorithm FASK (Fast Adjacency Skewness) appeals to Skewness. It runs the Fast

The FASK algorithm FASK (Fast Adjacency Skewness) appeals to Skewness. It runs the Fast Adjacency Search (FAS) to find edges that can be found from linearity. It uses a heuristic skewness rule to add additional edges to the graph.

487 views • 9 slides
Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure

Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure

Secure and Efficient Metering Discussion Outline Clarifications Attack on Secure Metering Issues and Extensions Real World Other Directions Metering for General Access Structures Understanding the model Audit Agency

480 views • 35 slides
Secure and efficient deep learning everywhere Octomizer Outline Who we are (recap) Deployment

Secure and efficient deep learning everywhere Octomizer Outline Who we are (recap) Deployment

Secure and efficient deep learning everywhere Octomizer Outline Who we are (recap) Deployment pain The vision The Octomizer: TVM for everyone 2 Simple, secure, and efficient Drive TVM adoption Expand the set of users who can deployment of

370 views • 14 slides
Defining Efficiency CSE 421: Intro Algorithms Runs fast on typical real problem instances

Defining Efficiency CSE 421: Intro Algorithms Runs fast on typical real problem instances

Defining Efficiency CSE 421: Intro Algorithms Runs fast on typical real problem instances 2: Analysis Pro: sensible, bottom-line-oriented Summer 2007 Larry Ruzzo Con: moving target (diff computers, compilers, Moores law) highly

380 views • 7 slides
Efficient Implementation of a Generalized Pair HMM for Efficient Implementation of a Generalized

Efficient Implementation of a Generalized Pair HMM for Efficient Implementation of a Generalized

Efficient Implementation of a Generalized Pair HMM for Efficient Implementation of a Generalized Pair HMM for Comparative Gene Finding Comparative Gene Finding B. Majoros M. Pertea S.L. Salzberg ab initio (optional) gene finder genome 1

572 views • 34 slides
A Fast Algorithm for Permutation Pattern Matching Based on Alternating Runs Marie-Louise Bruner

A Fast Algorithm for Permutation Pattern Matching Based on Alternating Runs Marie-Louise Bruner

A Fast Algorithm for Permutation Pattern Matching Based on Alternating Runs Marie-Louise Bruner (Joint work with Martin Lackner) Vienna University of Technology June 13, 2012 Permutation Patterns, Glasgow Marie-Louise Bruner A Fast Algorithm

661 views • 37 slides
Secure and Efficient Metering Moni Naor and Benny Pinkas Eurocrypt '98 Contents Motivation

Secure and Efficient Metering Moni Naor and Benny Pinkas Eurocrypt '98 Contents Motivation

Secure and Efficient Metering Moni Naor and Benny Pinkas Eurocrypt '98 Contents Motivation One approach Lightweight Security Secure and Efficient Metering Motivation Advertising Webpage popularity Cost Measure

993 views • 49 slides
Efficient Cryptography on the RISC-V Architecture Ko Stoffelen Tl;dr In this talk: Fast

Efficient Cryptography on the RISC-V Architecture Ko Stoffelen Tl;dr In this talk: Fast

Efficient Cryptography on the RISC-V Architecture Ko Stoffelen Tl;dr In this talk: Fast AES-128 assembly for RV32I Fast ChaCha20 assembly for RV32I Fast Keccak- f [1600] assembly for RV32I Fast arbitrary-precision integer

421 views • 19 slides
Fast & Secure LTE Connectivity Solutions Fast & Secure LTE Connectivity Solutions Remote

Fast & Secure LTE Connectivity Solutions Fast & Secure LTE Connectivity Solutions Remote

April 29 th Webinar April 29 th Webinar Fast & Secure LTE Connectivity Solutions Fast & Secure LTE Connectivity Solutions Remote Ready, Productively Working From Home Remote Ready, Productively Working From Home Bryan Buckley Director

646 views • 28 slides
Present consciousness is woven from the tapestry of the past Al Pesso 1 Memory runs

Present consciousness is woven from the tapestry of the past Al Pesso 1 Memory runs

Present consciousness is woven from the tapestry of the past Al Pesso 1 Memory runs the show Al Pesso 2 Shape: Countershape M e a n i n g E nergy A c t i o n I n t e r a c t i o n 3 Deficits: too little

456 views • 12 slides
Component- -based, Context based, Context- -aware aware Component Software Systems Software

Component- -based, Context based, Context- -aware aware Component Software Systems Software

Component- -based, Context based, Context- -aware aware Component Software Systems Software Systems Workshop on Spontaneous Networking Rutgers University Michael Przybilski 1 10.05.2006 michael.przybilski@cs.helsinki.fi Outline

593 views • 19 slides
PROFIBUS PA Mittuniversitetet Profibus PA is the same protocol as Profibus DP. The

PROFIBUS PA Mittuniversitetet Profibus PA is the same protocol as Profibus DP. The

PROFIBUS PA Mittuniversitetet Profibus PA is the same protocol as Profibus DP. The physical medium is different with reduced voltage and current levels to meet the requirements of intrinsically safe areas. Profibus PA is designed to

912 views • 50 slides
KAM for quasi-linear KdV Massimiliano Berti Toronto, 10-1-2014, Conference on Hamiltonian

KAM for quasi-linear KdV Massimiliano Berti Toronto, 10-1-2014, Conference on Hamiltonian

The problem Literature Main results Proof: forced case Proof: Autonomous case KAM for quasi-linear KdV Massimiliano Berti Toronto, 10-1-2014, Conference on Hamiltonian PDEs: Analysis, Computations and Applications for the 60 -th

979 views • 40 slides
Supporting USB in a Microkernel Framework Alexander Aring, Timon Link 13. February 2014

Supporting USB in a Microkernel Framework Alexander Aring, Timon Link 13. February 2014

Supporting USB in a Microkernel Framework Alexander Aring, Timon Link 13. February 2014 Alexander Aring, Timon Link 13. February 2014 1 / 18 Ubersicht Universal Serial Bus 1 Introduction Basics Device Device-Classes Descriptors

608 views • 18 slides
Distributed Systems Principles and Paradigms Maarten van Steen VU Amsterdam, Dept. Computer

Distributed Systems Principles and Paradigms Maarten van Steen VU Amsterdam, Dept. Computer

Distributed Systems Principles and Paradigms Maarten van Steen VU Amsterdam, Dept. Computer Science Room R4.20, steen@cs.vu.nl Chapter 04: Communication Version: November 5, 2009 Contents Chapter 01: Introduction 02: Architectures 03:

710 views • 56 slides
Distributed Multimedia Systems Introduction Introducing Multimedia Systems Example target

Distributed Multimedia Systems Introduction Introducing Multimedia Systems Example target

Distributed Multimedia Systems Introduction Introducing Multimedia Systems Example target applications - networked video libraries, Internet telephony and video-conferencing Real-time systems - performing tasks and delivering results

438 views • 17 slides
Designing Networks on Chip: Designing Networks on Chip: Solutions and Challenges Solutions and

Designing Networks on Chip: Designing Networks on Chip: Solutions and Challenges Solutions and

Designing Networks on Chip: Designing Networks on Chip: Solutions and Challenges Solutions and Challenges Luca Benini Benini Luca DEIS Universita Universita` ` di di Bologna Bologna DEIS Designing a micro-network Physical

725 views • 24 slides
Video Conferencing M. Nassourou ISNM 2004 1 Media Streaming Outline Introduction

Video Conferencing M. Nassourou ISNM 2004 1 Media Streaming Outline Introduction

Media Streaming Video Conferencing M. Nassourou ISNM 2004 1 Media Streaming Outline Introduction Background Bandwidth and Compression Standards Delivery Applications Conclusion M. Nassourou ISNM 2004 2 Media

477 views • 16 slides

More recommend