primates v1 1
play

PRIMATEs v1.1: A Submission to the CAESAR Competition Elena - PowerPoint PPT Presentation

Aug 19, 2023 •142 likes •953 views

PRIMATEs v1.1: A Submission to the CAESAR Competition Elena Andreeva, Begl Bilgin, Andrey Bogdanov, Atul Luykx, Florian Mendel, Bart Mennink, Nicky Mouha,Qingju Wang, and Kan Yasuda 1 July 2014, Bochum PRIMATEs GIBBON APE HANUMAN 2

  1. PRIMATEs v1.1: A Submission to the CAESAR Competition Elena Andreeva, Begül Bilgin, Andrey Bogdanov, Atul Luykx, Florian Mendel, Bart Mennink, Nicky Mouha,Qingju Wang, and Kan Yasuda 1 July 2014, Bochum

  2. PRIMATEs GIBBON APE HANUMAN 2

  3. PRIMATEs GIBBON APE HANUMAN Misuse resistant 2

  4. PRIMATEs GIBBON APE HANUMAN Misuse resistant Security with ideal permutation 2

  5. PRIMATEs GIBBON APE HANUMAN Misuse Trades-off security resistant with speed Security with ideal permutation 2

  6. PRIMATEs • Sponge inspired (9) 3

  7. PRIMATEs • Sponge inspired (9) 3

  8. PRIMATEs • Sponge inspired permutation PRIMATE-80 PRIMATE-120 security 80 bits 120 bits b (state size) 200 bits 280 bits c (capacity size) 160 bits 240 bits r (rate size) 40 bits 40 bits 4

  9. PRIMATEs • Sponge inspired permutation PRIMATE-80 PRIMATE-120 security 80 bits 120 bits b (state size) 200 bits 280 bits c (capacity size) 160 bits 240 bits r (rate size) 40 bits 40 bits • Lightweight 4

  10. PRIMATEs • Sponge inspired permutation PRIMATE-80 PRIMATE-120 security 80 bits 120 bits b (state size) 200 bits 280 bits c (capacity size) 160 bits 240 bits r (rate size) 40 bits 40 bits • Lightweight • Suggested A and M size is max. 2 80 (resp. 2 120 ) bits 4

  11. PRIMATEs • Sponge inspired permutation PRIMATE-80 PRIMATE-120 security 80 bits 120 bits b (state size) 200 bits 280 bits c (capacity size) 160 bits 240 bits r (rate size) 40 bits 40 bits • Lightweight • Suggested A and M size is max. 2 80 (resp. 2 120 ) bits • Countermeasure against DPA is efficient 4

  12. HANUMAN A[1] A[2] A[u] M[1] M[w] [C[w]] M[w] C[1] 0 r p 1 p 4 ... p 1 ... p 1 p 1 p 4 K||N T K K, N and T are 80 (resp. 120) bits 5

  13. HANUMAN A[1] A[2] A[u] M[1] M[w] [C[w]] M[w] C[1] 0 r p 1 p 4 ... p 1 ... p 1 p 1 p 4 K||N T K K, N and T are 80 (resp. 120) bits • Nonce based 5

  14. HANUMAN A[1] A[2] A[u] M[1] M[w] [C[w]] M[w] C[1] 0 r p 1 p 4 ... p 1 ... p 1 p 1 p 4 K||N T K K, N and T are 80 (resp. 120) bits • Nonce based • Online encryption 5

  15. HANUMAN A[1] A[2] A[u] M[1] M[w] [C[w]] M[w] C[1] 0 r p 1 p 4 ... p 1 ... p 1 p 1 p 4 K||N T K K, N and T are 80 (resp. 120) bits • Nonce based • Online encryption • Two permutations for domain separation 5

  16. HANUMAN A[1] A[2] A[u] M[1] M[w] [C[w]] M[w] C[1] 0 r p 1 p 4 ... p 1 ... p 1 p 1 p 4 K||N T K K, N and T are 80 (resp. 120) bits • Nonce based • Online encryption • Two permutations for domain separation • No need for inverse permutations 5

  17. HANUMAN A[1] A[2] A[u] M[1] M[w] [C[w]] M[w] C[1] 0 r p 1 p 4 ... p 1 ... p 1 p 1 p 4 K||N T K K, N and T are 80 (resp. 120) bits • Nonce based • Online encryption • Two permutations for domain separation • No need for inverse permutations • No ciphertext extension 5

  18. HANUMAN A[1] A[2] A[u] M[1] M[w] [C[w]] M[w] C[1] 0 r p 1 p 4 ... p 1 ... p 1 p 1 p 4 K||N T K K, N and T are 80 (resp. 120) bits 6

  19. HANUMAN A[1] A[2] A[u] M[1] M[w] [C[w]] M[w] C[1] 0 r p 1 p 4 ... p 1 ... p 1 p 1 p 4 K||N T K K, N and T are 80 (resp. 120) bits • Wrong T → NO ciphertext output 6

  20. HANUMAN A[1] A[2] A[u] M[1] M[w] [C[w]] M[w] C[1] 0 r p 1 p 4 ... p 1 ... p 1 p 1 p 4 K||N T K K, N and T are 80 (resp. 120) bits • Wrong T → NO ciphertext output • Security proof with ideal permutation assumption 6

  21. HANUMAN A[1] A[2] A[u] M[1] M[w] [C[w]] M[w] C[1] 0 r p 1 p 4 ... p 1 ... p 1 p 1 p 4 K||N T K K, N and T are 80 (resp. 120) bits • Wrong T → NO ciphertext output • Security proof with ideal permutation assumption • No distinguishers in 12 round p 1 and p 4 6

  22. GIBBON A[1] A[u] M[1] M[w] [C[w]] M[w] C[1] 0 r ... ... p 2 p 2 p 3 p 3 p 3 p 1 p 1 K||N T K K||0 c/2 K||0 c/2 K, N and T are 80 (resp. 120) bits Same story, except: 7

  23. GIBBON A[1] A[u] M[1] M[w] [C[w]] M[w] C[1] 0 r ... ... p 2 p 2 p 3 p 3 p 3 p 1 p 1 K||N T K K||0 c/2 K||0 c/2 K, N and T are 80 (resp. 120) bits Same story, except: • Key additions against trivial key recovery or forgery attacks 7

  24. GIBBON A[1] A[u] M[1] M[w] [C[w]] M[w] C[1] 0 r ... ... p 2 p 2 p 3 p 3 p 3 p 1 p 1 K||N T K K||0 c/2 K||0 c/2 K, N and T are 80 (resp. 120) bits Same story, except: • Key additions against trivial key recovery or forgery attacks • Three permutations 7

  25. GIBBON A[1] A[u] M[1] M[w] [C[w]] M[w] C[1] 0 r ... ... p 2 p 2 p 3 p 3 p 3 p 1 p 1 K||N T K K||0 c/2 K||0 c/2 K, N and T are 80 (resp. 120) bits Same story, except: • Key additions against trivial key recovery or forgery attacks • Three permutations • Reduced round permutations (p 2 &p 3 : 6 rounds) → faster 7

  26. GIBBON A[1] A[u] M[1] M[w] [C[w]] M[w] C[1] 0 r ... ... p 2 p 2 p 3 p 3 p 3 p 1 p 1 K||N T K K||0 c/2 K||0 c/2 K, N and T are 80 (resp. 120) bits Same story, except: • Key additions against trivial key recovery or forgery attacks • Three permutations • Reduced round permutations (p 2 &p 3 : 6 rounds) → faster • No security proof 7

  27. APE M[1] N[1] A[1] A[u] M[2] N[y] M[w] C[1] C[w] [C[w-1]] M[w] 0 r p 1 p 1 p 1 ... p 1 ... p 1 ... p 1 p 1 K T 0 c-1 ||1 K N is 80 (resp. 120) bits K and T are 160 (resp. 240) bits Same story, except: • Nonce treatment • Output…. • Tag…. • Domain separation with a constant XOR • Inverse permutations are used for decryption 8

  28. APE M[1] N[1] A[1] A[u] M[2] N[y] M[w] C[1] C[w] [C[w-1]] M[w] 0 r p 1 p 1 p 1 ... p 1 ... p 1 ... p 1 p 1 K T 0 c-1 ||1 K N is 80 (resp. 120) bits K and T are 160 (resp. 240) bits Same story, except: • Nonce treatment • Output generation • T can not be truncated • Domain separation with a constant XOR 9

  29. APE M[1] N[1] A[1] A[u] M[2] N[y] M[w] C[1] C[w] [C[w-1]] M[w] 0 r p 1 p 1 p 1 ... p 1 ... p 1 ... p 1 p 1 K T 0 c-1 ||1 K N is 80 (resp. 120) bits K and T are 160 (resp. 240) bits Same story, except: • Nonce treatment • Output generation • T can not be truncated • Domain separation with a constant XOR • Inverse permutations are used for decryption 10

  30. APE M[1] N[1] A[1] A[u] M[2] N[y] M[w] C[1] C[w] [C[w-1]] M[w] 0 r p 1 p 1 p 1 ... p 1 ... p 1 ... p 1 p 1 K T 0 c-1 ||1 K N is 80 (resp. 120) bits K and T are 160 (resp. 240) bits Same story, except: • Nonce treatment • Output generation • T can not be truncated • Domain separation with a constant XOR • Inverse permutations are used for decryption 11

  31. APE M[1] N[1] A[1] A[u] M[2] N[y] M[w] C[1] C[w] [C[w-1]] M[w] 0 r p 1 p 1 p 1 ... p 1 ... p 1 ... p 1 p 1 K T 0 c-1 ||1 K N is 80 (resp. 120) bits K and T are 160 (resp. 240) bits Same story, except: • Nonce treatment • Output generation • T can not be truncated • Domain separation with a constant XOR • Inverse permutations are used for decryption 12

  32. APE M[1] N[1] A[1] A[u] M[2] N[y] M[w] C[1] C[w] [C[w-1]] M[w] 0 r p 1 p 1 p 1 ... p 1 ... p 1 ... p 1 p 1 K T 0 c-1 ||1 K N is 80 (resp. 120) bits K and T are 160 (resp. 240) bits 13

  33. APE M[1] N[1] A[1] A[u] M[2] N[y] M[w] C[1] C[w] [C[w-1]] M[w] 0 r p 1 p 1 p 1 ... p 1 ... p 1 ... p 1 p 1 K T 0 c-1 ||1 K N is 80 (resp. 120) bits K and T are 160 (resp. 240) bits • Nonce misuse resistant: Security up to common prefix 13

  34. APE M[1] N[1] A[1] A[u] M[2] N[y] M[w] C[1] C[w] [C[w-1]] M[w] 0 r p 1 p 1 p 1 ... p 1 ... p 1 ... p 1 p 1 K T 0 c-1 ||1 K N is 80 (resp. 120) bits K and T are 160 (resp. 240) bits • Nonce misuse resistant: Security up to common prefix • Secure in RUP setting 13

  35. APE M[1] N[1] A[1] A[u] M[2] N[y] M[w] C[1] C[w] [C[w-1]] M[w] 0 r p 1 p 1 p 1 ... p 1 ... p 1 ... p 1 p 1 K T 0 c-1 ||1 K N is 80 (resp. 120) bits K and T are 160 (resp. 240) bits • Nonce misuse resistant: Security up to common prefix • Secure in RUP setting • Security proof with ideal permutation assumption 13

  36. APE M[1] N[1] A[1] A[u] M[2] N[y] M[w] C[1] C[w] [C[w-1]] M[w] 0 r p 1 p 1 p 1 ... p 1 ... p 1 ... p 1 p 1 K T 0 c-1 ||1 K N is 80 (resp. 120) bits K and T are 160 (resp. 240) bits • Nonce misuse resistant: Security up to common prefix • Secure in RUP setting • Security proof with ideal permutation assumption • Other AE designs: P RØST 13

  37. PRIMATEs Ranking w.r.t security • APE - 120 • HANUMAN - 120 • GIBBON - 120 • APE - 80 • HANUMAN - 80 • GIBBON - 80 14

  38. p 1 p 2 p 3 p 4 PRIMATE Structure Primate-80 Primate-120 5x8 7x8 200-bit state 280-bit state 15

  39. p 1 p 2 p 3 p 4 PRIMATE Structure Primate-80 Primate-120 5x8 7x8 200-bit state 280-bit state 5-bit elements 5-bit elements 15

  40. p 1 p 2 p 3 p 4 PRIMATE Structure Primate-80 Primate-120 5x8 7x8 200-bit state 280-bit state 5-bit elements 5-bit elements 40-bit rate 40-bit rate 16

  41. p 1 p 2 p 3 p 4 PRIMATE Structure Primate-80 Primate-120 5x8 7x8 200-bit state 280-bit state 5-bit elements 5-bit elements 40-bit rate 40-bit rate Round Update: CA o MC o SR o SE 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Ch. 6 Primate homologies 1 Overview of the primates -Found in tropics/semi-tropics 2 TL;DR

Ch. 6 Primate homologies 1 Overview of the primates -Found in tropics/semi-tropics 2 TL;DR

Ch. 6 Primate homologies 1 Overview of the primates -Found in tropics/semi-tropics 2 TL;DR Primate shared derived traits -Primates are arboreal = adapted for living in the trees -Flexible limbs and prehensile hands/feet -Generalized dentition

480 views • 13 slides
Conservation of DNA in New World Primates Isolation of the Chorionic Gonadotropin Gene Promoter

Conservation of DNA in New World Primates Isolation of the Chorionic Gonadotropin Gene Promoter

Comparative Genomics: Conservation of DNA in New World Primates Isolation of the Chorionic Gonadotropin Gene Promoter in the Owl Monkey ( Aotus nancymaae ) LH and CG: Two Glycoprotein Hormones that Regulate Reproduction CG LH Luteinizing

376 views • 23 slides
NIPS07 tutorial (preliminary) Visual Recognition in Primates and Machines Tomaso Poggio

NIPS07 tutorial (preliminary) Visual Recognition in Primates and Machines Tomaso Poggio

NIPS07 tutorial (preliminary) Visual Recognition in Primates and Machines Tomaso Poggio (with Thomas Serre) McGovern Institute for Brain Research Center for Biological and Computational Learning Department of Brain & Cognitive

1.03k views • 99 slides
What do hidden representations learn? Other animals dont like onions (but primates do) Plaut

What do hidden representations learn? Other animals dont like onions (but primates do) Plaut

What do hidden representations learn? Other animals dont like onions (but primates do) Plaut and Shallice (1993) Mapped orthography to semantics (unrelated similarities) Compared similarities among hidden representations to those among

121 views • 9 slides
Natural History Emperor Tamarin Saguinus imperator Live: Neo-tropical Primates, South America

Natural History Emperor Tamarin Saguinus imperator Live: Neo-tropical Primates, South America

A success story of Emperor Tamarin twins raised both by humans and their family By: Michelle Jordan and Jessica Grote Primate Keepers, Denver Zoo Natural History Emperor Tamarin Saguinus imperator Live: Neo-tropical Primates, South America

460 views • 20 slides
habitats near the equator, but some species have adapted to live in colder, harsher climates.

habitats near the equator, but some species have adapted to live in colder, harsher climates.

Primates generally live in warm habitats near the equator, but some species have adapted to live in colder, harsher climates. Ground-dwelling primates have terrestrial adaptations, as well as arboreal adaptations. Primate habitats are under

389 views • 17 slides
Searching for the genetic basis of complex traits in humans and primates Vasily Ramensky UCLA

Searching for the genetic basis of complex traits in humans and primates Vasily Ramensky UCLA

Searching for the genetic basis of complex traits in humans and primates Vasily Ramensky UCLA Center for Neurobehavioral Genetics 22/03/16 University of California Los Angeles Center for Neurobehavioral Genetics -- 35-year project aimed to

742 views • 46 slides
Shigella spp. Four species ( boydii , Shigella spp. and dysenteriae , flexneri , sonnei )

Shigella spp. Four species ( boydii , Shigella spp. and dysenteriae , flexneri , sonnei )

Shigella spp. Four species ( boydii , Shigella spp. and dysenteriae , flexneri , sonnei ) Yersinia enterocolitica = serogroups Shigellosis = bacillary Dean O. Cliver dysentery Host-adapted to humans PHR 250 (primates)

492 views • 5 slides
9/26/2016 Macaque Model of Hormones and Atherosclerosis - Female Reproductive Aging Insights

9/26/2016 Macaque Model of Hormones and Atherosclerosis - Female Reproductive Aging Insights

9/26/2016 Macaque Model of Hormones and Atherosclerosis - Female Reproductive Aging Insights From Studies of Nonhuman Primates & Atherosclerosis Susan E. Appt, DVM, Associate Professor of Pathology / Comparative Medicine, Wake Forest

353 views • 9 slides
How we use animal studies to understand recovery from brain injury Ann M. Stowe, PhD Assistant

How we use animal studies to understand recovery from brain injury Ann M. Stowe, PhD Assistant

How we use animal studies to understand recovery from brain injury Ann M. Stowe, PhD Assistant Professor Neurology & Neurotherapeutics Overview Introduction to clinical stroke Post-stroke plasticity in non-human primates Stroke

731 views • 41 slides
10703 Deep Reinforcement Learning Reinforcement Learning in Humans and Animals Tom Mitchell

10703 Deep Reinforcement Learning Reinforcement Learning in Humans and Animals Tom Mitchell

10703 Deep Reinforcement Learning Reinforcement Learning in Humans and Animals Tom Mitchell October 29, 2018 Reading: Barto & Sutton Chapter 15 Tom Mitchell, October 2018 Outline RL in primates RL in humans Error signals and

448 views • 20 slides
CS681: Advanced Topics in Computational Biology Week 6 Lectures 2-3 Can Alkan EA509

CS681: Advanced Topics in Computational Biology Week 6 Lectures 2-3 Can Alkan EA509

CS681: Advanced Topics in Computational Biology Week 6 Lectures 2-3 Can Alkan EA509 calkan@cs.bilkent.edu.tr http://www.cs.bilkent.edu.tr/~calkan/teaching/cs681/ Structural Variation Classes MOBILE NOVEL ELEMENT SEQUENCE INSERTION

304 views • 27 slides
The APE Experience Nicola Cabibbo Universit di Roma La Sapienza INFN Sezione di Roma

The APE Experience Nicola Cabibbo Universit di Roma La Sapienza INFN Sezione di Roma

The APE Experience Nicola Cabibbo Universit di Roma La Sapienza INFN Sezione di Roma apeNEXT: Computational Challenges and First Physics Results Nicola Cabibbo The APE experience 8/2/2007 1 / 21 Birth and early growth of LQCD

367 views • 21 slides
glass ? From Fission Products Nuclear Glass to New Glasses Florence Bart Nuclear Energy Division

glass ? From Fission Products Nuclear Glass to New Glasses Florence Bart Nuclear Energy Division

How to synthetize a good glass ? From Fission Products Nuclear Glass to New Glasses Florence Bart Nuclear Energy Division Marcoule Center JOINT ICTP AIEA WORKSHOP 10-14 SEPTEMBER 2018 TRIESTE What is a Good Glass ? | PAGE 2

566 views • 37 slides
Fertilizer Use in Sri Lanka with special reference to CKDu Presented by Dr. C.S. Weeraratna

Fertilizer Use in Sri Lanka with special reference to CKDu Presented by Dr. C.S. Weeraratna

Fertilizer Use in Sri Lanka with special reference to CKDu Presented by Dr. C.S. Weeraratna Fertilizer use in Sri Lanka Plantation sub-sector and the Food Crop sub- sector A few decades ago- bone manure was in use. However, since

971 views • 18 slides
Importance of structural damping in the dynamic analysis of compliant deployable structures

Importance of structural damping in the dynamic analysis of compliant deployable structures

I NTRODUCTION O BJECTIVES O NE DOF SYSTEM T APE SPRING C ONCLUSIONS Importance of structural damping in the dynamic analysis of compliant deployable structures Florence Dewalque, Pierre Rochus, Olivier Brls Department of Aerospace and

327 views • 17 slides
4th Quality Estimation Shared Task WMT15 Lucia Specia , Chris Hokamp , Varvara Logacheva

4th Quality Estimation Shared Task WMT15 Lucia Specia , Chris Hokamp , Varvara Logacheva

Overview T1 - Sentence-level HTER T2 - Word-level OK/BAD T3 - Paragraph-level Meteor Discussion 4th Quality Estimation Shared Task WMT15 Lucia Specia , Chris Hokamp , Varvara Logacheva and Carolina Scarton University of

517 views • 28 slides
Decomposing Concepts with Frames Wiebke Petersen Heinrich-Heine-Universit at D usseldorf

Decomposing Concepts with Frames Wiebke Petersen Heinrich-Heine-Universit at D usseldorf

Outline Introduction Concept Classes Frames Outlook Decomposing Concepts with Frames Wiebke Petersen Heinrich-Heine-Universit at D usseldorf Research group on Functional Concepts and Frames

542 views • 32 slides
EOLE: Paving the Way for an Effective Implementation of Value Prediction Arthur Perais &

EOLE: Paving the Way for an Effective Implementation of Value Prediction Arthur Perais &

EOLE: Paving the Way for an Effective Implementation of Value Prediction Arthur Perais & Andr Seznec EMETTEUR Arthur Perais & Andr Seznec - ISCA 2014 00 MOIS 2011 6/10/2014 Value Prediction (VP) [Lipasti96][Mendelson97] Sequential

537 views • 5 slides
Potential Field Guided Sampling Based Obstacle Avoidance Reid Rizvi Rahman Sakshi Sinha Indian

Potential Field Guided Sampling Based Obstacle Avoidance Reid Rizvi Rahman Sakshi Sinha Indian

Potential Field Guided Sampling Based Obstacle Avoidance Reid Rizvi Rahman Sakshi Sinha Indian Institute of Technology, Kanpur AI Project Presentation 5th March 2014 Introduction to the Problem Introduction to the Problem Given a source S ,

311 views • 27 slides
Metallurgy and Material Selection for Mechanical Engineers A Training Course Prepared and

Metallurgy and Material Selection for Mechanical Engineers A Training Course Prepared and

Metallurgy and Material Selection for Mechanical Engineers A Training Course Prepared and delivered by: Dr. A. K. Abdul Jawwad Chapter One Structure of Metals and Alloys Introduction Physical metallurgy is concerned with exploring

1.34k views • 96 slides
CenterNet2 Xingyi Zhou, Vladlen Koltun, Philipp Krhenbhl UT Austin & Intel Labs 1

CenterNet2 Xingyi Zhou, Vladlen Koltun, Philipp Krhenbhl UT Austin & Intel Labs 1

CenterNet2 Xingyi Zhou, Vladlen Koltun, Philipp Krhenbhl UT Austin & Intel Labs 1 Conventional two-stage detector Backbone Classifier BB regression ROIAlign Stage 1 Stage 2 45ms 8ms Ren et. al, Faster R-CNN: Towards

907 views • 14 slides
Machine Reading todo From Wikipedia to the Web More on bootstrapping to the web Retrain

Machine Reading todo From Wikipedia to the Web More on bootstrapping to the web Retrain

Machine Reading todo From Wikipedia to the Web More on bootstrapping to the web Retrain too brief Daniel S. Weld Results for shrinkage independent of Department of Computer Science & Engineering retraining University of

337 views • 14 slides
Path Planning in Unknown Environment by Optimal Transport on Graph Haomin Zhou School of

Path Planning in Unknown Environment by Optimal Transport on Graph Haomin Zhou School of

Path Planning in Unknown Environment by Optimal Transport on Graph Haomin Zhou School of Mathematics, Georgia Tech Collaborators: Magnus Egerstedt (ECE, GT), Haoyan Zhai (Math, GT) Partially Supported by NSF, ONR Optimal Path In Dynamical

585 views • 33 slides

More recommend