shohreh sharif mansouri and elena dubrova department of
play

Shohreh Sharif Mansouri and Elena Dubrova Department of Electronic - PowerPoint PPT Presentation

Apr 24, 2023 •312 likes •556 views

An Improved Hardware Implementation of the Grain-128a Stream Cipher Shohreh Sharif Mansouri and Elena Dubrova Department of Electronic Systems Royal Institute of Technology (KTH), Stockholm Email:{shsm,dubrova}@kth.se Overview Motivation

  1. An Improved Hardware Implementation of the Grain-128a Stream Cipher Shohreh Sharif Mansouri and Elena Dubrova Department of Electronic Systems Royal Institute of Technology (KTH), Stockholm Email:{shsm,dubrova}@kth.se

  2. Overview • Motivation • Structure of Grain-128a • 4 techniques to improve implementation • Experimental results • Conclusion 2

  3. The Main Goal • Improving Grain-128a in terms of Throughput , Area and Power • We achieve it by modifying the architecture of Grain without changing its algorithm • We succeed to increase the throughput by 52% on average 3

  4. Grain Family of Stream Ciphers • Support 80-bits-key and 128-bits-key algorithms • Support 4, 8 , 16 and 32 (for Grain-128) degrees of parallelization • New version of Grain-128 (Grain-128a) supports authentication, with a maximal tag length of 32 bits 4

  5. Grain-128a • The cipher is divided into two parts: – Keystream generator section – Authentication section 5

  6. Cipher Phases The cipher goes through the following phases: • loading with the key and the initial value (IV) • Keystream initialization phase • Keystream generation phase – Authentication initialization phase – Operational phase 64 clock cycles IV Initializing the accumulator and the authentication shift register key 256 clock cycles tag No output bits Output stream 6 Producing output stream and tag

  7. How to Improve Throughput? • Throughput is determined by the critical path, which is the longest combinational path in the system • 5 potential candidates to critical path: – Dn : maximal delay from any NLFSR flip-flop to any other NLFSR flip-flop – Dhy : maximal delay from any NLFSR or LFSR flip-flop through the h and y functions to the output of the cipher – Dhya : maximal delay from any NLFSR or LFSR flip-flop through the h and y functions to any accumulator flip-flop – Da : maximal delay from any flip-flop in the authentication section of the cipher to any accumulator flip-flop – Dhyn : maximal delay from a flip-flop of the NLFSR or LFSR through the h and y functions to the first flip-flop of the NLFSR Dhya Dn Dl Da Dhy Only during initialization phase 7

  8. Our Approach • We apply four techniques: – Isolation of the authentication section (improving Dhya ) – Fibonacci-to-Galois transformation of shift registers (improving Dn ) – Multi-frequency implementation (improving Dhyn ) – Internal pipelining (improving Dhy ) 8

  9. Our Approach • Isolation of the authentication section • Fibonacci-to-Galois transformation of the feedback shift registers • Multi-frequency implementation • Internal pipelining 9

  10. 1. Isolation of the Auth. Section • Problem: – Dhya increases as the degree of parallelization of Grain- 128a grows • Possible solution: – Isolation of the authentication section by inserting flip- flops in the authentication section on the outputs of the h/y function • This solution: – Adds one cycle latency – Has no effect on security Dhya Da ff ff ff Dhy 10

  11. Our Approach • Isolation of the authentication section • Fibonacci-to-Galois transformation of the feedback shift registers • Multi-frequency implementation • Internal pipelining 11

  12. 2. Fibonacci to Galois Transformation • Improves Dhyn and Dn • Brings no area or power penalty Dn Dl Dhyn 12

  13. Fibonacci to Galois Transformation* Galois Configuration Fibonacci Configuration 2 delay=3 1 delay=3 delay=3 2 1 delay=5 Critical delay=3 Critical delay=5 f3=x0 + x2x3 f3=x0 + x2x3 +x1x2 f2=x3 +x0x1 f2=x3 f1=x2 f1=x2 f0=x1 f0=x1 *A Transformation from the Fibonacci to the Galois NLFSRs", E. Dubrova,IEEE Transactions on Information Theory , 55:11, 2009, pp. 5263-5271 13

  14. Example The transformation from Fibonnacci to Galois is not unique f 3 = x 1 x 2 + x 0 f 3 = x 0 f 3 = x 1 x 2 + x 1 x 3 + x 0 f 2 = x 3 + x 0 x 2 f 2 = x 3 + x 0 x 1 + x 0 x 2 f 2 = x 3 f 1 = x 2 f 1 = x 2 f 1 = x 2 f 0 = x 1 f 0 = x 1 f 0 = x 1 14

  15. Fibonacci to Galois Transformation • Explore the design space to find the best Galois NLFSR equivalent to a given Fibonacci NLFSR • Optimal algorithm: synthesize every possible combination and find the best solution Computationally unfeasible - we need a heuristic approach* *"An Algorithm for Constructing a Fastest Galois NLFSR Generating a Given Sequence”, J.-M.,Chabloz, S. Mansouri, E. Dubrova , in Sequences and Their Applications , LNCS 6338, 2010, pp. 41-55 15

  16. Improvement on Dl and Dn Dn Dl • Highest improvement is achieved on Dn of Grain-128a x 1 X1 X2 X4 X8 X16 X32 LFSR NLFSR LFSR NLFSR LFSR NLFSR LFSR NLFSR LFSR NLFSR LFSR NLFSR 60% 67% 53% 54% 51% 42% 26% 24% 18% 13% 0% 0% 16

  17. Our Approach • Isolation of the authentication section • Fibonacci-to-Galois transformation of the feedback shift registers • Multi-frequency implementation • Internal pipelining 17

  18. 3. Multi-Frequency Implementation • The critical paths for all versions of grain-128a are given by Dhyn • Although transforming the Grain’s configuration improves the delays ( Dn and Dl ) up to 67 %, the clock frequency of the overall Grain cipher improves only about 10% • Dhyn is active only during the keystream initialization phase • To support efficiently both the initialization and key generation phases, we suggest a dual-frequency implementation of Grain-128a Dhyn 18

  19. Multi-Frequency Implementation Clock Divider Block Grain128a phases: – Keystream initialization phase ( Dhyn path) – Keystream generation phase ( Dn path) Multi-frequency based Grain128a: initialization generation phase phase – The cipher receives only one initialization phase external clock signal (fast clk) – Slow clock is made by clock divider from fast clock – Slower clock used during the keystream initialization phase – Faster clock used during the generation phase keystream generation phase 19

  20. Our Approach • Isolation of the authentication section • Fibonacci-to-Galois transformation of the feedback shift registers • Multi-frequency implementation • Internal pipelining 20

  21. 4. Internal Pipelining • The h/y function is pipelined during the key generation phase • Advantage: – Cipher frequency is improved during key generation phase • Disadvatage: – Pipeline flip-flops overhead – Increase the latency of a fixed number of cycles during the key generation phase Dhya Dhyn Dhy 21

  22. Throughput Improvement Maximal improvement in frequency compared to the original design. Grain-128a Grain-128a Grain-128a Grain-128a Grain-128a Grain-128a Grain-128a Grain-128a Grain-128a X1 X2 X4 X8 X16 X32 X8 X16 X32 Freq. 67% 80% 65% 53% 41% 40% 32% 29% 33% Area 0% -5% -7% -10% -12 % -23% -1% -5 % -13% Power 3 -7 -13 -4 -11 1 -2% 1% 4% More information about different trade- offs can be found in the paper 22

  23. Conclusion • High throughput improvement • Limited area/power impact • Techniques compatible with the standard ASIC flow • Some techniques can be applied to other ciphers 23

  24. Thank You for your attention Questions? F2G: http://web.it.kth.se/~dubrova/fib2gal.html

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

An Improved Hardware Implementation of the Quark Hash Function Shohreh Sharif Mansouri and Elena

An Improved Hardware Implementation of the Quark Hash Function Shohreh Sharif Mansouri and Elena

An Improved Hardware Implementation of the Quark Hash Function Shohreh Sharif Mansouri and Elena Dubrova Department of Electronic Systems Royal Institute of Technology (KTH), Stockholm Email:{shsm,dubrova}@kth.se Overview Motivation

417 views • 20 slides
A Countermeasure Against Power Analysis Attacks for FSR-Based Stream Ciphers Shohreh Sharif

A Countermeasure Against Power Analysis Attacks for FSR-Based Stream Ciphers Shohreh Sharif

A Countermeasure Against Power Analysis Attacks for FSR-Based Stream Ciphers Shohreh Sharif Mansouri and Elena Dubrova Department of Electronic Systems, School of ICT, KTH - Royal Institute of Technology, Stockholm Email:{shsm,dubrova}@kth.se

457 views • 17 slides
Internet-of-Things and Deep Learning Elena Dubrova School of Electrical Engineering and Computer

Internet-of-Things and Deep Learning Elena Dubrova School of Electrical Engineering and Computer

Security Challenges in the era of Internet-of-Things and Deep Learning Elena Dubrova School of Electrical Engineering and Computer Science Royal Institute of Technology (KTH) 1 What concerns you about a world of connected IoT devices?

652 views • 28 slides
Non-Silicon Non-Binary Computing: Why Not? Elena Dubrova, Yusuf Jamal, Jimson Mathew Royal

Non-Silicon Non-Binary Computing: Why Not? Elena Dubrova, Yusuf Jamal, Jimson Mathew Royal

Non-Silicon Non-Binary Computing: Why Not? Elena Dubrova, Yusuf Jamal, Jimson Mathew Royal Institute of Technology Stockholm, Sweden Overview Motivation Introduction to multiple-valued computing Implementation of multiple-valued

489 views • 24 slides
Programming Instructor PanteA Zardoshti Department of Computer Engineering Sharif University of

Programming Instructor PanteA Zardoshti Department of Computer Engineering Sharif University of

Parallel Programming Instructor PanteA Zardoshti Department of Computer Engineering Sharif University of Technology e-mail: azad@sharif.edu Object Learn how to program numberical methods 2 Computational Mathematics, OpenMP , Sharif

868 views • 51 slides
Masters Thesis Information SoC Master Program, year 2 SoC Master Program, year 2 Elena

Masters Thesis Information SoC Master Program, year 2 SoC Master Program, year 2 Elena

Masters Thesis Information SoC Master Program, year 2 SoC Master Program, year 2 Elena Dubrova November 19, 2008 Outline Goals and Evaluation Master thesis course Checklist Requirements Thesis report Link to

623 views • 20 slides
Radiation genetics, epigenetics and effects on clock genes Yuri E Dubrova yed2@le.ac.uk

Radiation genetics, epigenetics and effects on clock genes Yuri E Dubrova yed2@le.ac.uk

Radiation genetics, epigenetics and effects on clock genes Yuri E Dubrova yed2@le.ac.uk Department of Genetics University of Leicester, UK Radiation genetics = target theory Independently developed in 1949 by NV Timofeev-Ressovsky & DE

603 views • 45 slides
the compassionate, the merciful S. Kasaei S. Kasaei Room: CE 307 Department of Computer

the compassionate, the merciful S. Kasaei S. Kasaei Room: CE 307 Department of Computer

the compassionate, the merciful S. Kasaei S. Kasaei Room: CE 307 Department of Computer Engineering Sharif University of Technology y gy E Mail: skasaei@sharif.edu Webpage: http://sharif.edu/~skasaei Lab. Website:

605 views • 33 slides
OpenMP Instructor PanteA Zardoshti Department of Computer Engineering Sharif University of

OpenMP Instructor PanteA Zardoshti Department of Computer Engineering Sharif University of

OpenMP Instructor PanteA Zardoshti Department of Computer Engineering Sharif University of Technology e-mail: azad@sharif.edu What Is OpenMP? OpenMP in an application programming interface that provides a parallel programming model for

1.23k views • 49 slides
Instruction Prefetcher Ali Ansari (Sharif) Fatemeh Golshan (Sharif) Pejman Lotfi-Kamran (IPM)

Instruction Prefetcher Ali Ansari (Sharif) Fatemeh Golshan (Sharif) Pejman Lotfi-Kamran (IPM)

MANA: Microarchitecting an Instruction Prefetcher Ali Ansari (Sharif) Fatemeh Golshan (Sharif) Pejman Lotfi-Kamran (IPM) Hamid Sarbazi-Azad (Sharif, IPM) Instruction Cache Misses Server applications o Multi-megabyte instruction footprint o

822 views • 18 slides
CFT, self-similarity, fractals II Shahin Rouhani Physics Department Sharif University of

CFT, self-similarity, fractals II Shahin Rouhani Physics Department Sharif University of

Two Dimensional Critical Curves: CFT, self-similarity, fractals II Shahin Rouhani Physics Department Sharif University of Technology Tehran, Iran. Tuesday, February 26, 2019 Scaling Graphs = () self-similar

645 views • 27 slides
Ali Kamandi kamandi@ce.sharif.edu Fall 2007 Sharif University of Technology

Ali Kamandi kamandi@ce.sharif.edu Fall 2007 Sharif University of Technology

Ali Kamandi kamandi@ce.sharif.edu Fall 2007 Sharif University of Technology e X tensible M arkup L anguage Metalanguage - used to create other languages Has become a universal data-exchange format

348 views • 18 slides
SoC Design Lecture 13: NoC (Network-on-Chip) Department of Computer Engineering Sharif

SoC Design Lecture 13: NoC (Network-on-Chip) Department of Computer Engineering Sharif

SoC Design Lecture 13: NoC (Network-on-Chip) Department of Computer Engineering Sharif University of Technology Outline SoC Interconnect NoC Introduction NoC layers Typical NoC Router NoC Issues Switching

1.13k views • 86 slides
Web Service Ali Kamandi kamandi@ce.sharif.edu Sharif University of Technology Internet

Web Service Ali Kamandi kamandi@ce.sharif.edu Sharif University of Technology Internet

Web Service Ali Kamandi kamandi@ce.sharif.edu Sharif University of Technology Internet Engineering (CE317) Spring 2007 Service Oriented Architecture (SOA) There is an increase trend for sharing resource/data both within companies and

1.19k views • 45 slides
ELENA Residential: Accelerating the energy refurbishment of residential buildings 25/01/2019 1

ELENA Residential: Accelerating the energy refurbishment of residential buildings 25/01/2019 1

ELENA Residential: Accelerating the energy refurbishment of residential buildings 25/01/2019 1 Outline EIB Energy Efficiency Lending What is ELENA? Who can benefit from ELENA? What type of investments does ELENA support?

743 views • 18 slides
In the name of Allah the compassionate, the merciful Digital Video Systems S. Kasaei S. Kasaei

In the name of Allah the compassionate, the merciful Digital Video Systems S. Kasaei S. Kasaei

In the name of Allah the compassionate, the merciful Digital Video Systems S. Kasaei S. Kasaei Room: CE 307 Department of Computer Engineering Sharif University of Technology E-Mail: skasaei@sharif.edu Webpage: http://sharif.edu/~skasaei

818 views • 69 slides
SIFA Statistical Ineffective Fault Attacks Rump Session at CHES 2018 Based on work of:

SIFA Statistical Ineffective Fault Attacks Rump Session at CHES 2018 Based on work of:

SIFA Statistical Ineffective Fault Attacks Rump Session at CHES 2018 Based on work of: Christoph Dobraunig, Maria Eichlseder, Hannes Gro, Thomas Korak, Stefan Mangard, Florian Mendel, Robert Primas Are Protected Implementations Hard to

413 views • 17 slides
Local Search Techniques Marijn J.H. Heule Warren A. Hunt Jr. The University of Texas at Austin

Local Search Techniques Marijn J.H. Heule Warren A. Hunt Jr. The University of Texas at Austin

Local Search Techniques Marijn J.H. Heule Warren A. Hunt Jr. The University of Texas at Austin Heule & Hunt (UT Austin) Local Search Techniques 1 / 8 Local Search: Generic structure Generic structure of local search Sat solvers 1: for i

759 views • 16 slides
Flip-Flop One-bit Memory Something to Remember What I Remember D Q Remember Now! What I

Flip-Flop One-bit Memory Something to Remember What I Remember D Q Remember Now! What I

Flip-Flop One-bit Memory Something to Remember What I Remember D Q Remember Now! What I Remember Q Chapter 5 Edge-Triggered 1 3 CSc 314 T W Bennet Mississippi College CSc 314 T W Bennet Mississippi College State

660 views • 14 slides
The state with the field H perpendicular to the easy magnetization the two sublattices is more

The state with the field H perpendicular to the easy magnetization the two sublattices is more

Spin flop and Spin flop two examples of metamagnetic transitions For and antiferromagnetic compound T N T Zeeman energy in an applied field H , E = - 0HM = - 0H 2 , The state with the field H

408 views • 5 slides
A modified form of Cheneys Algorithm to allow mutator to progress during a GC cycle Main idea

A modified form of Cheneys Algorithm to allow mutator to progress during a GC cycle Main idea

A modified form of Cheneys Algorithm to allow mutator to progress during a GC cycle Main idea of Bakers algorithm Dont let the mutator see a white object Cannot disrupt collect During collection each mutator read from

392 views • 16 slides
FLIP the (Flow) Table: Fast LIghtweight Policy-preserving SDN Updates Stefano Vissicchio

FLIP the (Flow) Table: Fast LIghtweight Policy-preserving SDN Updates Stefano Vissicchio

FLIP the (Flow) Table: Fast LIghtweight Policy-preserving SDN Updates Stefano Vissicchio (UCLouvain) stefano.vissicchio@uclouvain.be INFOCOM 13th April 2016 Joint work with Luca Cittadini (Roma Tre University) SDN controller Operators

812 views • 70 slides
Chapter 3 Learn how to design simple logic circuits. Understand how digital circuits work

Chapter 3 Learn how to design simple logic circuits. Understand how digital circuits work

Chapter 3 Objectives Understand the relationship between Boolean logic and digital computer circuits. Chapter 3 Learn how to design simple logic circuits. Understand how digital circuits work together to Boolean Algebra and form

448 views • 19 slides
State Prof. Hakim Weatherspoon CS 3410 Computer Science Cornell University [Weatherspoon,

State Prof. Hakim Weatherspoon CS 3410 Computer Science Cornell University [Weatherspoon,

State Prof. Hakim Weatherspoon CS 3410 Computer Science Cornell University [Weatherspoon, Bala, Bracy, and Sirer] Goals for Today State How do we store one bit? Attempts at storing (and changing) one bit - Set-Reset Latch - D Latch

736 views • 38 slides

More recommend