software benchmarking of the 2 nd round caesar candidates
play

Software Benchmarking of the 2 nd round CAESAR Candidates Ralph - PowerPoint PPT Presentation

Sep 21, 2023 •495 likes •972 views

Software Benchmarking of the 2 nd round CAESAR Candidates Ralph Ankele 1 , Robin Ankele 2 1 Royal Holloway, University of London, UK 2 University of Oxford, UK September 27, 2016 Directions in Authenticated Ciphers - Nagoya, Japan Software

  1. Software Benchmarking of the 2 nd round CAESAR Candidates Ralph Ankele 1 , Robin Ankele 2 1 Royal Holloway, University of London, UK 2 University of Oxford, UK September 27, 2016 Directions in Authenticated Ciphers - Nagoya, Japan Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 1 /39

  2. Motivation 1 Use Case 1: Lightweight applications (resource constrained environments) Use Case 2: High-performance applications I critical: e ffi ciency on 64-bit CPUs (servers) and/or dedicated hardware I desirable: e ffi ciency on 32-bit CPUs (small smartphones) I desirable: constant time when the message length is constant I message sizes: usually long (more than 1024 bytes), sometimes shorter Use Case 3: Defense in depth 1 CAESAR usecases on CAESAR mailing list (16. July 2016) by Dan J. Bernstein: https://groups.google.com/forum/#!topic/crypto-competitions/DLv193SPSDc Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 2 /39

  3. Overview 1. Classification of the 2 nd round CAESAR Candidates 2. Software Optimizations 3. Benchmarking Framework 4. Results 5. Conclusions Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 3 /39

  4. Classification of the 2 nd round CAESAR Candidates 1. Classification of the 2 nd round CAESAR Candidates 2. Software Optimizations 3. Benchmarking Framework 4. Results 5. Conclusions Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 4 /39

  5. CAESAR competition CAESAR Round 2 candidates ACORN AEGIS AES-COPA AES-JAMBU AES-OTR AEZ Ascon CLOC Deoxys ELmD HS1-SIV ICEPOLE Joltik Ketje Keyak MORUS Minalpher NORX OCB OMD PAEQ POET PRIMATEs SCREAM SHELL SILC STRIBOB Tiaoxin TriviA-ck π -Cipher Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 5 /39

  6. Type Block Cipher 15 1 Compression Function 2 8 4 Permutations Sponge Construction Stream Cipher Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 6 /39

  7. Underlying Primitive AES Others 10 9 1 1 Dedicated Permutation 1 3 1 1 Dedicated Stream Cipher 3 2 3 Dedicated Block Cipher AES Round SHA2 ARX SPN LRX Keccak Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 7 /39

  8. Parallel Encryption/Decryption Fully/Fully 14 1 Fully/No 5 10 Partly/Partly No/No Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 8 /39

  9. Online Encryption/Decryption Fully/Fully 27 3 No/No Encryption of a message block M i only depends on message blocks M 1 . . . M i � 1 . Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 9 /39

  10. Inverse Free Yes 19 10 No Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 10 /39

  11. Security Proof Yes 24 6 No Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 11 /39

  12. Nonce-Missuse Resistance None 16 1 2 Intermediate 7 Max (O ffl ine Ciphers) Longest Common Prefix (Online Ciphers) Longest common prefix: an adversary can observe the longest common prefix of messages for repeated nonces Max: the repetition of nonces only leak the ability to see a repeated message Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 12 /39

  13. Software Optimizations 1. Classification of the 2 nd round CAESAR Candidates 2. Software Optimizations 3. Benchmarking Framework 4. Results 5. Conclusions Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 13 /39

  14. Software Optimizations AES New Instructions Streaming SIMD Extensions 12 9 4 7 4 NEON 6 No Software Optimization Dedicated Processor Optimizations Advanced Vector Instructions Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 14 /39

  15. AES-New Instructions Instructions � 2010 Westmere microarchitecture I Introduced with Intel R I Consists of 6 new instructions that are implemented in hardware I Four instructions for encryption/decryption ( i.e. AESENC , AESENCLAST , AESDEC , AESDECLAST ) I Two instructions for the keyschedule ( i.e. AESKEYGENASSIST , AESIMC ) Performance I 10 times faster for parallel modes ( i.e. CTR) I 2-3 times faster for non-parallel modes ( i.e. CBC) Security I Improved security against side channel attacks [Gue12] Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 15 /39

  16. AES-New Instructions Instructions � 2010 Westmere microarchitecture I Introduced with Intel R I Consists of 6 new instructions that are implemented in hardware I Four instructions for encryption/decryption ( i.e. AESENC , AESENCLAST , AESDEC , AESDECLAST ) I Two instructions for the keyschedule ( i.e. AESKEYGENASSIST , AESIMC ) Performance I 10 times faster for parallel modes ( i.e. CTR) I 2-3 times faster for non-parallel modes ( i.e. CBC) Security I Improved security against side channel attacks [Gue12] Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 15 /39

  17. AES-New Instructions Instructions � 2010 Westmere microarchitecture I Introduced with Intel R I Consists of 6 new instructions that are implemented in hardware I Four instructions for encryption/decryption ( i.e. AESENC , AESENCLAST , AESDEC , AESDECLAST ) I Two instructions for the keyschedule ( i.e. AESKEYGENASSIST , AESIMC ) Performance I 10 times faster for parallel modes ( i.e. CTR) I 2-3 times faster for non-parallel modes ( i.e. CBC) Security I Improved security against side channel attacks [Gue12] Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 15 /39

  18. Streaming SIMD Extensions Instructions I Vector-mode operations that enables parallel execution of one instruction on multible data I 16 · 128-bit registers (xmm0-15) � processor generations to include SSE2, I Expanded over Intel R SSE3/SSE3S and SSE4 Image: https://software.intel.com/sites/default/files/37208.gif Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 16 /39

  19. Advanced Vector Extensions Instructions � SandyBridge microarchitecture I Introduced with Intel R I Extends SSE 128-bit registers with 16 new 256-bit registers (ymm0-15) I Support of three-operand non-destructive operations (two-operand instructions e.g. A = A + B are replaced by three-operand instructions e.g. A = B + C) I AVX2 instructions expand integer vector types and vector shift operations Performance I AVX is 1.8 times faster than fastest SSE4.2 instructions [Len14] I AVX2 is 2.8 times faster than fastest SSE4.2 instructions [Len14] Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 17 /39

  20. Advanced Vector Extensions Instructions � SandyBridge microarchitecture I Introduced with Intel R I Extends SSE 128-bit registers with 16 new 256-bit registers (ymm0-15) I Support of three-operand non-destructive operations (two-operand instructions e.g. A = A + B are replaced by three-operand instructions e.g. A = B + C) I AVX2 instructions expand integer vector types and vector shift operations Performance I AVX is 1.8 times faster than fastest SSE4.2 instructions [Len14] I AVX2 is 2.8 times faster than fastest SSE4.2 instructions [Len14] Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 17 /39

  21. NEON Instructions I Advanced SIMD instructions for ARM processors avaliable since CORTEX-A microarchitecture I 32 · 64-bit registers (dual view 16 · 128-bit registers) Performance I 2-8 times performance boost [neo] Image: http://www.arm.com/assets/images/NEON_ISA.jpg Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 18 /39

  22. NEON Instructions I Advanced SIMD instructions for ARM processors avaliable since CORTEX-A microarchitecture I 32 · 64-bit registers (dual view 16 · 128-bit registers) Performance I 2-8 times performance boost [neo] Image: http://www.arm.com/assets/images/NEON_ISA.jpg Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 18 /39

  23. Benchmarking Framework 1. Classification of the 2 nd round CAESAR Candidates 2. Software Optimizations 3. Benchmarking Framework 4. Results 5. Conclusions Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 19 /39

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Toward Fair and Comprehensive Benchmarking of CAESAR Candidates in Hardware: Standard API,

Toward Fair and Comprehensive Benchmarking of CAESAR Candidates in Hardware: Standard API,

Toward Fair and Comprehensive Benchmarking of CAESAR Candidates in Hardware: Standard API, High-Speed ImplementaCons in VHDL/Verilog, and Benchmarking Using FPGAs Ekawat Homsirikamol, William Diehl, Ahmed Ferozpuri, Farnoud Farahmand, Michael

908 views • 53 slides
An Alterna)ve Approach to Hardware Benchmarking of CAESAR Candidates Based on the Use of

An Alterna)ve Approach to Hardware Benchmarking of CAESAR Candidates Based on the Use of

An Alterna)ve Approach to Hardware Benchmarking of CAESAR Candidates Based on the Use of High-Level Synthesis Tools Ekawat Homsirikamol and Kris Gaj George Mason University USA Based on work partially supported by the National Science

775 views • 50 slides
Software benchmarking of SHA-3 candidates http://bench.cr.yp.to D. J. Bernstein University of

Software benchmarking of SHA-3 candidates http://bench.cr.yp.to D. J. Bernstein University of

Software benchmarking of SHA-3 candidates http://bench.cr.yp.to D. J. Bernstein University of Illinois at Chicago Tanja Lange Technische Universiteit Eindhoven Selecting cryptographic primitives NISTs final AES report, 2001: Security

950 views • 61 slides
Announcement of the CAESAR finalists Daniel J. Bernstein Announcement of the CAESAR finalists

Announcement of the CAESAR finalists Daniel J. Bernstein Announcement of the CAESAR finalists

Announcement of the CAESAR finalists Daniel J. Bernstein Announcement of the CAESAR finalists Daniel J. Bernstein CAESAR timeline planned in 2012 2013.01: Announce tentative schedule. 2014.01: Deadline for first-round submissions.

527 views • 10 slides
Classification of the CAESAR Candidates Farzaneh Abed Christian Forler Stefan Luck

Classification of the CAESAR Candidates Farzaneh Abed Christian Forler Stefan Luck

Introduction Design Approaches Functional Features Masking Methods Security Conclusion Classification of the CAESAR Candidates Farzaneh Abed Christian Forler Stefan Luck Bauhaus-Universit at Weimar ESC 2015, Luxembourg Jan, 2015

784 views • 62 slides
MSA Benchmarking Daniel Yuan and Stanley Liu Intro Benchmarking 6 MSA software 3

MSA Benchmarking Daniel Yuan and Stanley Liu Intro Benchmarking 6 MSA software 3

MSA Benchmarking Daniel Yuan and Stanley Liu Intro Benchmarking 6 MSA software 3 progressive methods Progressive T-Coffee 11.00.8cbe486 Heuristics Sequences -> Guide Tree MAFFT 7 -> MSA PSAlign

240 views • 5 slides
* Dr. Axel Voigt (voigt@caesar.de) research center caesar crystal growth group

* Dr. Axel Voigt (voigt@caesar.de) research center caesar crystal growth group

AMDiS Adaptive Multidimensional simulations: Parallel Concepts Parallel Concepts Christina Stcker (stoecker@caesar.de), Dr. Angel Ribalta (ribalta@caesar.de), Simon Vey (vey@caesar.de), * Dr. Axel Voigt (voigt@caesar.de) research

806 views • 23 slides
Sharing Resources Between AES and the SHA-3 Second Round Candidates Fugue and Grstl Kimmo

Sharing Resources Between AES and the SHA-3 Second Round Candidates Fugue and Grstl Kimmo

Sharing Resources Between AES and the SHA-3 Second Round Candidates Fugue and Grstl Kimmo Jrvinen Department of Information and Computer Science Aalto University, School of Science and Technology Espoo, Finland AES-inspired SHA-3

311 views • 12 slides
Fixslicing - Application to some NIST LWC round 2 candidates Alexandre Adomnicai Thomas Peyrin

Fixslicing - Application to some NIST LWC round 2 candidates Alexandre Adomnicai Thomas Peyrin

Fixslicing - Application to some NIST LWC round 2 candidates Alexandre Adomnicai Thomas Peyrin Nanyang Technological University, Singapore Temasek Laboratories, Singapore Lightweight Cryptography Workshop 2020 What this talk is about B Constant-time

510 views • 24 slides
Benchmarking: The Way Forward for Software Evolution Susan Elliott Sim University of

Benchmarking: The Way Forward for Software Evolution Susan Elliott Sim University of

Benchmarking: The Way Forward for Software Evolution Susan Elliott Sim University of California, Irvine ses@ics.uci.edu Background Developed a theory of benchmarking based on own experience and historical research Successful

730 views • 35 slides
FOSTERING RESEARCH THROUGH BENCHMARKING IN COMPUTER SCIENCE / SOFTWARE ENGINEERING FOUNDJEM

FOSTERING RESEARCH THROUGH BENCHMARKING IN COMPUTER SCIENCE / SOFTWARE ENGINEERING FOUNDJEM

FOSTERING RESEARCH THROUGH BENCHMARKING IN COMPUTER SCIENCE / SOFTWARE ENGINEERING FOUNDJEM ARMSTRONG SWART POLYTECHNIQUE MONTREAL PLAN Introduction Motivation & Background The BonFIRE Experiment Benchmarking in

370 views • 16 slides
BUILDING STRONG The Friends of Caesar Creek is hosted at the Visitor Center and conducts its

BUILDING STRONG The Friends of Caesar Creek is hosted at the Visitor Center and conducts its

Friends of Caesar Creek is a not-for-profit volunteer organization dedicated to educating the public about the natural resources of the Caesar Creek Lake Region. They support the educational, scientific, and historical activities of the region

497 views • 18 slides
Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or horizontal half-planes Round 1 Round 1 Round 1 Round 1 Round 1 h 1 D 2 " 1 =0.30 ! =0.42 1 Round 2 Round 2 Round 2 Round 2 Round

188 views • 5 slides
Layering CS 438: Spring 2014 Instructor: Matthew Caesar http://www.cs.illinois.edu/~caesar/cs438

Layering CS 438: Spring 2014 Instructor: Matthew Caesar http://www.cs.illinois.edu/~caesar/cs438

Layering CS 438: Spring 2014 Instructor: Matthew Caesar http://www.cs.illinois.edu/~caesar/cs438 Outline Last time: low-level plumbing Today: top-down architecting of the Internet Goals Layering Protocols The end-to-end

946 views • 58 slides
Software benchmarking http://bench.cr.yp.to D. J. Bernstein University of Illinois at Chicago

Software benchmarking http://bench.cr.yp.to D. J. Bernstein University of Illinois at Chicago

Software benchmarking http://bench.cr.yp.to D. J. Bernstein University of Illinois at Chicago Joint work with: Tanja Lange Technische Universiteit Eindhoven Selecting cryptographic primitives NISTs final AES report, 2001: Security was

686 views • 50 slides
Benchmarking case for validation of draping software K. Vanclooster, S.V. Lomov and I.Verpoest

Benchmarking case for validation of draping software K. Vanclooster, S.V. Lomov and I.Verpoest

Benchmarking case for validation of draping software K. Vanclooster, S.V. Lomov and I.Verpoest K.U. Leuven - Department of Metallurgy and Materials Engineering Downloaded from http://www.mtm.kuleuven.ac.be/Research/C2/poly/index.htm

92 views • 6 slides
Neosemantics - A Linked Data Toolkit for Neo4j Jess Barrasa - Neo4j Jess Barrasa

Neosemantics - A Linked Data Toolkit for Neo4j Jess Barrasa - Neo4j Jess Barrasa

Neosemantics - A Linked Data Toolkit for Neo4j Jess Barrasa - Neo4j Jess Barrasa @BarrasaDV https://neo4j.com/labs/nsmtx-rdf https://neo4j.com/labs/nsmtx-rdf What is NSMNTX? NSMNTX is a plugin that enables the use of RDF in Neo4j

549 views • 27 slides
A heterospective on homophonophobia Daniel HarbourQueen Mary, University of London WOTM4 ,

A heterospective on homophonophobia Daniel HarbourQueen Mary, University of London WOTM4 ,

A heterospective on homophonophobia Daniel HarbourQueen Mary, University of London WOTM4 , Grossbothen June 2008 t {2, 3 FS } and 2 MS = 3 FS . (1) Afro-Asiatic prefixal conjugation S P 1 -aziz n-aziz 2 M t -aziz t -aziz-u 2 F t

777 views • 11 slides
Abstractions for Routing Abstractions for Network Routing Brighten Godfrey Brighten Godfrey

Abstractions for Routing Abstractions for Network Routing Brighten Godfrey Brighten Godfrey

Abstractions for Routing Abstractions for Network Routing Brighten Godfrey Brighten Godfrey DIMACS 23 May 2012 DIMACS 23 May 2012 Abstractions for Network Routing Impressions of Network Routing Neo-Dadaisms for Network Routing

635 views • 46 slides
Complex Schema Mapping and Linking Data: Beyond Binary Predicates Jacobo Rouces Gerard de Melo

Complex Schema Mapping and Linking Data: Beyond Binary Predicates Jacobo Rouces Gerard de Melo

Complex Schema Mapping and Linking Data: Beyond Binary Predicates Jacobo Rouces Gerard de Melo Katja Hose Aalborg University Tsinghua University Aalborg University jacobo@rouces.org gdm@demelo.org khose@cs.aau.dk Overview Data

944 views • 30 slides
Maximum Entropy Classifier Ensembling using Ge- netic Algorithm for NER in Bengali Asif Ekbal 1

Maximum Entropy Classifier Ensembling using Ge- netic Algorithm for NER in Bengali Asif Ekbal 1

Outline Background and Motivation Classifier Ensembling Genetic Algorithms Proposed Method of Classifier Ensemble Feature Set Used Experimental Results Conclusions Future Works Maximum Entropy Classifier Ensembling using Ge- netic

749 views • 36 slides
Text Mining in Hebrew Impact of Morphology Analysis on Topic Analysis and on Search Quality

Text Mining in Hebrew Impact of Morphology Analysis on Topic Analysis and on Search Quality

Text Mining in Hebrew Impact of Morphology Analysis on Topic Analysis and on Search Quality Michael Elhadad, Meni Adler, Yoav Goldberg, Dudi Gabay and Yael Netzer Text in Hebrew Extract information from text in Hebrew Major immediate

1k views • 88 slides
Graphdatenbanksysteme Ein berblick Benjamin Gehrels benjamin@gehrels.info GitHub: @BGehrels

Graphdatenbanksysteme Ein berblick Benjamin Gehrels benjamin@gehrels.info GitHub: @BGehrels

Graphdatenbanksysteme Ein berblick Benjamin Gehrels benjamin@gehrels.info GitHub: @BGehrels Was ist das? WITH RECURSIVE manager ( level, managerId) AS ( SELECT 1 AS depth, employees.managerId AS managerId FROM employees WHERE

442 views • 41 slides
On the Syntax-Semantics Interface of Directed Transport and Caused Motion Expressions Rainer

On the Syntax-Semantics Interface of Directed Transport and Caused Motion Expressions Rainer

On the Syntax-Semantics Interface of Directed Transport and Caused Motion Expressions Rainer Osswald / Robert D. Van Valin, Jr. / Jens Fleischhauer / Anja Latrouite / Koen Van Hooste Heinrich-Heine-Universitt Dsseldorf SFB 991 Concept

565 views • 32 slides

More recommend