speed and size optimized implementations of the present
play

Speed and Size-Optimized Implementations of the PRESENT Cipher for - PowerPoint PPT Presentation

Oct 01, 2023 •363 likes •1.02k views

Introduction Speed optimization Size optimization Results Speed and Size-Optimized Implementations of the PRESENT Cipher for Tiny AVR Devices Kostas Papagiannopoulos Aram Verstegen July 11, 2013 Papagiannopoulos and Verstegen July 11, 2013

  1. Introduction Speed optimization Size optimization Results Speed and Size-Optimized Implementations of the PRESENT Cipher for Tiny AVR Devices Kostas Papagiannopoulos Aram Verstegen July 11, 2013 Papagiannopoulos and Verstegen July 11, 2013 Speed and Size-Optimized PRESENT for AVR 1 / 28

  2. Introduction Speed optimization Size optimization Results Who We Are • 2-year Master’s programme in computer security • Collaboration of 3 universities • Software, Hardware, Networks, Formal methods, Cryptography, Privacy, Law, Ethics, Auditing, Physics • http://kerckhoffs-institute.org/ Papagiannopoulos and Verstegen July 11, 2013 Speed and Size-Optimized PRESENT for AVR 2 / 28

  3. Introduction Speed optimization Size optimization Results Cryptography Engineering, Assignment 1 “Choose and implement a block cipher on the ATtiny45 in two versions, optimized for size and speed” • PRESENT • KATAN-64 • Klein • LED • PRINCE • mCrypton • Piccolo • XTEA • HIGHT Papagiannopoulos and Verstegen July 11, 2013 Speed and Size-Optimized PRESENT for AVR 3 / 28

  4. Introduction Speed optimization Size optimization Results PRESENT Cipher Papagiannopoulos and Verstegen July 11, 2013 Speed and Size-Optimized PRESENT for AVR 4 / 28

  5. Introduction Speed optimization Size optimization Results ATtiny Family Model Flash (Bytes) SRAM (Bytes) Clock speed (MHz) ATtiny13 1024 64 20 ATtiny25 2048 128 20 ATtiny45 4096 256 20 ATtiny85 8192 512 20 ATtiny1634 16384 1024 12 • Basic 90 (single word) AVR instructions • 32 8-bit general purpose registers • 16-bit address space • 16-bit words • Harvard architecture Papagiannopoulos and Verstegen July 11, 2013 Speed and Size-Optimized PRESENT for AVR 5 / 28

  6. Introduction Speed optimization Size optimization Results ATtiny45 Address Space 7 0 Addr. 16-bit Use R0 0x00 R1 0x01 R2 0x02 .. R13 0x0D R14 0x0E R15 0x0F R16 0x10 R17 0x11 .. R26 0x1A X low SRAM R27 0x1B X high R28 0x1C Y low SRAM + CPU registers R29 0x1D Y high R30 0x1E Z low SRAM + Flash R31 0x1F Z high 64 I/O registers 0x0020 - 0x005F Internal SRAM 0x0060 - 0x00DF Papagiannopoulos and Verstegen July 11, 2013 Speed and Size-Optimized PRESENT for AVR 6 / 28

  7. Introduction Speed optimization Size optimization Results Quick AVR Recap Load register from immediate ldi Rd , 42 Load register from SRAM pointer (X) ld Rd , X Load register from Flash pointer (Z) lpm Rd , Z XOR output with input eor Ro , Ri Swap nibbles in byte swap Rd Rotate left with carry rol Rd Rotate left without carry lsl Rd Store to SRAM from register (and increment) st X+ , Rd Procedure calls rcall , ret , rjmp Stack access push , pop Counting inc , dec Adding add , sub Binary logic and , or , eor Papagiannopoulos and Verstegen July 11, 2013 Speed and Size-Optimized PRESENT for AVR 7 / 28

  8. Introduction Speed optimization Size optimization Results State of the Art Speed vs Size 1600 + AVR Crypto-lib 1400 1200 1000 + Eisenbarth Size 800 600 400 200 0 0 2000 4000 6000 8000 10000 12000 14000 16000 Cycles/byte Papagiannopoulos and Verstegen July 11, 2013 Speed and Size-Optimized PRESENT for AVR 8 / 28

  9. Introduction Speed optimization Size optimization Results Strategy Speed-optimized Size-optimized Substitution/permutation Table lookups On-the-fly computation Code flow Inlined / unrolled Re-used / looped Locality All in registers Use more SRAM Papagiannopoulos and Verstegen July 11, 2013 Speed and Size-Optimized PRESENT for AVR 9 / 28

  10. Introduction Speed optimization Size optimization Results addRoundKey ; state ˆ= roundkey (first 8 bytes of key register) addRoundKey: eor STATE0, KEY0 eor STATE1, KEY1 eor STATE2, KEY2 eor STATE3, KEY3 eor STATE4, KEY4 eor STATE5, KEY5 eor STATE6, KEY6 eor STATE7, KEY7 ret Papagiannopoulos and Verstegen July 11, 2013 Speed and Size-Optimized PRESENT for AVR 10 / 28

  11. Introduction Speed optimization Size optimization Results 4-bit S-Box x 0 1 2 3 4 5 6 7 8 9 A B C D E F S[x] C 5 6 B 9 0 A D 3 E F 8 4 7 1 2 Papagiannopoulos and Verstegen July 11, 2013 Speed and Size-Optimized PRESENT for AVR 11 / 28

  12. Introduction Speed optimization Size optimization Results 4-bit S-Box x 0 1 2 3 4 5 6 7 8 9 A B C D E F S[x] C 5 6 B 9 0 A D 3 E F 8 4 7 1 2 • Accessing the table 4 bits at a time incurs a penalty low_nibble: mov ZL, INPUT ; load input andi ZL, 0xF ; take low nibble as table index lpm OUTPUT, Z ; load table output cbr INPUT, 0xF ; clear low nibble and INPUT, OUTPUT ; save low nibble to input ret byte: rcall low_nibble ; substitute low nibble high_nibble: swap INPUT ; swap nibbles rcall low_nibble ; substitute low nibble swap INPUT ; swap nibbles back ret Papagiannopoulos and Verstegen July 11, 2013 Speed and Size-Optimized PRESENT for AVR 11 / 28

  13. Introduction Speed optimization Size optimization Results 4-bit S-Box x 0 1 2 3 4 5 6 7 8 9 A B C D E F S[x] C 5 6 B 9 0 A D 3 E F 8 4 7 1 2 • Accessing the table 4 bits at a time incurs a penalty low_nibble: mov ZL, INPUT ; load input andi ZL, 0xF ; take low nibble as table index lpm OUTPUT, Z ; load table output cbr INPUT, 0xF ; clear low nibble and INPUT, OUTPUT ; save low nibble to input ret byte: rcall low_nibble ; substitute low nibble high_nibble: swap INPUT ; swap nibbles rcall low_nibble ; substitute low nibble swap INPUT ; swap nibbles back ret • We have an 8-bit architecture, so we want to access bytes! Papagiannopoulos and Verstegen July 11, 2013 Speed and Size-Optimized PRESENT for AVR 11 / 28

  14. Introduction Speed optimization Size optimization Results Squared S-Box x 00 01 02 03 0C 0D 0E 0F . . . S[x] CC C5 C6 CB . . . C4 C7 C1 C2 x 10 11 12 13 1C 1D 1E 1F . . . S[x] 5C 55 56 5B . . . 54 57 51 52 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x F0 F1 F2 F3 FC FD FE FF . . . S[x] 2C 25 26 2B . . . 24 27 21 22 Papagiannopoulos and Verstegen July 11, 2013 Speed and Size-Optimized PRESENT for AVR 12 / 28

  15. Introduction Speed optimization Size optimization Results Squared S-Box x 00 01 02 03 0C 0D 0E 0F . . . S[x] CC C5 C6 CB . . . C4 C7 C1 C2 x 10 11 12 13 1C 1D 1E 1F . . . S[x] 5C 55 56 5B . . . 54 57 51 52 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x F0 F1 F2 F3 FC FD FE FF . . . S[x] 2C 25 26 2B . . . 24 27 21 22 • New S-Box is 256 bytes, 16 · 16 combinations of two nibbles Papagiannopoulos and Verstegen July 11, 2013 Speed and Size-Optimized PRESENT for AVR 12 / 28

  16. Introduction Speed optimization Size optimization Results Squared S-Box x 00 01 02 03 0C 0D 0E 0F . . . S[x] CC C5 C6 CB . . . C4 C7 C1 C2 x 10 11 12 13 1C 1D 1E 1F . . . S[x] 5C 55 56 5B . . . 54 57 51 52 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x F0 F1 F2 F3 FC FD FE FF . . . S[x] 2C 25 26 2B . . . 24 27 21 22 • New S-Box is 256 bytes, 16 · 16 combinations of two nibbles • It substitutes 1 byte at a time Papagiannopoulos and Verstegen July 11, 2013 Speed and Size-Optimized PRESENT for AVR 12 / 28

  17. Introduction Speed optimization Size optimization Results Squared S-Box x 00 01 02 03 0C 0D 0E 0F . . . S[x] CC C5 C6 CB . . . C4 C7 C1 C2 x 10 11 12 13 1C 1D 1E 1F . . . S[x] 5C 55 56 5B . . . 54 57 51 52 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x F0 F1 F2 F3 FC FD FE FF . . . S[x] 2C 25 26 2B . . . 24 27 21 22 • New S-Box is 256 bytes, 16 · 16 combinations of two nibbles • It substitutes 1 byte at a time • No need to swap or discern high/low nibble mov ZL, INPUT ; load table input lpm OUTPUT, Z ; save table output ret Papagiannopoulos and Verstegen July 11, 2013 Speed and Size-Optimized PRESENT for AVR 12 / 28

  18. Introduction Speed optimization Size optimization Results S-Box and P-Layer Idea: Combine the SBox and PLayer in lookup tables [Bo Zhu & Zheng Gong] Papagiannopoulos and Verstegen July 11, 2013 Speed and Size-Optimized PRESENT for AVR 13 / 28

  19. Introduction Speed optimization Size optimization Results S-Box and P-Layer Idea: Combine the SBox and PLayer in lookup tables [Bo Zhu & Zheng Gong] • 1024 bytes of lookup tables, 32 lookups per round Papagiannopoulos and Verstegen July 11, 2013 Speed and Size-Optimized PRESENT for AVR 13 / 28

  20. Introduction Speed optimization Size optimization Results S-Box and P-Layer Idea: Combine the SBox and PLayer in lookup tables [Bo Zhu & Zheng Gong] • 1024 bytes of lookup tables, 32 lookups per round • Works well on AVR compared to on-the-fly computation Papagiannopoulos and Verstegen July 11, 2013 Speed and Size-Optimized PRESENT for AVR 13 / 28

  21. Introduction Speed optimization Size optimization Results S-Box and P-Layer Idea: Combine the SBox and PLayer in lookup tables [Bo Zhu & Zheng Gong] • 1024 bytes of lookup tables, 32 lookups per round • Works well on AVR compared to on-the-fly computation • Reached 1091 cycles/byte for encryption ( ∼ 18% faster compared to 1341 cycles/byte) Papagiannopoulos and Verstegen July 11, 2013 Speed and Size-Optimized PRESENT for AVR 13 / 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

IBM SOLIDDB In-Memory Database Optimized for Extreme Speed and Availability Authors: Jan

IBM SOLIDDB In-Memory Database Optimized for Extreme Speed and Availability Authors: Jan

IBM SOLIDDB In-Memory Database Optimized for Extreme Speed and Availability Authors: Jan Lindstrom, Vilho Raatikka, Jarmo Ruuth, Petri Soini, Katriina Vakkila Course Instructor: Stan Zdonik Presenter: Lixiang (Gavin) Zhang Outline:

342 views • 13 slides
ZIVD, LLC 1 Laboratory Optimized patient care Clinician Optimized patient care 2

ZIVD, LLC 1 Laboratory Optimized patient care Clinician Optimized patient care 2

Marcia L. Zucker, Ph.D. ZIVD, LLC 1 Laboratory Optimized patient care Clinician Optimized patient care 2 Laboratory Clinician Accuracy Speed High Quality Precision Minimal disruption of Test results routine Compliance

316 views • 20 slides
Optimizing Implementations of Linear Layers Zejun Xiang, Xiangyong Zeng, Da Lin, Zhenzhen Bao,

Optimizing Implementations of Linear Layers Zejun Xiang, Xiangyong Zeng, Da Lin, Zhenzhen Bao,

Optimizing Implementations of Linear Layers Zejun Xiang, Xiangyong Zeng, Da Lin, Zhenzhen Bao, Shasha Zhang Nov. 09, 2020 Lightweight Cryptography -Requirements -Primitives : SIMON SPECK Circuit size PRESENT, RECTANGLE

646 views • 22 slides
UMBC A B M A L F T U M B C I O M Y O T R 1 (November 26, 2000 6:07 pm) I E S

UMBC A B M A L F T U M B C I O M Y O T R 1 (November 26, 2000 6:07 pm) I E S

Principles of VLSI Design Technology CMPE 413/CMSC 711 IC Technology What advantages do ICs have over discrete components? Size: Sub-micron vs. millimeter/centimeter. Speed and Power : Smaller size of IC components yields higher speed

241 views • 9 slides
High-Assurance and High-Speed Cryptographic Implementations Using the Jasmin Language J.B.

High-Assurance and High-Speed Cryptographic Implementations Using the Jasmin Language J.B.

High-Assurance and High-Speed Cryptographic Implementations Using the Jasmin Language J.B. Almeida, M. Barbosa, G. Barthe, B. Grgoire, A. Koutsos , V. La- porte, T. Oliveira, P-Y. Strub Octobre 9th, 2019 1 Context 2 Context Cryptographic

985 views • 57 slides
Technology Changes Mid- 1980s 2015 Change CPU speed 15 MHz 2.5 GHz 167x Memory size 8 MB

Technology Changes Mid- 1980s 2015 Change CPU speed 15 MHz 2.5 GHz 167x Memory size 8 MB

Technology Changes Mid- 1980s 2015 Change CPU speed 15 MHz 2.5 GHz 167x Memory size 8 MB 16 GB 2000x Disk capacity 30 MB 2 TB 66667x Disk transfer rate 2 MB/s 200 MB/s 100x Network speed 10 Mb/s 10 Gb/s 1000x CS 140 Lecture

433 views • 3 slides
2018 MODEL NO. MAX SPEED L OADING QTY F:90/90-12 R:100/80-12 TYRE SIZE 130 N.M TORQUE 60K

2018 MODEL NO. MAX SPEED L OADING QTY F:90/90-12 R:100/80-12 TYRE SIZE 130 N.M TORQUE 60K

E-Motorcycle 2018 MODEL NO. MAX SPEED L OADING QTY F:90/90-12 R:100/80-12 TYRE SIZE 130 N.M TORQUE 60K M-65K M RANGE DISTANCE 45K M/H EEC (EURO 4) Z3 CERTIFICATE F:DISC BRAK E ;R: DISC BRAK E BRAK E 1800W MOTOR L ITHIUM BATTERY

153 views • 14 slides
Multiprocessor OS 2003 1 Multiple processor systems Why? Clock speed limit: 10GHz

Multiprocessor OS 2003 1 Multiple processor systems Why? Clock speed limit: 10GHz

Multiprocessor OS 2003 1 Multiple processor systems Why? Clock speed limit: 10GHz 2cm chip size 100GHz 2mm chip size 1THz <100 m chip size In practice, we could put many processors together OS 2003 2

253 views • 9 slides
Threshold Implementations Svetla Nikova Threshold Implementations A provably secure

Threshold Implementations Svetla Nikova Threshold Implementations A provably secure

Threshold Implementations Svetla Nikova Threshold Implementations A provably secure countermeasure Against (first) order power analysis based on multi party computation and secret sharing 2 Outline Threshold Implementations

990 views • 58 slides
HUGO BERGS MEMORIAL TUESDAY JULY 28 - JGERSRO RACETRACK 1. COKSTILE TAE KWON DEO Strength:

HUGO BERGS MEMORIAL TUESDAY JULY 28 - JGERSRO RACETRACK 1. COKSTILE TAE KWON DEO Strength:

HUGO BERGS MEMORIAL TUESDAY JULY 28 - JGERSRO RACETRACK 1. COKSTILE TAE KWON DEO Strength: 9 Strength: 9 Speed: Speed: 8 8 Speed ofg post: Speed ofg post: 7 8 Present form: Present form: 8 9 80 40 Morning line: Morning

192 views • 4 slides
MINUTES OF ORAL EVIDENCE taken before the HIGH SPEED RAIL BILL COMMITTEE on the HIGH SPEED RAIL

MINUTES OF ORAL EVIDENCE taken before the HIGH SPEED RAIL BILL COMMITTEE on the HIGH SPEED RAIL

MINUTES OF ORAL EVIDENCE taken before the HIGH SPEED RAIL BILL COMMITTEE on the HIGH SPEED RAIL (WEST MIDLANDS CREWE) BILL Monday 19 March 2018 (Afternoon) In Committee Room 5 PRESENT: James Duddridge (Chair) Sandy Martin Mrs Sheryll

954 views • 57 slides
TRANE PRODUCT LIN INE Trane XV95 AFUE of 96.7 - 97 depending on size Energy Star

TRANE PRODUCT LIN INE Trane XV95 AFUE of 96.7 - 97 depending on size Energy Star

TRANE PRODUCT LIN INE Trane XV95 AFUE of 96.7 - 97 depending on size Energy Star Qualified* Two-Stage Gas Valve Direct Drive, Variable Speed ECM Blower Motor Variable Speed Inducer Motor to maintain efficiency across

516 views • 19 slides
Cedar Rapids RLR & Speed Des Moines RLR & Speed

Cedar Rapids RLR & Speed Des Moines RLR & Speed

Davenport.RLR & Speed Cedar Rapids RLR & Speed Des Moines RLR & Speed Sioux City.. RLR & Speed Muscatine...RLR & Speed Council

248 views • 11 slides
Speed kills 2 but people like speed! 3 Speed Higher speeds are associated with higher

Speed kills 2 but people like speed! 3 Speed Higher speeds are associated with higher

Effects of automated highway speed enforcement: average versus instantaneous speed control 27 th annual ICTCT workshop 16-17 Oct 2014, Karlsruhe - Germany dr. Stijn Daniels, PhD Transportation Research Institute Hasselt University, Belgium

413 views • 9 slides
Moving Shadow Tracking in VR Interaction A novel optimized approach A novel optimized approach

Moving Shadow Tracking in VR Interaction A novel optimized approach A novel optimized approach

Moving Shadow Tracking in VR Interaction A novel optimized approach A novel optimized approach Haipeng Cai Outline Moving Shadow Tracking - the generals The two-step discriminant Improve the classical GMM (Gaussian Mixture Model)

509 views • 16 slides
ECE 2574: Data Structures and Algorithms - Array-based implementations C. L. Wyatt Today we will

ECE 2574: Data Structures and Algorithms - Array-based implementations C. L. Wyatt Today we will

ECE 2574: Data Structures and Algorithms - Array-based implementations C. L. Wyatt Today we will see how to formalize the notion of a public interface using classes, continue our fixed-size array implementation of the Bag ADT, and introduce the

448 views • 17 slides
Mind the Gap Architecture versus Code Berlin Expert Days September 2016 Oliver B. Fischer -

Mind the Gap Architecture versus Code Berlin Expert Days September 2016 Oliver B. Fischer -

by Mind the Gap Architecture versus Code Berlin Expert Days September 2016 Oliver B. Fischer - E-Post Development GmbH 2 Was ist Software Architektur? Eine strukturierte oder hierarchische Anordnung der Systemkomponenten sowie die

1k views • 57 slides
Intro to Neo4j for Developers Jennifer Reif Developer Relations Engineer, Neo4j

Intro to Neo4j for Developers Jennifer Reif Developer Relations Engineer, Neo4j

Intro to Neo4j for Developers Jennifer Reif Developer Relations Engineer, Neo4j jennifer.reif@neo4j.com @JMHReif Who Am I? Developer Relations Engineer for Neo4j Continuous learner Conference speaker Tech blogger Hobbies:

654 views • 37 slides
Computer Architecture Summer 2020 From C to Binary Tyler Bletsch Duke University Slides are

Computer Architecture Summer 2020 From C to Binary Tyler Bletsch Duke University Slides are

ECE/CS 250 Computer Architecture Summer 2020 From C to Binary Tyler Bletsch Duke University Slides are derived from work by Daniel J. Sorin (Duke), Andrew Hilton (Duke), Alvy Lebeck (Duke), Benjamin Lee (Duke), Amir Roth (Penn) Also

1.01k views • 88 slides
Introducing Programming with an Example Computing the Area of a Circle 1. Read in the radius of a

Introducing Programming with an Example Computing the Area of a Circle 1. Read in the radius of a

Chapter 2 Elementary Programming CS170 Introduction to Computer Science 1 Objectives To write Java programs to perform simple calculations ( 2.2). To use identifiers to name variables, constants, methods, and classes ( 2.3). To

535 views • 28 slides
z t t + 1 t 1 ( n ) d t ( n ) l ( n ) t a ( n ) w t t Commenting phase

z t t + 1 t 1 ( n ) d t ( n ) l ( n ) t a ( n ) w t t Commenting phase

G ENERATING C OMMENTS S YNCHRONIZED WITH M USICAL A UDIO S IGNALS BY A J OINT P ROBABILISTIC M ODEL OF A COUSTIC AND T EXTUAL F EATURES Kazuyoshi Yoshii Masataka Goto National Institute of Advanced Inductrial Science and Technology (AIST) M

562 views • 23 slides
Conditional Programming The if-statement: if condition statements end Example 1: choice =

Conditional Programming The if-statement: if condition statements end Example 1: choice =

TDDD34 - Lecture 2 1/7 Conditional Programming The if-statement: if condition statements end Example 1: choice = input('Enter a number: '); some_text = 'wrong'; if choice == 42 some_text = 'right'; end disp(['You guessed the ',

661 views • 7 slides
The OCaml MOOC Benjamin Canou, Yann Rgis-Gianas (joint work with agdas Bozman, Roberto

The OCaml MOOC Benjamin Canou, Yann Rgis-Gianas (joint work with agdas Bozman, Roberto

The OCaml MOOC Benjamin Canou, Yann Rgis-Gianas (joint work with agdas Bozman, Roberto Di Cosmo, Grgoire Henry and Ralf Treinen) Canterbury, June 22, 2017 Trends in Functional Programming in Education 2017 1 The OCaml MOOC

619 views • 26 slides
Process Automation: Improve your productivity Jorge Dias http://mrdias.com Twitter: @dias_jorge

Process Automation: Improve your productivity Jorge Dias http://mrdias.com Twitter: @dias_jorge

Process Automation: Improve your productivity Jorge Dias http://mrdias.com Twitter: @dias_jorge What is Process Automation? Automation: A wikipedia definition Automation is the use of control systems and information technologies to reduce the

833 views • 11 slides

More recommend