spin me right round rotational symmetry for fpga specific
play

Spin Me Right Round: Rotational Symmetry for FPGA-Specific AES CHES - PowerPoint PPT Presentation

Dec 07, 2022 •163 likes •572 views

Spin Me Right Round: Rotational Symmetry for FPGA-Specific AES CHES 2018, Amsterdam Grant. Nr. 16KIS0666 SYSKIT_HW Lauren De Meyer 1 , Amir Moradi 2 , Felix Wegener 2 1 imec - COSIC, KU Leuven, Belgium 2 Horst Grtz Institute for IT-Security,

  1. Spin Me Right Round: Rotational Symmetry for FPGA-Specific AES CHES 2018, Amsterdam Grant. Nr. 16KIS0666 SYSKIT_HW Lauren De Meyer 1 , Amir Moradi 2 , Felix Wegener 2 1 imec - COSIC, KU Leuven, Belgium 2 Horst Görtz Institute for IT-Security, Ruhr-Universität Bochum, Germany

  2. Embedded Security Group Area Optimization: ASICs vs FPGAs ASIC CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 2

  3. Embedded Security Group Area Optimization: ASICs vs FPGAs FPGA (Xilinx 6/7 series) ASIC Spartan-6 FPGA Configurable Logic Block User Guide CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 3

  4. Embedded Security Group FPGA Building Blocks (Xilinx) ▪ Slice contents: Slice – 4 LUT6 elements LUT 6 – Auxiliar MUX LUT – (8 registers) 6 LUT 6 LUT 6 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 4

  5. Embedded Security Group FPGA Building Blocks (Xilinx) ▪ Slice contents: Slice – 4 LUT6 elements LUT 6 – Auxiliar MUX LUT – (8 registers) 6 LUT 6 One slice can implement LUT 8 → 𝔾 2 function any 𝔾 2 6 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 5

  6. Embedded Security Group AES S-box Structure 𝑦 −1 = 𝑦 254 Power Map 𝐻𝐺(2 8 ) 𝐵𝑦 + 𝑐 Affine Map CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 6

  7. Embedded Security Group AES S-box in FPGAs ▪ Naive Approach: one slice per coordinate: 8 slices slice slice slice slice slice slice slice slice CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 7

  8. Embedded Security Group AES S-box in FPGAs ▪ Naive Approach: one slice per coordinate: 8 slices slice slice slice slice slice slice slice slice ▪ Algebraic degree 7 → no obvious improvements CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 8

  9. Embedded Security Group AES S-box in FPGAs ▪ Naive Approach: one slice per coordinate: 8 slices slice slice slice slice slice slice slice slice ▪ Algebraic degree 7 → no obvious improvements ▪ Tower field doesn‘t suit LUTs Canright. A Very Compact S-box for AES . CHES 2005 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 9

  10. Embedded Security Group AES S-box in FPGAs ▪ Naive Approach: one slice per coordinate: 8 slices slice slice slice slice slice slice slice slice Our Contribution: Reduction to 4 slices ▪ Algebraic degree 7 → no obvious improvements ▪ Tower field doesn‘t suit LUTs Canright: A Very Compact S-box for AES . CHES 2005 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 10

  11. Embedded Security Group Rotational Symmetry of Power Maps Inversion in 𝐻𝐺 2 8 : 𝑦 ↦ 𝑦 254 𝑦 ↦ 𝜚 𝑦 Conversion to normal base: Rotation: 𝑠𝑝𝑢 𝑏 0 , … , 𝑏 𝑜−1 = (𝑏 𝑜−1 , 𝑏 0 , … , 𝑏 𝑜−2 ) CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 11

  12. Embedded Security Group Rotational Symmetry of Power Maps Inversion in 𝐻𝐺 2 8 : 𝑦 ↦ 𝑦 254 𝑦 ↦ 𝜚 𝑦 Conversion to normal base: Rotation: 𝑠𝑝𝑢 𝑏 0 , … , 𝑏 𝑜−1 = (𝑏 𝑜−1 , 𝑏 0 , … , 𝑏 𝑜−2 ) Theorem 1 : Power Map: 𝐺(𝑦) = 𝑦 𝑛 in 𝐻𝐺(2 8 ) Normal base: 𝑇(𝑦) = 𝜚(𝐺(𝜚 −1 (𝑦))) ⇒ 𝑠𝑝𝑢(𝑇 𝑦 ) = 𝑇(𝑠𝑝𝑢(𝑦)) 1 Rijmen, Barreto, Gazzoni Filho. Rotation Symmetry in Algebraically Generated Cryptographic Substitution Tables . Information Processing Letters 2008 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 12

  13. Embedded Security Group Rotational Symmetry: Area Reduction Idea: Create circuit for only one coordinate function (LSB) 7 6 5 4 3 2 1 0 LSB of S-box: S* CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 13

  14. Embedded Security Group Rotational Symmetry: Area Reduction Idea: Create circuit for only one coordinate function (LSB) 6 5 4 3 2 1 0 7 LSB of S-box: S* CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 14

  15. Embedded Security Group Rotational Symmetry: Area Reduction Idea: Create circuit for only one coordinate function (LSB) 5 4 3 2 1 0 7 6 LSB of S-box: S* CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 15

  16. Embedded Security Group Rotational Symmetry: Area Reduction Idea: Create circuit for only one coordinate function (LSB) 0 7 6 5 4 3 2 1 LSB of S-box: S* CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 16

  17. Embedded Security Group AES S-box: Byte-serial Circuit ▪ Transformation to (p2n) and from (n2p) normal basis p2n 𝑦 ▪ Occupies 4 slices: 8 8 16LUTs / 15Regs ▪ Latency: 8 cycles 1 8 R2 𝑇 ∗ 1 7 8 n2p 𝑧 8 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 17

  18. Embedded Security Group First Design: Improve smallest FPGA-specific AES CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 18

  19. Embedded Security Group Former record by Sasdrich et al. 1 ▪ 21 slices on Xilinx Spartan-6 ▪ 15 slices shown + 6 for control unit K P Key Mix RAM Col. 256 Naive S-Box MUX MUX & C 2:1 4:1 (8 slices) State Add RAM RndK 256 1 Sasdrich, Güneysu. A grain in the silicon: SCA-protected AES in less than 30 slices . ASAP 2016 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 19

  20. Embedded Security Group Former record by Sasdrich et al. 1 ▪ 21 slices on Xilinx Spartan-6 ▪ 15 slices shown + 6 for control unit K P Key Mix RAM Col. 256 Naive S-Box MUX MUX & C 2:1 4:1 (8 slices) State Add RAM RndK 256 2 slices 2 slices 1 slice 2 slices 1 Sasdrich, Güneysu. A grain in the silicon: SCA-protected AES in less than 30 slices . ASAP 2016 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 20

  21. Embedded Security Group Former record by Sasdrich et al. 1 ▪ 21 slices on Xilinx Spartan-6 ▪ 15 slices shown + 6 for control unit K P Key Mix RAM Col. 256 Our S-Box MUX MUX & C 2:1 (4 slices) 4:1 State Add RAM RndK 256 Total design: 17 slices 1 Sasdrich, Güneysu. A grain in the silicon: SCA-protected AES in less than 30 slices . ASAP 2016 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 21

  22. Embedded Security Group Second Design: Port smallest AES on ASICs to FPGAs CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 22

  23. Embedded Security Group Bitsliding Design: Jean et al , CHES 2017 1 Adapt smallest ASIC-based AES to FPGAs 1 Jean, Moradi, Peyrin, Sasdrich. Bit-sliding: A generic technique for bit-serial implementations of SPN-based primitives - applications to AES, PRESENT and SKINNY . CHES 2017 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 23

  24. Embedded Security Group Bitsliding Design: Jean et al , CHES 2017 1 Adapt smallest ASIC-based AES to FPGAs 1 Jean, Moradi, Peyrin, Sasdrich. Bit-sliding: A generic technique for bit-serial implementations of SPN-based primitives - applications to AES, PRESENT and SKINNY . CHES 2017 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 24

  25. Embedded Security Group Fully-bitserial S-box ▪ Bitserial in-/output R1 𝑦 𝑗 ▪ Area: 4 slices: 1 1 7 8 8 16 LUTs, 16 Regs 𝑇 ∗ p2n ▪ Latency: 16 Cycles 8 R2 𝑧 𝑗 1 7 8 n2p 8 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 25

  26. Embedded Security Group Bitsliding Design: Jean et al , CHES 2017 1 Adapt smallest ASIC-based AES to FPGAs 1 Jean, Moradi, Peyrin, Sasdrich. Bit-sliding: A generic technique for bit-serial implementations of SPN-based primitives - applications to AES, PRESENT and SKINNY . CHES 2017 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 26

  27. Embedded Security Group Bitsliding on an FPGA ▪ 4 LUTs as 32-bit shift registers ▪ Shiftrows: 32 cycles ▪ Mixcolumns: 32 cycles 1 slice 4 LUTs 2 slices Total design: 63 LUTs 6 LUTs, 4 FF CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 27

  28. Embedded Security Group Comparison Design # LUTs # Flipflops # Slices #Clockcyc. Max. Freq. Sasdrich et al. [SG16] 84 24 21 1471 108 Mhz Our AES based on [SG16] 68 39 17 5538 109 Mhz Our AES based on [JMPS17] 63 38 19 4852 155 Mhz [SG16] Sasdrich, Güneysu. A grain in the silicon: SCA-protected AES in less than 30 slices . ASAP 2016 [JMPS17] Jean, Moradi, Peyrin, Sasdrich. Bit-sliding: A generic technique for bit-serial implementations of SPN-based primitives - applications to AES, PRESENT and SKINNY . CHES 2017 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 28

  29. Embedded Security Group Third Design: Smallest First-order secure AES on FPGAs CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 29

  30. Embedded Security Group Masking ▪ Decomposition into cubic function 1 : 𝑦 −1 = 𝑦 254 = 𝑦 26 49 ▪ Implement one coordinate of each cubic function: 𝐻 ∗ 𝜚(𝑦) = 𝜚(𝑦 26 ), 𝐺 ∗ 𝜚(𝑦) = 𝜚(𝑦 49 ) 1 Moradi. Advances in Side-channel Security. 2016 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 30

  31. Embedded Security Group Masking ▪ Decomposition into cubic function 1 : 𝑦 −1 = 𝑦 254 = 𝑦 26 49 ▪ Implement one coordinate of each cubic function: 𝐻 ∗ 𝜚(𝑦) = 𝜚(𝑦 26 ), 𝐺 ∗ 𝜚(𝑦) = 𝜚(𝑦 49 ) ▪ Find first-order masking (CMS 2 ): any-order: 𝑒 + 1 input sh. / 𝑒 + 1 𝑢 output sh. first-order: 2 input shares / 8 output shares 1 Moradi. Advances in Side-channel Security. 2016 2 Reparaz, Bilgin, Nikova, Gierlichs, Verbauwhede. Consolidating masking schemes . CRYPTO 2015 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Breaking and restoration of rotational symmetry in the spectrum of conjugate nuclei on the

Breaking and restoration of rotational symmetry in the spectrum of conjugate nuclei on the

Introduction The Framework Finite Volume Effects Discretization Effects Conclusion Appendix 57th International Winter Meeting on Nuclear Physics - Bormio, Italy Breaking and restoration of rotational symmetry in the spectrum of

762 views • 41 slides
NN-Correlations in the spin symmetry energy of neutron matter Symmetry energy of nuclear

NN-Correlations in the spin symmetry energy of neutron matter Symmetry energy of nuclear

NN-Correlations in the spin symmetry energy of neutron matter Symmetry energy of nuclear matter Spin symmetry energy of neutron matter. Kinetic and potential energy contributions. A. Rios, I. Vidaa, A. Carbone, C. Providencia, W.

668 views • 48 slides
Rotational Momentum Observation Experiment 1 - Figure Skater Observation Experiment 2 - Diver

Rotational Momentum Observation Experiment 1 - Figure Skater Observation Experiment 2 - Diver

Rotational Momentum Observation Experiment 1 - Figure Skater Observation Experiment 2 - Diver Rotational Momentum Observation Experiment 3 You sit on a chair that can spin with little friction and hold barbells far from your body. You spin

355 views • 17 slides
From OO to FPGA: From OO to FPGA: Fitting Round Objects Fitting Round Objects into Square

From OO to FPGA: From OO to FPGA: Fitting Round Objects Fitting Round Objects into Square

From OO to FPGA: From OO to FPGA: Fitting Round Objects Fitting Round Objects into Square Hardware? into Square Hardware? Stephen Kou Stephen Kou Jens Palsberg Jens Palsberg UCLA Computer Science Department UCLA Computer Science

429 views • 31 slides
P4, FPGA, HLS Domain-specific language - network data forwarding Standardized and

P4, FPGA, HLS Domain-specific language - network data forwarding Standardized and

P4, FPGA, HLS Domain-specific language - network data forwarding Standardized and maintained by P4 Language Consortium @ p4.org Independent of network protocols (VLAN, VxLAN, INT, ) and target architectures (ASIC, FPGA, NPU,

343 views • 9 slides
Higgsing the stringy higher spin symmetry Ida Zadeh Brandeis University All about AdS 3 workshop

Higgsing the stringy higher spin symmetry Ida Zadeh Brandeis University All about AdS 3 workshop

Higgsing the stringy higher spin symmetry Ida Zadeh Brandeis University All about AdS 3 workshop ETH Z urich November 19, 2015 Based on: M. R. Gaberdiel, C. Peng, and IGZ, 1506.02045 Stringy symmetries at tensionless point In the context of

708 views • 29 slides
Topological symmetry and (de)confinement in gauge theories and spin systems Mithat Unsal,

Topological symmetry and (de)confinement in gauge theories and spin systems Mithat Unsal,

Topological symmetry and (de)confinement in gauge theories and spin systems Mithat Unsal, SLAC, Stanford University based on arXiv:0804.4664 QCD* parts with M. Shifman Thanks to Eun-ah Kim, B. Marston, M. Shifman, J. Harvey, M.

610 views • 32 slides
Symmetry Detection in Building Footprints Presentation of the Master's thesis Hagen Schwa

Symmetry Detection in Building Footprints Presentation of the Master's thesis Hagen Schwa

Symmetry Detection in Building Footprints Presentation of the Master's thesis Hagen Schwa Introduction Symmetry is a fundamental element of design in architecture Building group with reflectional The rotational symmetric symmetries

653 views • 20 slides
Non-equilibrium phenomena in spinor Bose gases Dan S tamper-Kurn University of California,

Non-equilibrium phenomena in spinor Bose gases Dan S tamper-Kurn University of California,

Non-equilibrium phenomena in spinor Bose gases Dan S tamper-Kurn University of California, Berkeley outline Introductory material Interactions under rotational symmetry Energy scales Ground states S pin dynamics microscopic spin mixing

1.03k views • 63 slides
Integrable spin chains with U(1) 3 symmetry Lisa Freyhult Helsinki 28/10 2005

Integrable spin chains with U(1) 3 symmetry Lisa Freyhult Helsinki 28/10 2005

Deformations in AdS/CFT Integrable spin chains with U(1) 3 symmetry Lisa Freyhult Helsinki 28/10 2005 freyhult@nordita.dk Deformations in AdS/CFT p.1/30 Plan Introduction -deformation and generalisations in gauge theory

437 views • 30 slides
1 AP Physics C Mechanics Rotational Motion 20151203 www.njctl.org 2 Table of Contents

1 AP Physics C Mechanics Rotational Motion 20151203 www.njctl.org 2 Table of Contents

1 AP Physics C Mechanics Rotational Motion 20151203 www.njctl.org 2 Table of Contents Click on the topic to go to that section Rotational Kinematics Review Rotational Dynamics Rotational Kinetic Energy Angular Momentum

1.46k views • 130 slides
Symmetry Transforms 1 1 Motivation Symmetry is everywhere 2 Motivation Symmetry is

Symmetry Transforms 1 1 Motivation Symmetry is everywhere 2 Motivation Symmetry is

Symmetry Transforms 1 1 Motivation Symmetry is everywhere 2 Motivation Symmetry is everywhere Perfect Symmetry [Blum 64, 67] [Wolter 85] [Minovic 97] [Martinet 05] 3 Motivation Symmetry is everywhere Local Symmetry

741 views • 45 slides
AP Physics C - Mechanics Rotational Motion 2015-12-03 www.njctl.org Slide 3 / 130 Table of

AP Physics C - Mechanics Rotational Motion 2015-12-03 www.njctl.org Slide 3 / 130 Table of

Slide 1 / 130 Slide 2 / 130 AP Physics C - Mechanics Rotational Motion 2015-12-03 www.njctl.org Slide 3 / 130 Table of Contents Click on the topic to go to that section Rotational Kinematics Review Rotational Dynamics Rotational

562 views • 54 slides
FPGA What is a FPGA? How FPGAs work How do they work? Manufacturers

FPGA What is a FPGA? How FPGAs work How do they work? Manufacturers

2/21/2012 Content FPGA What is a FPGA? How FPGAs work How do they work? Manufacturers Distributed RAM History FPGA vs ASIC FPGA and Microprocessors Alternatives to FPGAs ETI135, Advanced Digital IC Design

123 views • 10 slides
Software into GPU code, Multicore Software and FPGA Hardware Satnam Singh Microsoft Research,

Software into GPU code, Multicore Software and FPGA Hardware Satnam Singh Microsoft Research,

Synthesis of Data-Parallel GPU Software into GPU code, Multicore Software and FPGA Hardware Satnam Singh Microsoft Research, Cambridge UK locks monitors condition variables spin locks priority inversion FPGA hardware (VHDL, ISE) GPU

1.16k views • 86 slides
Rotational Dynamics I Rotational Kinetic Energy Moment of Inertia Calculating the

Rotational Dynamics I Rotational Kinetic Energy Moment of Inertia Calculating the

Rotational Dynamics I Rotational Kinetic Energy Moment of Inertia Calculating the Moment of Inertia Vector Product Torque Newtons 2nd Law for Rotation Homework 1 Rotational Kinetic Energy K i = 1 i = 1 2 m i v 2 2 m

538 views • 15 slides
Maarten L offler Marc van Kreveld Center for Geometry, Imaging and Virtual Environments

Maarten L offler Marc van Kreveld Center for Geometry, Imaging and Virtual Environments

Maarten L offler Marc van Kreveld Center for Geometry, Imaging and Virtual Environments Utrecht University ? PROPERTIES OF IMPRECISE POINTS ? PROPERTIES OF IMPRECISE POINTS connected ? PROPERTIES OF IMPRECISE POINTS connected

903 views • 74 slides
Yet another attack on whitebox AES implementation Patrick Derbez 1 , Pierre-Alain Fouque 1 ,

Yet another attack on whitebox AES implementation Patrick Derbez 1 , Pierre-Alain Fouque 1 ,

Yet another attack on whitebox AES implementation Patrick Derbez 1 , Pierre-Alain Fouque 1 , Baptiste Lambin 1 , Brice Minaud 2 1 Univ Rennes, CNRS, IRISA 2 Royal Holloway University of London Patrick Derbez Yet another attack on whitebox AES

626 views • 51 slides
Jean Ponce (ponce@di.ens.fr) http://www.di.ens.fr/~ponce Equipe-projet WILLOW ENS/INRIA/CNRS UMR

Jean Ponce (ponce@di.ens.fr) http://www.di.ens.fr/~ponce Equipe-projet WILLOW ENS/INRIA/CNRS UMR

Jean Ponce (ponce@di.ens.fr) http://www.di.ens.fr/~ponce Equipe-projet WILLOW ENS/INRIA/CNRS UMR 8548 Laboratoire dInformatique Ecole Normale Suprieure, Paris Cordelia Schmid Jean Ponce http://www.di.ens.fr/~ponce/

4.11k views • 101 slides
Reachability Problems in Nondeterministic Polynomial . Maps on the Integers Sang-Ki Ko 1 Reino

Reachability Problems in Nondeterministic Polynomial . Maps on the Integers Sang-Ki Ko 1 Reino

. . . . . . . . . . . . Reachability Problems in Nondeterministic Polynomial . Maps on the Integers Sang-Ki Ko 1 Reino Niskanen 2 Igor Potapov 3 1 Korea Electronics Technology Institute, South Korea 2 Department of Computer Science,

1.39k views • 105 slides
The Power of Abstraction Barbara Liskov October 2010 Outline Inventing abstract data types

The Power of Abstraction Barbara Liskov October 2010 Outline Inventing abstract data types

The Power of Abstraction Barbara Liskov October 2010 Outline Inventing abstract data types CLU Type hierarchy What next Data Abstraction Prehistory The Venus machine The Interdata 3 Data Abstraction Prehistory The

792 views • 52 slides
Parallel Programming and Heterogeneous Computing A3 - Performance Metrics Max Plauth, Sven

Parallel Programming and Heterogeneous Computing A3 - Performance Metrics Max Plauth, Sven

Parallel Programming and Heterogeneous Computing A3 - Performance Metrics Max Plauth, Sven Khler, Felix Eberhardt, Lukas Wenzel and Andreas Polze Operating Systems and Middleware Group Performance Which car is faster? for

1.03k views • 18 slides
Parallel Game Tree Search Tsan-sheng Hsu tshsu@iis.sinica.edu.tw

Parallel Game Tree Search Tsan-sheng Hsu tshsu@iis.sinica.edu.tw

Parallel Game Tree Search Tsan-sheng Hsu tshsu@iis.sinica.edu.tw http://www.iis.sinica.edu.tw/~tshsu 1 Abstract Use multiprocessor shared-memory or distributed memory machines to search the game tree in parallel. Questions: Is it

911 views • 44 slides
rt t rs

rt t rs

rt rts tr strts rt t rs sttt

831 views • 60 slides

More recommend