the led block cipher
play

The LED Block Cipher Jian Guo, Thomas Peyrin, Axel Poschmann and - PowerPoint PPT Presentation

Aug 30, 2023 •354 likes •689 views

Introduction The LED Round Function Minimalism for Key Schedule Security Analysis Implementations and Results The LED Block Cipher Jian Guo, Thomas Peyrin, Axel Poschmann and Matt Robshaw I2R, NTU and Orange Labs CHES 2011 Nara, Japan

  1. Introduction The LED Round Function Minimalism for Key Schedule Security Analysis Implementations and Results The LED Block Cipher Jian Guo, Thomas Peyrin, Axel Poschmann and Matt Robshaw I2R, NTU and Orange Labs CHES 2011 Nara, Japan

  2. Introduction The LED Round Function Minimalism for Key Schedule Security Analysis Implementations and Results Outline Introduction The LED Round Function Minimalism for Key Schedule Security Analysis Implementations and Results

  3. Introduction The LED Round Function Minimalism for Key Schedule Security Analysis Implementations and Results Current picture of lightweight primitives - graphically GE TRIVIUM 2500 AES S-QUARK PHOTON-256/32/32 DESXL Th. optimum 2000 DESL D-QUARK PHOTON-224/32/32 KLEIN-96 1500 PRESENT-128 KLEIN-80 U-QUARK PHOTON-160/36/36 GRAIN KLEIN-64 PHOTON-128/16/16 KATAN-64 1000 PRESENT-80 PHOTON-80/20/16 KTANTAN64 PRINTcipher-96 KTANTAN32 500 PRINTcipher-48 internal memory 64 128 192 256

  4. Introduction The LED Round Function Minimalism for Key Schedule Security Analysis Implementations and Results Current picture of lightweight block ciphers - graphically GE 2500 AES DESXL Th. optimum 2000 DESL 1500 KLEIN-96 KLEIN-80 PRESENT-128/PICCOLO-128 KLEIN-64 KATAN-64 1000 PRESENT-80/PICCOLO-80 KTANTAN64 PRINTcipher-96 KTANTAN32 500 PRINTcipher-48 internal memory 64 128 192 256

  5. Introduction The LED Round Function Minimalism for Key Schedule Security Analysis Implementations and Results Lightweight block ciphers are too provocative ? • ARMADILLO : key-recovery attacks [A+-2011] • HIGHT : related-key attacks [K+-2010] • Hummingbird-1 : practical related-IV attacks [S-2011] • KTANTAN : practical related-key attacks [ ˚ A-2011] • PRINTcipher : large weak-keys classes [ ˚ AJ-2011] PRESENT is still unbroken.

  6. Introduction The LED Round Function Minimalism for Key Schedule Security Analysis Implementations and Results Light Encryption Device We propose a new 64-bit block cipher LED : • as small as PRESENT • faster than PRESENT in software (and slower in hardware) • significant security margin • can take any key size from 64 to 128 bits • key can be directly hardwired (without any modification) • provable resistance to classical differential and linear attacks ... • ... both in the single-key and related-key models

  7. Introduction The LED Round Function Minimalism for Key Schedule Security Analysis Implementations and Results Outline Introduction The LED Round Function Minimalism for Key Schedule Security Analysis Implementations and Results

  8. Introduction The LED Round Function Minimalism for Key Schedule Security Analysis Implementations and Results A single round of LED AddConstants SubCells ShiftRows MixColumnsSerial S S S S S S S S 4 cells S S S S S S S S 4 bits 4 cells The 64-bit round function is an SP-network: • AddConstants: xor round-dependent constants to the two first columns • SubCells: apply the PRESENT 4-bit Sbox to each cell • ShiftRows: rotate the i-th line by i positions to the left • MixColumnsSerial: apply the special MDS matrix to each columns independently

  9. Introduction The LED Round Function Minimalism for Key Schedule Security Analysis Implementations and Results Efficient Serially Computable MDS Matrices MDS Matrices (“Maximum Distance Separable”) have excellent diffusion properties : for a d -cell vector, we are ensured that at least d + 1 input / output cells will be active. We use the same trick as in PHOTON (CRYPTO 2011): implement an MDS matrix that can be efficiently computed in a serial way . We keep the same good diffusion properties and good software performances as the classical MDS constructions, but the hardware is improved since no additional memory cell is needed (for both ciphering and deciphering).   0 1 0 0 0 0 0 0 · · ·  0 0 1 0 0 0 0 0  · · ·     . .   . .   . .     A =   0 0 0 0 0 1 0 0  · · ·      0 0 0 0 0 0 1 0  · · ·    0 0 0 0 0 0 0 1   · · ·   Z 0 Z 1 Z 2 Z 3 Z d − 4 Z d − 3 Z d − 2 Z d − 1 · · ·

  10. Introduction The LED Round Function Minimalism for Key Schedule Security Analysis Implementations and Results Efficient Serially Computable MDS Matrices MDS Matrices (“Maximum Distance Separable”) have excellent diffusion properties : for a d -cell vector, we are ensured that at least d + 1 input / output cells will be active. We use the same trick as in PHOTON (CRYPTO 2011): implement an MDS matrix that can be efficiently computed in a serial way . We keep the same good diffusion properties and good software performances as the classical MDS constructions, but the hardware is improved since no additional memory cell is needed (for both ciphering and deciphering).     0 1 0 0 0 0 0 0 v 0 · · ·  0 0 1 0 0 0 0 0   v 1  · · ·         . . .     . . .     . . .           ·   = 0 0 0 0 0 1 0 0 v d − 4  · · ·            0 0 0 0 0 0 1 0 v d − 3  · · ·        0 0 0 0 0 0 0 1 v d − 2     · · ·     Z 0 Z 1 Z 2 Z 3 Z d − 4 Z d − 3 Z d − 2 Z d − 1 v d − 1 · · ·

  11. Introduction The LED Round Function Minimalism for Key Schedule Security Analysis Implementations and Results Efficient Serially Computable MDS Matrices MDS Matrices (“Maximum Distance Separable”) have excellent diffusion properties : for a d -cell vector, we are ensured that at least d + 1 input / output cells will be active. We use the same trick as in PHOTON (CRYPTO 2011): implement an MDS matrix that can be efficiently computed in a serial way . We keep the same good diffusion properties and good software performances as the classical MDS constructions, but the hardware is improved since no additional memory cell is needed (for both ciphering and deciphering).       0 1 0 0 0 0 0 0 v 0 v 1 · · ·  0 0 1 0 0 0 0 0   v 1    · · ·             . . . .       . . . .       . . . .               ·   =   0 0 0 0 0 1 0 0 v d − 4  · · ·                  0 0 0 0 0 0 1 0 v d − 3  · · ·            0 0 0 0 0 0 0 1 v d − 2       · · ·       Z 0 Z 1 Z 2 Z 3 Z d − 4 Z d − 3 Z d − 2 Z d − 1 v d − 1 · · ·

  12. Introduction The LED Round Function Minimalism for Key Schedule Security Analysis Implementations and Results Efficient Serially Computable MDS Matrices MDS Matrices (“Maximum Distance Separable”) have excellent diffusion properties : for a d -cell vector, we are ensured that at least d + 1 input / output cells will be active. We use the same trick as in PHOTON (CRYPTO 2011): implement an MDS matrix that can be efficiently computed in a serial way . We keep the same good diffusion properties and good software performances as the classical MDS constructions, but the hardware is improved since no additional memory cell is needed (for both ciphering and deciphering).       0 1 0 0 0 0 0 0 v 0 v 1 · · ·  0 0 1 0 0 0 0 0   v 1   v 2  · · ·             . . . .       . . . .       . . . .               ·   =   0 0 0 0 0 1 0 0 v d − 4  · · ·                  0 0 0 0 0 0 1 0 v d − 3  · · ·            0 0 0 0 0 0 0 1 v d − 2       · · ·       Z 0 Z 1 Z 2 Z 3 Z d − 4 Z d − 3 Z d − 2 Z d − 1 v d − 1 · · ·

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Problem 1 k zero bits n bits IV Block Block Block Block Cipher Cipher Cipher Cipher

Problem 1 k zero bits n bits IV Block Block Block Block Cipher Cipher Cipher Cipher

Problem 1 k zero bits n bits IV Block Block Block Block Cipher Cipher Cipher Cipher removed January 27, 2011 Practical Aspects of Modern Cryptography 2 Problem 1 IV Inverse Inverse Inverse Inverse Cipher Cipher Cipher Cipher

464 views • 20 slides
Tweakable Block Cipher Secure Beyond the Birthday Bound in the Ideal Cipher Model Jooyoung Lee ,

Tweakable Block Cipher Secure Beyond the Birthday Bound in the Ideal Cipher Model Jooyoung Lee ,

Tweakable Block Cipher Secure Beyond the Birthday Bound in the Ideal Cipher Model Jooyoung Lee , Byeonghak Lee KAIST Tweakable Block Cipher A tweakable block cipher accepts an additional input "tweak - Tweaks are publicly used

519 views • 30 slides
Block Cipher Modes of Operation Electronic Code Book Cipher Block Chaining Mode Cryptography

Block Cipher Modes of Operation Electronic Code Book Cipher Block Chaining Mode Cryptography

Cryptography Block Cipher Modes of Operation Block Ciphers with Multiple Blocks Block Cipher Modes of Operation Electronic Code Book Cipher Block Chaining Mode Cryptography Cipher Feedback Mode School of Engineering and Technology

428 views • 32 slides
Advanced Block Cipher Design My crazy boss asked me to design a new block cipher. Whats next?

Advanced Block Cipher Design My crazy boss asked me to design a new block cipher. Whats next?

Advanced Block Cipher Design My crazy boss asked me to design a new block cipher. Whats next? Pascal Junod University of Applied Sciences Western Switzerland Pascal Junod -- Advanced Block Cipher Design 1 ECRYPT II Summer School - May

914 views • 56 slides
Block Cipher Cryptanalysis: An Overview Subhabrata Samajder Indian Statistical Institute, Kolkata

Block Cipher Cryptanalysis: An Overview Subhabrata Samajder Indian Statistical Institute, Kolkata

Block Cipher Cryptanalysis: An Overview Subhabrata Samajder Indian Statistical Institute, Kolkata 17 th May, 2017 0/52 Iterated Block Cipher Outline Iterated Block Cipher 1 S-Boxes 2 A Basic Substitution Permutation Network 3 Linear

1.58k views • 113 slides
Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey

Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey

Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey Bogdanov Andrey Bogdanov K.U.Leuven, ESAT/COSIC Outline Outline Distribution of Correlation Data Complexity Linear Hulls Zero

659 views • 30 slides
COBRA: A Parallelizable Authenticated Online Cipher without Block Cipher Inverse 1 Atul Luykx

COBRA: A Parallelizable Authenticated Online Cipher without Block Cipher Inverse 1 Atul Luykx

COBRA: A Parallelizable Authenticated Online Cipher without Block Cipher Inverse 1 Atul Luykx COSIC KU Leuven and iMinds March 3, 2014 1 Joint work with E. Andreeva, B. Mennink, and K. Yasuda. 1 / 23 Overview COBRA 1 Misuse resistance 2

711 views • 58 slides
Block Cipher Operation CBC CFB OFB CSS441: Security and Cryptography CTR Feedback Sirindhorn

Block Cipher Operation CBC CFB OFB CSS441: Security and Cryptography CTR Feedback Sirindhorn

CSS441 Block Cipher Operation Modes ECB Block Cipher Operation CBC CFB OFB CSS441: Security and Cryptography CTR Feedback Sirindhorn International Institute of Technology XTS-AES Thammasat University Prepared by Steven Gordon on 20

871 views • 32 slides
PSEUDO-RANDOM FUNCTIONS We want to answer the question: What is a good block cipher? where

PSEUDO-RANDOM FUNCTIONS We want to answer the question: What is a good block cipher? where

Recall We studied security of function families (in particular, block ciphers) against key recovery. But we saw that security against key recovery is not su ffi cient to ensure that natural usages of a block cipher are secure. PSEUDO-RANDOM

268 views • 13 slides
Overview of the DES A block cipher: encrypts blocks of 64 bits using a 64 bit key

Overview of the DES A block cipher: encrypts blocks of 64 bits using a 64 bit key

Overview of the DES A block cipher: encrypts blocks of 64 bits using a 64 bit key outputs 64 bits of ciphertext A product cipher basic unit is the bit performs both substitution and transposition (permutation) on the

512 views • 35 slides
Attacks on the KeeLoq Block Cipher and Authentication Systems Andrey Bogdanov Chair for

Attacks on the KeeLoq Block Cipher and Authentication Systems Andrey Bogdanov Chair for

Attacks on the KeeLoq Block Cipher and Authentication Systems Andrey Bogdanov Chair for Communication Security Ruhr University Bochum, Germany abogdanov@crypto.rub.de www.crypto.rub.de Abstract. KeeLoq is a block cipher used in numerous

143 views • 13 slides
Block Cipher Cryptanalysis: Basic and Advanced Techniques I

Block Cipher Cryptanalysis: Basic and Advanced Techniques I

Block Cipher Cryptanalysis: Basic and Advanced Techniques I & II Andrey Bogdanov KU Leuven, ESAT/COSIC Outline I. Block Ciphers II.

1.03k views • 79 slides
PSEUDO-RANDOM FUNCTIONS 1 / 65 Recall We studied security of a block cipher against key

PSEUDO-RANDOM FUNCTIONS 1 / 65 Recall We studied security of a block cipher against key

PSEUDO-RANDOM FUNCTIONS 1 / 65 Recall We studied security of a block cipher against key recovery. But we saw that security against key recovery is not sufficient to ensure that natural usages of a block cipher are secure. We want to answer the

920 views • 88 slides
Objectives Electronic Code Book Cipher Block Chaining Output Boolean functions

Objectives Electronic Code Book Cipher Block Chaining Output Boolean functions

Modes of Operation of Block Ciphers Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Electronic Code Book Cipher Block Chaining

183 views • 16 slides
Block Ciphers Chester Rebeiro IIT Madras CR CR STINSON : chapters 3 Block Cipher K D K E

Block Ciphers Chester Rebeiro IIT Madras CR CR STINSON : chapters 3 Block Cipher K D K E

Block Ciphers Chester Rebeiro IIT Madras CR CR STINSON : chapters 3 Block Cipher K D K E untrusted communicaGon link Alice Bob E D #%AR3Xf34^$ A?ack at Dawn!! decrypGon encrypGon (ciphertext) message A?ack at Dawn!!

1.71k views • 143 slides
Deck-Based Wide Block Cipher Modes and an Exposition of the Blinded Keyed Hashing Model Aldo

Deck-Based Wide Block Cipher Modes and an Exposition of the Blinded Keyed Hashing Model Aldo

Deck-Based Wide Block Cipher Modes and an Exposition of the Blinded Keyed Hashing Model Aldo Gunsing, Joan Daemen and Bart Mennink FSE 2020 1 / 15 Block cipher K n n P B C Plaintext P encrypted to ciphertext C with secret key K

632 views • 41 slides
cryptocoding JP Aumasson @veorq / http://aumasson.jp academic background principal

cryptocoding JP Aumasson @veorq / http://aumasson.jp academic background principal

cryptocoding JP Aumasson @veorq / http://aumasson.jp academic background principal cryptographer at Kudelski Security, .ch applied crypto research and outreach BLAKE, BLAKE2, SipHash, NORX Crypto Coding Standard Password Hashing Competition

883 views • 73 slides
LLVM x Blockchain A New Ecosystem of Decentralized Applications Robin Zhong About Me Co-founder

LLVM x Blockchain A New Ecosystem of Decentralized Applications Robin Zhong About Me Co-founder

LLVM x Blockchain A New Ecosystem of Decentralized Applications Robin Zhong About Me Co-founder and CTO of Nebulas Former architect of Alibaba Blockchain Department Former Senior Engineering Director of Dolphin Browser Robin Zhong

711 views • 24 slides
Linux Kernel Crypto API Herbert Xu Red Hat Inc. Current State Async + sync cipher interface.

Linux Kernel Crypto API Herbert Xu Red Hat Inc. Current State Async + sync cipher interface.

Linux Kernel Crypto API Herbert Xu Red Hat Inc. Current State Async + sync cipher interface. Async + sync hash interface. AEAD interface. Compress-as-you-go interface. RNG interface. Current State A handful of async PCI

970 views • 7 slides
Cryptography during the two world wars, and wrap-up of classical ciphers. Math 4440/5440. First

Cryptography during the two world wars, and wrap-up of classical ciphers. Math 4440/5440. First

Cryptography during the two world wars, and wrap-up of classical ciphers. Math 4440/5440. First World War German Cipher: ADFGVX Cipher A D F G V X 3 4 2 1 A c o 8 x f 4 D G X G D m k 3 a z 9 X G D G F n w 1 0

740 views • 55 slides
and Beyond Vadim Lyubashevsky IBM Research Zurich Why Lattice Cryptography One of the

and Beyond Vadim Lyubashevsky IBM Research Zurich Why Lattice Cryptography One of the

Standardizing Lattice Cryptography and Beyond Vadim Lyubashevsky IBM Research Zurich Why Lattice Cryptography One of the oldest and most (the most?) efficient quantum-resilient alternatives for basic primitives Public key

844 views • 62 slides
Breaking Deployed Crypto The Side Channel Analyst s Way Daniel Moghimi (@danielmgmi)

Breaking Deployed Crypto The Side Channel Analyst s Way Daniel Moghimi (@danielmgmi)

Breaking Deployed Crypto The Side Channel Analyst s Way Daniel Moghimi (@danielmgmi) 04/30/2020 Hardwear.io About Me Daniel Moghimi @danielmgmi Security Researcher PhD Student @ WPI Microarchitectural Security Side

926 views • 69 slides
Cryptographic Hashing in P4 Data Planes Dominik Scholz , Andreas Oeldemann, Fabien Geyer, Sebastian

Cryptographic Hashing in P4 Data Planes Dominik Scholz , Andreas Oeldemann, Fabien Geyer, Sebastian

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Cryptographic Hashing in P4 Data Planes Dominik Scholz , Andreas Oeldemann, Fabien Geyer, Sebastian Gallenmller, Henning Stubbe, Thomas Wild,

181 views • 15 slides
Blockchain and secure computation Vassilis Zikas RPI Winter School on Cryptocurrency and

Blockchain and secure computation Vassilis Zikas RPI Winter School on Cryptocurrency and

Blockchain and secure computation Vassilis Zikas RPI Winter School on Cryptocurrency and Blockchain Technologies Shanghai Jiao Tong University 2017 Bitcoin Bitcoin What is bitcoin and how does it work? Bitcoin What is bitcoin and how

2.08k views • 178 slides

More recommend