the simeck family of lightweight block ciphers
play

The Simeck Family of Lightweight Block Ciphers Gangqiang Yang , Bo - PowerPoint PPT Presentation

Sep 10, 2022 •235 likes •537 views

The Simeck Family of Lightweight Block Ciphers Gangqiang Yang , Bo Zhu, Valentin Suder, Mark D. Aagaard, and Guang Gong Electrical and Computer Engineering, University of Waterloo Sept 15, 2015 Yang, Zhu, Suder, Aagaard, Gong Simeck Family

  1. The Simeck Family of Lightweight Block Ciphers Gangqiang Yang , Bo Zhu, Valentin Suder, Mark D. Aagaard, and Guang Gong Electrical and Computer Engineering, University of Waterloo Sept 15, 2015 Yang, Zhu, Suder, Aagaard, Gong Simeck Family (CHES 2015) Sept 15, 2015 1 / 25

  2. Outline Simeck’s Design Goals 1 Design Specifications and Rationales 2 Hardware Implementations Results 3 Results Comparison between Simeck and SIMON 4 Security Analysis 5 Conclusions 6 Yang, Zhu, Suder, Aagaard, Gong Simeck Family (CHES 2015) Sept 15, 2015 2 / 25

  3. Simeck’s Design Goals Outline Simeck’s Design Goals 1 Design Specifications and Rationales 2 Hardware Implementations Results 3 Results Comparison between Simeck and SIMON 4 Security Analysis 5 Conclusions 6 Yang, Zhu, Suder, Aagaard, Gong Simeck Family (CHES 2015) Sept 15, 2015 3 / 25

  4. Simeck’s Design Goals Lightweight Cryptography Lightweight cryptography is devised to provide suitable, secure, and compact ciphers (less than 2000 GEs) that fit into the resource constrained devices, such as passive RFID tags and wireless sensor network nodes. RFID tags Wireless sensor network nodes Block ciphers: TEA, XTEA, PRESENT, KATAN, LED, EPCBC, KLEIN, LBlock, Piccolo, Twine, S IMON , and S PECK . Stream ciphers: Trivium, Grain, WG (WG-5, WG-7, WG-8). Yang, Zhu, Suder, Aagaard, Gong Simeck Family (CHES 2015) Sept 15, 2015 4 / 25

  5. Simeck’s Design Goals A Smaller Block Cipher than S IMON S IMON is optimized for hardware and S PECK is optimized for software [Beaulieu et al. , 2013] . message key round key key fun sched const How to design a smaller cipher family than S IMON ? The registers cannot be changed. We can reduce the areas of only the round function, key schedule, and key constant. Yang, Zhu, Suder, Aagaard, Gong Simeck Family (CHES 2015) Sept 15, 2015 5 / 25

  6. Simeck’s Design Goals A Smaller Block Cipher than S IMON S IMON is optimized for hardware and S PECK is optimized for software [Beaulieu et al. , 2013] . message key round key key fun sched const How to design a smaller cipher family than S IMON ? The registers cannot be changed. We can reduce the areas of only the round function, key schedule, and key constant. Simeck Yang, Zhu, Suder, Aagaard, Gong Simeck Family (CHES 2015) Sept 15, 2015 5 / 25

  7. Simeck’s Design Goals Simeck: A Family of Lightweight Block Ciphers Simeck is designed to have similar security levels as S IMON but with smaller area. Simeck is designed by combining the best features of S IMON and S PECK . Round function. – Use a modified version of S IMON ’s round function. Key schedule. – Use round function for key schedule, similar to S PECK . Key constant. – Use LFSR-based constant for key schedule, similar to S IMON , but simpler. Yang, Zhu, Suder, Aagaard, Gong Simeck Family (CHES 2015) Sept 15, 2015 6 / 25

  8. Simeck’s Design Goals Simeck: A Family of Lightweight Block Ciphers Simeck is designed to have similar security levels as S IMON but with smaller area. Simeck is designed by combining the best features of S IMON and S PECK . Round function. – Use a modified version of S IMON ’s round function. Key schedule. – Use round function for key schedule, similar to S PECK . Key constant. – Use LFSR-based constant for key schedule, similar to S IMON , but simpler. Simeck has three instances. Simeck32/64, Simeck48/96, Simeck64/128. The number of rounds for Simeck are identical with the corresponding S IMON . Yang, Zhu, Suder, Aagaard, Gong Simeck Family (CHES 2015) Sept 15, 2015 6 / 25

  9. Design Specifications and Rationales Outline Simeck’s Design Goals 1 Design Specifications and Rationales 2 Hardware Implementations Results 3 Results Comparison between Simeck and SIMON 4 Security Analysis 5 Conclusions 6 Yang, Zhu, Suder, Aagaard, Gong Simeck Family (CHES 2015) Sept 15, 2015 7 / 25

  10. Design Specifications and Rationales Round Function msg i+1 msg i msg i+1 msg i n n n n 1 8 5 2 1 n n key i key i n n msg i+2 msg i+2 S IMON Simeck n is the word size (16, 24, 32). Yang, Zhu, Suder, Aagaard, Gong Simeck Family (CHES 2015) Sept 15, 2015 8 / 25

  11. Design Specifications and Rationales Round Function in the Parallel Architecture d in d in n n n n i mode n i mode n 1 1 n n msg b msg a msg b msg a b n − 1 b 0 a n − 1 a 0 b n − 1 b 0 a n − 1 a 0 d out d out n n 1 n n � � � � 8 5 n n � � 2 1 n n k i k i � � n n S IMON Simeck The parallel architecture processes 1 round per clock cycle and the datapath is n -bit width. Different shift numbers do not affect the area in parallel architecture. Yang, Zhu, Suder, Aagaard, Gong Simeck Family (CHES 2015) Sept 15, 2015 9 / 25

  12. Design Specifications and Rationales Round Function in the Fully Serialized Architecture d out d out i mode i mode msg b msg a n msg b msg a n d in 1 d in 1 1 1 1 1 a n − 8 a 0 a n − 5 a 0 b n − 1 b n − 2 b n − 8 a n − 1 a n − 2 b n − 1 b n − 5 b 0 a n − 1 ce 8 1 1 1 1 1 1 1 1 1 MUX8 ce 1 ce 2 ce 1 ce 5 1 1 � � � � MUX1 MUX5 MUX1 MUX2 1 1 � � 1 1 ( k i ) l ( k i ) l � � 1 1 S IMON Simeck The fully serialized architecture processes 1 bit per clock cycle and the datapath is 1-bit width. Different shift numbers affect the area in the partially serialized architecture in hardware. Reduce 1 MUX (multiplexer) for the fully serialized architecure. Simplify logic to select the MUXes. Yang, Zhu, Suder, Aagaard, Gong Simeck Family (CHES 2015) Sept 15, 2015 10 / 25

  13. Design Specifications and Rationales Key Schedule in the Parallel Architecture n key in n n i mode 1 key d n key c key b key a b n − 1 a n − 1 d n − 1 d 0 c n − 1 c 0 b 0 a 0 n k i � 3 � 1 � n � ( z j ) i C � n S IMON n n key in n i mode 1 n key c key b key a key d d n − 1 d 0 c n − 1 c 0 b n − 1 b 0 a n − 1 a 0 n k i n � � 5 n � 1 n � ( z j ) i C � n Simeck Similar as the round function, the parallel architecture processes 1 round per clock cycle and the datapath is n -bit width. Yang, Zhu, Suder, Aagaard, Gong Simeck Family (CHES 2015) Sept 15, 2015 11 / 25

  14. Design Specifications and Rationales Simplified Key Schedule n � 3 � � � 5 n 1 � � 1 n � ( z j ) i n � ( z j ) i C C � � n n S IMON Simeck The combinational circuit (dashed box in above) in the key schedule of S IMON and Simeck in the parallel architecture are shown as follows: S IMON (2 n + 1) XOR + ( n − 1 ) XNOR Simeck ( n + 1) XOR + ( n − 1 ) XNOR + n AND In general, one XOR gate is larger than one AND gate. Thus, Simeck’s key schedule is smaller than S IMON . Yang, Zhu, Suder, Aagaard, Gong Simeck Family (CHES 2015) Sept 15, 2015 12 / 25

  15. Design Specifications and Rationales Simplified Key Constant The primitive polynomials for the LFSRs to generate the key constants for Simeck and S IMON . Simeck S IMON X 5 + X 2 + 1 X 5 + X 4 + X 2 + X + 1 32/64 X 5 + X 2 + 1 X 5 + X 3 + X 2 + X + 1 48/96 X 6 + X + 1 X 5 + X 3 + X 2 + X + 1 64/128 Simeck’s are all 2 XOR gates (4 GEs) less than the ones used in S IMON . Yang, Zhu, Suder, Aagaard, Gong Simeck Family (CHES 2015) Sept 15, 2015 13 / 25

  16. Design Specifications and Rationales Key Schedule in the Fully Serialized Architecture i mode key d key c key b key a key in 1 1 1 1 ( k i ) l 1 c n − 1 c n − 5 a n − 1 d n − 1 d n − 5 d 0 c 0 b n − 1 b n − 5 b 0 a n − 5 a 0 1 1 1 1 1 1 ce 1 ce 5 1 MUX1 MUX5 � � 1 � 1 [ C � ( z j ) i ] l � 1 Simeck Similar as the round function, the fully serialized architecture processes 1 bit per clock cycle and the datapath is 1-bit width. Different shift numbers affect the area in the fully serialized architecture, as round function does. Reduce 1 MUX. Simplify logic to select the MUXes. The combinational circuit (dashed box) is also decreased. Yang, Zhu, Suder, Aagaard, Gong Simeck Family (CHES 2015) Sept 15, 2015 14 / 25

  17. Hardware Implementations Results Outline Simeck’s Design Goals 1 Design Specifications and Rationales 2 Hardware Implementations Results 3 Results Comparison between Simeck and SIMON 4 Security Analysis 5 Conclusions 6 Yang, Zhu, Suder, Aagaard, Gong Simeck Family (CHES 2015) Sept 15, 2015 15 / 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Skinny A Family of Lightweight Tweakable Block Ciphers for the IoT C. Beierle, J. Jean, S.

Skinny A Family of Lightweight Tweakable Block Ciphers for the IoT C. Beierle, J. Jean, S.

Skinny A Family of Lightweight Tweakable Block Ciphers for the IoT C. Beierle, J. Jean, S. Klbl, G. Leander, A. Moradi, T. Peyrin, Y. Sasaki, P. Sasdrich, S.M. Sim Horst Grtz Institute for IT-Security, Ruhr University Bochum, Germany

1.18k views • 41 slides
A Brief Comparison of Simon and Simeck Stefan Klbl 1 The Simeck block cipher family 1 48 128,

A Brief Comparison of Simon and Simeck Stefan Klbl 1 The Simeck block cipher family 1 48 128,

Arnab Roy 1 September 21, 2016 1 DTU Compute, Technical University of Denmark, Denmark A Brief Comparison of Simon and Simeck Stefan Klbl 1 The Simeck block cipher family 1 48 128, 192, 256 128 96, 144 96 96, 128 64 72, 96 64 32 Key

617 views • 28 slides
The SKINNY Family of Lightweight Tweakable Block Ciphers Jrmy Jean joint work with:

The SKINNY Family of Lightweight Tweakable Block Ciphers Jrmy Jean joint work with:

The SKINNY Family of Lightweight Tweakable Block Ciphers Jrmy Jean joint work with: Christof Beierle Stefan Klbl Gregor Leander Amir Moradi Thomas Peyrin Yu Sasaki Pascal Sasdrich Siang Meng Sim CRYPTO 2016 August 17, 2016

472 views • 33 slides
Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream

Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream

Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length blocks M = M 1 M 2 . . . M N . Then, each block M i is encrypted to the

1.11k views • 63 slides
Cryptanalysis of Lightweight Block Ciphers: Theory Meets Dependencies Orr Dunkelman Computer

Cryptanalysis of Lightweight Block Ciphers: Theory Meets Dependencies Orr Dunkelman Computer

Dependency Other Win Open Cryptanalysis of Lightweight Block Ciphers: Theory Meets Dependencies Orr Dunkelman Computer Science Department University of Haifa, Israel December 14th, 2019 Orr Dunkelman Cryptanalysis of Lightweight Block

322 views • 31 slides
Performance Analysis of Contemporary Lightweight Block Ciphers on 8-bit Microcontrollers Sren

Performance Analysis of Contemporary Lightweight Block Ciphers on 8-bit Microcontrollers Sren

Performance Analysis of Contemporary Lightweight Block Ciphers on 8-bit Microcontrollers Sren Rinne, Thomas Eisenbarth, and Christof Paar Horst Grtz Institute for IT Security Ruhr-Universitt Bochum, Germany 11.06.2007 SPEED Workshop,

469 views • 18 slides
Players Will discuss how to distribute key to all parties later Symmetric ciphers unusable for

Players Will discuss how to distribute key to all parties later Symmetric ciphers unusable for

Organisation Organisation Overview Block Ciphers Overview Block Ciphers Historic Ciphers Security of Block ciphers Historic Ciphers Security of Block ciphers Symmetric Ciphers Symmetric Ciphers Assume encryption and decryption use the

425 views • 5 slides
Lightweight Authenticated Encryption Mode of Operation for Tweakable Block Ciphers Yusuke Naito *

Lightweight Authenticated Encryption Mode of Operation for Tweakable Block Ciphers Yusuke Naito *

Workshop on Cryptographic Hardware and Embedded Systems (CHES 2020) Lightweight Authenticated Encryption Mode of Operation for Tweakable Block Ciphers Yusuke Naito * and Takeshi Sugawara ** * Mitsubishi Electric Corporation ** The University of

420 views • 22 slides
On the Lightweight Design Choices for Diffusion Layer of Block Ciphers SUMANTA SARKAR TCS

On the Lightweight Design Choices for Diffusion Layer of Block Ciphers SUMANTA SARKAR TCS

On the Lightweight Design Choices for Diffusion Layer of Block Ciphers SUMANTA SARKAR TCS Innovation Labs December 11, 2017 SUMANTA SARKAR Lightweight Cryptography Internet of Things / Connected Cars Internet of things (IoT): Network of

786 views • 45 slides
One Time Pad, Block Ciphers, One Time Pad, Block Ciphers, Basic Ciphers Basic Ciphers

One Time Pad, Block Ciphers, One Time Pad, Block Ciphers, Basic Ciphers Basic Ciphers

One Time Pad, Block Ciphers, One Time Pad, Block Ciphers, Basic Ciphers Basic Ciphers Encryption Modes Encryption Modes Shift Cipher Brute%force attack can easily break Ahmet Burak Can Substitution Cipher Hacettepe University

191 views • 6 slides
Beetle Family of Lightweight and Secure Authenticated Encryption Ciphers Avik Chakraborti 1 ,

Beetle Family of Lightweight and Secure Authenticated Encryption Ciphers Avik Chakraborti 1 ,

Introduction Motivation Specification for Beetle Hardware Implementation Results of Beetle Conclusions Beetle Family of Lightweight and Secure Authenticated Encryption Ciphers Avik Chakraborti 1 , Nilanjan Datta 2 , Mridul Nandi 3 and Kan

614 views • 32 slides
Block Ciphers and DES S-DES DES Details DES Design Other Ciphers CSS441: Security and

Block Ciphers and DES S-DES DES Details DES Design Other Ciphers CSS441: Security and

CSS441 Block Ciphers Principles DES Block Ciphers and DES S-DES DES Details DES Design Other Ciphers CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20

788 views • 50 slides
Iterative Block Ciphers from Tweakable Block Ciphers with Long Tweaks Ryota Nakamichi and Tetsu

Iterative Block Ciphers from Tweakable Block Ciphers with Long Tweaks Ryota Nakamichi and Tetsu

Iterative Block Ciphers from Tweakable Block Ciphers with Long Tweaks Ryota Nakamichi and Tetsu Iwata Nagoya University, Japan FSE 2020 November 913, 2020, Virtual 1 / 19 Block Ciphers block cipher (BC) E : K { 0 , 1 } n { 0

530 views • 24 slides
Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length

Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length

Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length blocks M = M 1 M 2 . . . M N . Then, each block M i is encrypted to the ciphertext block C i = E K ( M i ), and the results are concatenated to the

334 views • 8 slides
Handout 2 Summary of this handout: Symmetric Ciphers Overview Block Ciphers Feistel Ciphers

Handout 2 Summary of this handout: Symmetric Ciphers Overview Block Ciphers Feistel Ciphers

06-20008 Cryptography The University of Birmingham Autumn Semester 2012 School of Computer Science Eike Ritter 2 October, 2012 Handout 2 Summary of this handout: Symmetric Ciphers Overview Block Ciphers Feistel Ciphers DES II.

588 views • 10 slides
B) Symmetric Ciphers B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers 2 B.a)

B) Symmetric Ciphers B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers 2 B.a)

1 B) Symmetric Ciphers B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers 2 B.a) Fundamentals 3 B.1 Definition A mapping Enc: P K C for which k := Enc( ,k): P C is bijective for each k K is called an

1.1k views • 32 slides
Cryptanalysis of the counter mode of operation Ferdinand Sibleyras joint work with Gatan

Cryptanalysis of the counter mode of operation Ferdinand Sibleyras joint work with Gatan

Introduction The counter mode Missing difference problem Cryptanalysis Conclusion Cryptanalysis of the counter mode of operation Ferdinand Sibleyras joint work with Gatan Leurent Inria, quipe SECRET April 10, 2018 1 / 29 Introduction

975 views • 74 slides
Using SEED Cipher Algorithm with SRTP Seokung Yoon (KISA) Goal / Motivation Goal : The SEED

Using SEED Cipher Algorithm with SRTP Seokung Yoon (KISA) Goal / Motivation Goal : The SEED

Using SEED Cipher Algorithm with SRTP Seokung Yoon (KISA) Goal / Motivation Goal : The SEED cipher algorithm would be the default cipher together with AES in SRTP Motivation In Korea, many companies provide VoIP service and we

294 views • 6 slides
B.b) Block Ciphers 2 B.24 Definition An encryption algorithm Enc: {0,1} n K {0,1} n

B.b) Block Ciphers 2 B.24 Definition An encryption algorithm Enc: {0,1} n K {0,1} n

1 B.b) Block Ciphers 2 B.24 Definition An encryption algorithm Enc: {0,1} n K {0,1} n is called a block cipher . The positive integer n denotes the block size ( block length ). 3 B.25 Remark and Convention The encryption

709 views • 67 slides
Encrypting/Decrypting, cont CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman,

Encrypting/Decrypting, cont CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman,

Encrypting/Decrypting, cont CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman, Mobin Javed, Antonio Lupher, Paul Pearce & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ March 14, 2013 Announcements / Goals For

459 views • 9 slides
The RC6 Block Cipher: A simple f ast secure AES proposal Ronald L. Rivest MI T Mat t

The RC6 Block Cipher: A simple f ast secure AES proposal Ronald L. Rivest MI T Mat t

The RC6 Block Cipher: A simple f ast secure AES proposal Ronald L. Rivest MI T Mat t Robshaw RSA Labs Ray Sidney RSA Labs Yiqun Lisa Yin RSA Labs (August 21, 1998) Out line N Design Philosophy N Descr ipt ion of

421 views • 19 slides
Types of Cache Misses Cold (compulsory) miss Occurs on

Types of Cache Misses Cold (compulsory) miss Occurs on

University of Washington University of Washington Types of Cache Misses Cold (compulsory) miss Occurs on very first access to a block The

512 views • 7 slides
CS 423 Operating System Design: Far too much information about interrupts Professor Adam

CS 423 Operating System Design: Far too much information about interrupts Professor Adam

CS 423 Operating System Design: Far too much information about interrupts Professor Adam Bates Fall 2018 CS423: Operating Systems Design Goals for Today Learning Objectives: Understand the role and types of of Interrupts

628 views • 43 slides
CPSC 213 Concurrent Programming with Threads disk reads as motivation (huge disk/CPU speed

CPSC 213 Concurrent Programming with Threads disk reads as motivation (huge disk/CPU speed

Reading The Virtual Processor Illusion of Synchrony Text Originated with Edsger Dijkstra in the THE Operating System Multiple things co-existing on the same physical CPU in The Structure of the THE Multiprogramming System,

416 views • 3 slides

More recommend