WHIRLBOB, the Whirlpool based Variant of STRIBOB Lighter, Faster, - - PowerPoint PPT Presentation

▶

Aug 14, 2022 131 likes •419 views

WHIRLBOB, the Whirlpool based Variant of STRIBOB Lighter, Faster, and Constant Time MarkkuJuhani O. Saarinen 1 B. B. Brumley 2 1 ECIT, Queens University Belfast, UK m.saarinen@qub.ac.uk 2 Tampere University of Technology, Finland

SLIDE 1

WHIRLBOB, the Whirlpool based Variant of STRIBOB

Lighter, Faster, and Constant Time Markku–Juhani O. Saarinen1

B. B. Brumley2

1ECIT, Queen’s University Belfast, UK

m.saarinen@qub.ac.uk

2Tampere University of Technology, Finland

billy.brumley@tut.fi

NordSec 2015, Stockholm 20 Oct 2015

1 / 28

SLIDE 2

Part I CAESAR and WHIRLBOB

2 / 28

SLIDE 3

CAESAR competition

3 / 28

SLIDE 4

CAESAR round 1

4 / 28

SLIDE 5

CAESAR round 2

5 / 28

SLIDE 6

CAESAR candidate: WHIRLBOB

6 / 28

SLIDE 7

WHIRLBOB: sponge design

7 / 28

SLIDE 8

WHIRLBOB: LPS design

8 / 28

SLIDE 9

Part II BLNK mode

9 / 28

SLIDE 10

BLNK and sponge state

10 / 28

SLIDE 11

BLNK operations

11 / 28

SLIDE 12

BLNK pseudocode

12 / 28

SLIDE 13

BLNK constants

13 / 28

SLIDE 14

BLNK and AEAD

14 / 28

SLIDE 15

Part III Permutation π

15 / 28

SLIDE 16

S: SubBytes

16 / 28

SLIDE 17

P: ShiftColumns

17 / 28

SLIDE 18

L: MixRows

18 / 28

SLIDE 19

AddRoundKey

19 / 28

SLIDE 20

Part IV Implementation and performance

20 / 28

SLIDE 21

Optimizing SubBytes: decomposition

21 / 28

SLIDE 22

Optimizing SubBytes: SIMD variable vector shuffles

22 / 28

SLIDE 23

Optimizing MixRows: SIMD across rows

23 / 28

SLIDE 24

Software performance

24 / 28

SLIDE 25

Performance compared

25 / 28

SLIDE 26

Hardware and demo

26 / 28

SLIDE 27

Part V Conclusion and future work

27 / 28

SLIDE 28

Conclusion

◮ STRIBOB/WHIRLBOB is an elegant CAESAR round 2

candidate

◮ Borrows from analyzed, exisiting components ◮ Round 3 in March

Future work

◮ Implement CAESAR HW API ◮ Better optimization of linear layer

28 / 28