aegis
play

AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu - PowerPoint PPT Presentation

May 19, 2023 •332 likes •524 views

AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu Bart Preneel Nanyang Technological University KU Leuven and iMinds DIAC 2016 AEGIS 1 AEGIS: A shield carried by Athena and Zeus DIAC 2016 AEGIS 2 Different Design

  1. AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu Bart Preneel Nanyang Technological University KU Leuven and iMinds DIAC 2016 AEGIS 1

  2. AEGIS: A shield carried by Athena and Zeus DIAC 2016 AEGIS 2

  3. Different Design Approaches: AES-NI ( AEGIS ) Fast SIMD (MORUS) Mode (JAMBU) Lightweight Dedicated (ACORN) DIAC 2016 AEGIS 3

  4. No tweak for the second and third rounds DIAC 2016 AEGIS 4

  5. AEGIS: Main features • Simple • Fast – AEGIS-128L is 0.25 clock cycles/byte on Intel Skylake (long messages) • Fully use the pipeline of AES-NI • Nonce is used only once DIAC 2016 AEGIS 5

  6. AEGIS • AEGIS-128L – 128-bit key, 1024-bit state • AEGIS-128 – 128-bit key, 640-bit state • AEGIS-256 – 256-bit key, 768-bit state • Tag: 128-bit DIAC 2016 AEGIS 6

  7. AEGIS: Properties • Properties – Parallelizable: locally – No security reduction but easy to analyze – Not resistant to nonce reuse – Performance: size/speed tradeoff DIAC 2016 AEGIS 7

  8. 0 AEGIS K AES (10R) • Design Rationale – Inspiration: Pelican MAC x 1 • [Daemen- Rijmen’05] AES • 128-bit secret state (4R) • easy to analyze x 2 • secure up to birthday bound AES • 2.5 times faster than AES (4R) – Our design: Save the state after K each AES round , then construct AES (10R) stream cipher from MAC 8 DIAC 2016 AEGIS 8

  9. AEGIS • Design Rationale (2) – Parallel AES round functions in each step so as to fill the AES instruction pipeline – AEGIS-128L can make full use of the AES instruction pipeline of Intel Haswell and Skylake processors DIAC 2016 AEGIS 9

  10. AEGIS-128 K IV S 1 S 2 S 3 S 4 S 0 x i K IV AES (1R) AES (1R) AES (1R) AES (1R) AES (1R) AEGIS (10R) x 1 AEGIS (1R) x 2 AEGIS (1R)  larger state: 5 x 128 bits length  but simpler operation: 1 AES round AEGIS  still easy to analyze (7R) DIAC 2016 AEGIS 10 tag

  11. AEGIS: Security • Authentication – a difference in ciphertext passes through at least 4 AES rounds • stronger than Pelican MAC (4 AES rounds) since difference being distributed to at least 4 words • Encryption – AEGIS encryption is a stream cipher with nonlinear state update function • differential and linear analysis is precluded DIAC 2016 AEGIS 11

  12. AEGIS: Security Randomness of keystream • Recent results (Minaud, SAC 2014) – AEGIS-128 • 2 130+ keystream bits for distinguishing – AEGIS-256 • 2 180+ keystream bits for distinguishing DIAC 2016 AEGIS 12

  13. Performance • Speed on Intel Skylake processor Core i5-6600 (Supercop-2016-08-06) No associated data. DIAC 2016 AEGIS 13

  14. Performance • Compare to the performance of Tiaoxin – Tiaoxin extends AEGIS to larger state with more complicated state update function • state size of Tiaoxin: 1664 bits (60% more) • state size of AEGIS-128L: 1024 bits – Larger state size in stream cipher design normally leads to faster speed – Long message (on Skylake, Supercop-2016-08-06) • Tiaoxin: encryption 0.21 cpb; decryption 0.34 cpb • AEGIS-128L: encryption 0.25 cpb; decryption 0.25 cpb – 1536-byte message (on Skylake, Supercop-2016-08-06) • Tiaoxin: encryption 0.36 cpb; decryption 0.48 cpb • AEGIS-128L: encryption 0.34 cpb; decryption 0.37 cpb DIAC 2016 AEGIS 14

  15. Performance • Hardware – FPGA implementation of AEGIS-128L (Tao Huang) • For throughput optimized: 78.3 Gbps, 2424 slices – 65 nm ASIC implementation of AEGIS-128 (Debjyoti Bhattacharjee, Anupam Chattopadhyay, DIAC 2015) • For throughput optimized: 121 Gbps, 173 KGE • For Low area optimized: 1.32 Gbps, 18.72 KGE • We expect that AEGIS-128L is about twice as fast as AEGIS-128 on ASIC, with larger area (60% more) DIAC 2016 AEGIS 15

  16. Discussions • We restrict the disclosure of plaintext when authentication failed. What would happen if the attacker knows the decrypted plaintext when authentication fails ? – For AEGIS, the secret key remains strong, so there is little compromise of encryption security (since the attacker can access the decrypted plaintext, the encryption security of a single message is not a concern here) DIAC 2016 AEGIS 16

  17. Discussions • We restrict the disclosure of plaintext when authentication failed. What would happen if the attacker knows the decrypted plaintext when authentication fails ? – If the communication protocol terminates/restarts when authentication fails, then there is no compromise of authentication security DIAC 2016 AEGIS 17

  18. Conclusions • Simple design • Fast – Software: targeting platforms with AES-NI – Also fast in hardware • Strong in security DIAC 2016 AEGIS 18

Recommend

Science Achievements of the DEEP2 & AEGIS surveys by Koo, Faber, and the DEEP & AEGIS

Science Achievements of the DEEP2 & AEGIS surveys by Koo, Faber, and the DEEP & AEGIS

Science Achievements of the DEEP2 & AEGIS surveys by Koo, Faber, and the DEEP & AEGIS Teams Supported by CARA, UCO/Lick Observatory, the National Science Foundation, and NASA DEEP2 basics Officially finished: 53,000 spectra

505 views • 31 slides
AEGIS Academic and Educational Grid Initiative of Serbia http://www.aegis.rs/ Antun Balaz

AEGIS Academic and Educational Grid Initiative of Serbia http://www.aegis.rs/ Antun Balaz

AEGIS Academic and Educational Grid Initiative of Serbia http://www.aegis.rs/ Antun Balaz (NGI_AEGIS Technical Manager) Dusan Vudragovic (NGI_AEGIS Deputy Manager) SCL, Institute of Physics Belgrade EGI-InSPIRE SA1 Kickoff Meeting 1

506 views • 15 slides
AEgIS experiment: a summary of the run and a first glimpse of the data DAMARA SAC Meeting

AEgIS experiment: a summary of the run and a first glimpse of the data DAMARA SAC Meeting

AEgIS experiment: a summary of the run and a first glimpse of the data DAMARA SAC Meeting Angela Gligorova, Nicola Pacifico 23.08.2012, IFT, University of Bergen Outline Overview of the Aegis apparatus for the May-June 2012 run

738 views • 24 slides
The AEgIS Experiment Measuring the Gravitational Interaction of Antimatter Andreas Knecht / CERN

The AEgIS Experiment Measuring the Gravitational Interaction of Antimatter Andreas Knecht / CERN

The AEgIS Experiment Measuring the Gravitational Interaction of Antimatter Andreas Knecht / CERN on behalf of the AEgIS collaboration LEAP 2013, 10/6/2013 AEgIS Collaboration University of Oslo and University CERN, Switzerland of Bergen,

1.35k views • 35 slides
GRAVITY AND ANTIMATTER: THE AEGIS EXPERIMENT AT CERN DAVIDE PAGANO UNIVERSIT DEGLI STUDI DI

GRAVITY AND ANTIMATTER: THE AEGIS EXPERIMENT AT CERN DAVIDE PAGANO UNIVERSIT DEGLI STUDI DI

GRAVITY AND ANTIMATTER: THE AEGIS EXPERIMENT AT CERN DAVIDE PAGANO UNIVERSIT DEGLI STUDI DI BRESCIA & INFN PAVIA on behalf of the AEgIS collaboration TAUP 2017 - XV International Conference on Topics in Astroparticle and Underground

338 views • 15 slides
Linear Biases in AEGIS Keystream Brice Minaud ANSSI, France SAC August 15, 2014 Plan 1

Linear Biases in AEGIS Keystream Brice Minaud ANSSI, France SAC August 15, 2014 Plan 1

Linear Biases in AEGIS Keystream Brice Minaud ANSSI, France SAC August 15, 2014 Plan 1 Blockwise Stream Ciphers 2 Presentation of AEGIS 3 Linear Biases in AEGIS 1/22 Blockwise Stream Ciphers 2/22 Authenticated Encryption Schemes C

1.07k views • 39 slides
AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu, Bart Preneel Nanyang Technological

AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu, Bart Preneel Nanyang Technological

AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu, Bart Preneel Nanyang Technological University, Katholieke Universiteit Leuven Presented at DIAC 1 Classification of Authenticated Encryption AEGIS Design rationale

635 views • 19 slides
RC South, Task Force Aegis I n t e g r i t y - S e r v i c e - E x c e l l e n c e Qalat

RC South, Task Force Aegis I n t e g r i t y - S e r v i c e - E x c e l l e n c e Qalat

RC South, Task Force Aegis I n t e g r i t y - S e r v i c e - E x c e l l e n c e Qalat Provincial Reconstruction Team Capt Rockie Wilson Civil Affairs CAT-E (Engineer) Team Leader, Qalat PRT Training - Mission 5-week Combat Skills

961 views • 29 slides
Philip Harrison, Khangelani Moyo & Yan Yang Introduction Within the broad aegis of de

Philip Harrison, Khangelani Moyo & Yan Yang Introduction Within the broad aegis of de

Strategy and Tactics: Chinese Immigrants and Diasporic Spaces in Johannesburg, South Africa Philip Harrison, Khangelani Moyo & Yan Yang Introduction Within the broad aegis of de Certeaus work, we engage the historical and

935 views • 56 slides
Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random

Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random

Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions G. Edward Suh, Charles W. ODonnell, Ishan Sachdev, and Srinivas Devadas Massachusetts Institute of Technology 1 New Security Challenges

356 views • 31 slides
AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing G. Edward Suh, Dwaine

AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing G. Edward Suh, Dwaine

AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, Srinivas Devadas Massachusetts Institute of Technology L C S Cases for Physical Security Applications

519 views • 23 slides
AEGIS : An Automated Permission Generation and Verification System for SDNs ACM SIGCOMM 2018

AEGIS : An Automated Permission Generation and Verification System for SDNs ACM SIGCOMM 2018

AEGIS : An Automated Permission Generation and Verification System for SDNs ACM SIGCOMM 2018 Workshop on SecSoN Heedo Kang, Seungwon Shin, Vinod Yegneswaran*, Shalini Ghosh*, Phillip Porras* KAIST, SRI International* Contents 1. B Background

585 views • 29 slides
AEGI S AEGI S A European framework for task-sharing in PGR conservation Jan Engels AEGIS

AEGI S AEGI S A European framework for task-sharing in PGR conservation Jan Engels AEGIS

AEGI S AEGI S A European framework for task-sharing in PGR conservation Jan Engels AEGIS Coordinator SEEDNet workshop on PGR international policy and legislation 24-25 October, 2007 Banjaluka, Republika Srpska Content of presentation

246 views • 21 slides
MAURITIUS Your Strategic Partner The Economic Development Board , operates under the aegis of the

MAURITIUS Your Strategic Partner The Economic Development Board , operates under the aegis of the

MAURITIUS Your Strategic Partner The Economic Development Board , operates under the aegis of the Prime Ministers Office Strategic Economic Planning Trade & Business Mandate Investment Facilitation Promotion Country Branding

224 views • 19 slides
Recent Highlights from the DEEP & AEGIS Surveys David C. Koo & DEEP Team UCO/Lick

Recent Highlights from the DEEP & AEGIS Surveys David C. Koo & DEEP Team UCO/Lick

Recent Highlights from the DEEP & AEGIS Surveys David C. Koo & DEEP Team UCO/Lick Observatory University of California, Santa Cruz 28 Aug 2007 A Century of Cosmology, Venice, Italy DEIMOS KECK Outline 1) Whats DEEP? Why useful

464 views • 25 slides
The Navy Modernization Program: Estimating the Cost of Upgrading AEGIS Guided Missile Cruisers

The Navy Modernization Program: Estimating the Cost of Upgrading AEGIS Guided Missile Cruisers

The Navy Modernization Program: Estimating the Cost of Upgrading AEGIS Guided Missile Cruisers Jeremy Goucher, Herren Associates Krystian Jenkins, Naval Surface Warfare Center 11 June 2015 1 Agenda Background Induction Phase

352 views • 18 slides
ON THE FRINGE PRESENTED BY: AEGIS Risk Management Services Belinda Scott Managing Director

ON THE FRINGE PRESENTED BY: AEGIS Risk Management Services Belinda Scott Managing Director

WORKERS COMPENSATION: ON THE FRINGE PRESENTED BY: AEGIS Risk Management Services Belinda Scott Managing Director BJS Insurance Brokers Pty Ltd Seminar Format Committed to getting you out on time Save questions for the panel

843 views • 57 slides
Validating a Simulex Model Brian Thompson, P.E. AEGIS Engineering Considerations Evacuation

Validating a Simulex Model Brian Thompson, P.E. AEGIS Engineering Considerations Evacuation

Validating a Simulex Model Brian Thompson, P.E. AEGIS Engineering Considerations Evacuation conditions Validation of software Simulex algorithm Selection of occupants Construction of geometry In practice 2 Evacuation

622 views • 59 slides
LTM SURVEY A peer based study commissioned by Aegis Identity Software, Inc. to identify key

LTM SURVEY A peer based study commissioned by Aegis Identity Software, Inc. to identify key

LTM SURVEY A peer based study commissioned by Aegis Identity Software, Inc. to identify key issues regarding the management of identities in HE institutions . . . STUDY PURPOSE Gather peer based information to assess Key Drivers & Issues

371 views • 12 slides
AERO 4907 SPACE DESIGN PROJECT Tarik Kaya tkaya@mae.carleton.ca Office: 3144ME ; Phone: 5692

AERO 4907 SPACE DESIGN PROJECT Tarik Kaya tkaya@mae.carleton.ca Office: 3144ME ; Phone: 5692

AERO 4907 SPACE DESIGN PROJECT Tarik Kaya tkaya@mae.carleton.ca Office: 3144ME ; Phone: 5692 Carleton University Department of Mechanical and Aerospace Engineering 2010 2004-05 & 2005-06 PROJECT AEGIS AEGIS (Air-launched

220 views • 11 slides
Deflection of Secondary Beamline for AEgIS Collaboration Gerard Lawler Boston University CERN

Deflection of Secondary Beamline for AEgIS Collaboration Gerard Lawler Boston University CERN

Beamline Deflection of Secondary Beamline for AEgIS Collaboration Gerard Lawler Boston University CERN glawler@bu.edu May 11, 2015 Gerard Lawler Deflection of Secondary Beamline Einzel lens Beamline Subsection Example Overview Go over

248 views • 12 slides
Abstract Book 37th World Congress on Military Medicine H Ho on no or ra ar ry y C Ch ha

Abstract Book 37th World Congress on Military Medicine H Ho on no or ra ar ry y C Ch ha

REPUBLIC OF TUNISIA Under the High Patronage of His Excellency Mister Zine El Abidine BEN ALI President of the Republic of Tunisia Supreme Chief of the Armed Forces And under the aegis of the International Committee of Military Medecine 37th

341 views • 3 slides
LC/MS/MS and GC/MS Applications in Testing Illicit Substances Substances Dr. Darcie Wallace

LC/MS/MS and GC/MS Applications in Testing Illicit Substances Substances Dr. Darcie Wallace

LC/MS/MS and GC/MS Applications in Testing Illicit Substances Substances Dr. Darcie Wallace Duckworth Assistant Director of Training Aegis Sciences Corporation March 17, 2009 What is forensic toxicology? ABFT defines as the study and

459 views • 44 slides
The OIL Group of Companies www.oil.bm www.ocil.bm Tools for Risk Transfer Presentation to

The OIL Group of Companies www.oil.bm www.ocil.bm Tools for Risk Transfer Presentation to

The OIL Group of Companies www.oil.bm www.ocil.bm Tools for Risk Transfer Presentation to University of Houston April 5, 2012 The Evolution of Energy Mutuals TOPS 1993-99 sEnergy OIL 2002-2011 1972 Traditional AEGIS OCIL

591 views • 58 slides

More recommend