Atomic-AES . A Compact Implementation of the AES - PowerPoint PPT Presentation

. Atomic-AES . A Compact Implementation of the AES Encryption/Decryption Core . by . Subhadeep Banik . Sep 30, 2016 Joint work with Andrey Bogdanov, Francesco Regazzoni Asian Symmetric Key Workshop, Nagoya, 2016

. Introduction . 1/73 . . Introduction

. Introduction Grain of Sand ( Feldhofer et al. IEEE IS 05 ): 3400 GE, 1032/1165 cycles. Based on the Moradi circuit: 2645 GE: ENC/DEC latency: 226 cycles. Description of structure, datapath and functioning. One of the smallest at 2400 GE. Encrypt only. Many modes like CBC, ELmD, COPA need ENC+DEC access. ENC+DEC ? 2/73 . Introduction . Description of structure, datapath and functioning. • Good Morning to all !!! • Compact Implementation of AES ENC/DEC Circuit. Why • Serial AES Circuit by Moradi et al. [Eurocrypt 11] • Atomic-AES : Both Encrypt and Decrypt supported.

. Serial Implementation . 3/73 . . SerialImplementation

. 4/73 Forward S-box: 200GE approx: Hence 4000 GE for S-boxes alone!! Serial vs Round based AES Encryption ckt: 8000 GE. . Serial Implementation . SReg RF Plaintext Ciphertext Key KReg KS • One round computed per clock cycle: No resource sharing. • AES → 20 S-boxes per round !! • Smallest: Canright [CHES 04], Boyar-Peralta [JOC 11]

. Serial vs Round based . Serial Implementation . 5/73 Tradeoffs Substitution layer for 8-bytes of state can be computed in one cycle. Needs atleast 20*10=200 cycles for one encryption. • Imagine AES circuit with only 8 S-box circuits. • Atleast 3 cycles to do Substitution layer of one round. Atleast 3*10=30 cycles for one encryption → more latency. • Most compact circuit: One S-box.

. 8-bit serial AES circuit (Moradi et al Eurocrypt 11) . 6/73 . . 8-bitserialAEScircuit (MoradietalEurocrypt11)

. Moradi et al Eurocrypt 11 . 8-bit serial AES circuit (Moradi et al Eurocrypt 11) . 7/73 Circuit Description • 16 banks of byte size registers ‘00’ to ‘33’ for the state. • Similar arrangenment for the key.

. Moradi et al Eurocrypt 11 . 8-bit serial AES circuit (Moradi et al Eurocrypt 11) . 8/73 Circuit Description • Each byte sized state register takes two inputs. • One for serial loading and unloading, second for Shiftrow.

. Moradi et al Eurocrypt 11 . 8-bit serial AES circuit (Moradi et al Eurocrypt 11) . 9/73 Circuit Description • The connections in key register helps to do keyschedule. • Two data movements: horizontal and vertical.

. Moradi et al Eurocrypt 11 . 8-bit serial AES circuit (Moradi et al Eurocrypt 11) . 10/73 Circuit Description • Scan flip-flops for each register: 6 GE. • D Flip-flop + Mux takes 7.33 GE: save 1.33 GE per bit.

. Moradi et al Eurocrypt 11 . 8-bit serial AES circuit (Moradi et al Eurocrypt 11) . 11/73 Circuit Description • Only one S-box and one 8-bit xor for ARK (not shown). • S-box uses Canright architecture.

. Moradi et al Eurocrypt 11 . 8-bit serial AES circuit (Moradi et al Eurocrypt 11) . 12/73 Circuit Description • Mixcolumn implemented as logic block in { 0 , 1 } 32 → { 0 , 1 } 32 . • Takes 4 cycles to compute over the state.

. Moradi et al Eurocrypt 11 . 8-bit serial AES circuit (Moradi et al Eurocrypt 11) . 13/73 Circuit Description • 32 bit Mux after Mixcolumn for 10th round bypass. • 8 bit Mux before S-box to choose between state, key.

. Moradi et al Eurocrypt 11 . 8-bit serial AES circuit (Moradi et al Eurocrypt 11) . 14/73 Circuit Description • Round is computed in 21 cycles, encryption in 226 cycles. • Special 21 cycle LFSR generates all control signals.

. u u u u u u u u u u u u u u u u u Data flow u u u u u u u u u u u u u b u b u u u b u b b u u u u u u b u u u u u . u u u u u u u u u 8-bit serial AES circuit (Moradi et al Eurocrypt 11) u u u u . 15/73 b u u u u u u u u u u u u u u u u u u u u u b Round 0, Cycle 5 SELXOR State OUT RoundKey 8 SB IN MIX COLUMN MC IN 32 32 SB OUT K 0 S 0 RC SEL RC KEY K 0 RoundKey SB IN S 0 = S ( P 0 + K 0 ) SBOX State OUT P 0 SB OUT TEXT ENC OUT

. u u u u u u u u u u u u u u u u Data flow u u u u u u u u u u u u u u b u b u u u b u b b u u u u u u b u u u u u u u u u u u u u u u u u b b 16/73 . 8-bit serial AES circuit (Moradi et al Eurocrypt 11) . u u u u u u u u u u u u u u u u u u u u u u Round 0, Cycle 6 SELXOR State OUT RoundKey 8 SB IN MIX COLUMN MC IN 32 32 SB OUT S 0 K 0 K 1 S 1 RC SEL RC KEY K 1 RoundKey SB IN S 1 = S ( P 1 + K 1 ) SBOX State OUT P 1 SB OUT TEXT ENC OUT

. u u u u u u u u u u u u u u u Data flow u u u u u u u u u u u u u u u b u b u u u b u b b u u u u u u b u u u u u u u u u u u u u u u u u b b 17/73 . 8-bit serial AES circuit (Moradi et al Eurocrypt 11) . u u u u u u u u u u u u u u u u u u u u u u Round 0, Cycle 7 SELXOR State OUT RoundKey 8 SB IN MIX COLUMN MC IN 32 32 SB OUT S 0 S 1 K 0 K 1 K 2 S 2 RC SEL RC KEY K 2 RoundKey SB IN S 2 = S ( P 2 + K 2 ) SBOX State OUT P 2 SB OUT TEXT ENC OUT

. u u u u u u u u u u u u u u Data flow u u u u u u u u u u u u u u u u b u b u u u b u b b u u u u u u b u u u u u u u u u u u u u u u u u b b 18/73 . 8-bit serial AES circuit (Moradi et al Eurocrypt 11) . u u u u u u u u u u u u u u u u u u u u u u Round 0, Cycle 8 SELXOR State OUT RoundKey 8 SB IN MIX COLUMN MC IN 32 32 SB OUT S 0 S 1 S 2 K 0 K 1 K 2 K 3 S 3 RC SEL RC KEY K 3 RoundKey SB IN S 3 = S ( P 3 + K 3 ) SBOX State OUT P 3 SB OUT TEXT ENC OUT

. u u u u u u u u u u u u u Data flow u u u u u u u u u u u u u u u u u b u b u u u b u b b u u u u u u b u u u u u u u u u u b u u u u u u u b . 8-bit serial AES circuit (Moradi et al Eurocrypt 11) . 19/73 u u u u u u u u u u u u u u u u u u u u u u Round 0, Cycle 9 SELXOR State OUT RoundKey 8 SB IN MIX COLUMN MC IN 32 32 SB OUT S 0 S 1 S 2 S 3 K 0 K 1 K 2 K 3 K 4 S 4 RC SEL RC KEY K 4 RoundKey SB IN S 4 = S ( P 4 + K 4 ) SBOX State OUT P 4 SB OUT TEXT ENC OUT

. u u u u u u u u u u u Data flow u u u u u u u u u u u u u u u u u u u b u b u u u b u b b u u u u u u b u u u u u u u u u u u u u u u u . 8-bit serial AES circuit (Moradi et al Eurocrypt 11) . 20/73 u b b u u u u u u u u u u u u u u u u u u u u u u Round 0, Cycle 10 SELXOR State OUT RoundKey 8 SB IN MIX COLUMN MC IN 32 32 S 0 K 0 SB OUT S 1 S 2 S 3 S 4 K 1 K 2 K 3 K 4 K 5 S 5 RC SEL RC KEY K 5 RoundKey SB IN S 5 = S ( P 5 + K 5 ) SBOX State OUT P 5 SB OUT TEXT ENC OUT

. Data flow u u u u u u u u u u u u u u u u u u u u u u u u u u u u u u b u b u u u b u b b u u u u u u b u u u u u u u u u u u u u . u u u u 8-bit serial AES circuit (Moradi et al Eurocrypt 11) . u 21/73 b u u u u u u u u u u u u u u u u u u u u u b Round 0, Cycle 11 SELXOR State OUT RoundKey 8 SB IN MIX COLUMN MC IN 32 32 S 0 S 1 K 0 K 1 SB OUT S 2 S 3 S 4 S 5 K 2 K 3 K 4 K 5 K 6 S 6 RC SEL RC KEY K 6 RoundKey SB IN S 6 = S ( P 6 + K 6 ) SBOX State OUT P 6 SB OUT TEXT ENC OUT

. u u u u u u u u u u Data flow u u u u u u u u u u u u u u u u u u u u b u b u u u b u b b u u u u u u b u u u u u u u b u u u u u . u u u u 8-bit serial AES circuit (Moradi et al Eurocrypt 11) . u 22/73 b u u u u u u u u u u u u u u u u u u u u u u Round 0, Cycle 12 SELXOR State OUT RoundKey 8 SB IN MIX COLUMN MC IN 32 32 S 0 S 1 S 2 K 0 K 1 K 2 SB OUT S 3 S 4 S 5 S 6 K 3 K 4 K 5 K 6 K 7 S 7 RC SEL RC KEY K 7 RoundKey SB IN S 7 = S ( P 7 + K 7 ) SBOX State OUT P 7 SB OUT TEXT ENC OUT

. u u u u u u u u u Data flow u u u u u u u u u u u u u u u u u u u u u b u b u u u b u b b u u u u u u b u u u u u u u u u u u u u u u u u . u b 8-bit serial AES circuit (Moradi et al Eurocrypt 11) . 23/73 u u u u u u u u u u u u u u b u u u u u u u Round 0, Cycle 13 SELXOR State OUT RoundKey 8 SB IN MIX COLUMN MC IN 32 32 S 0 S 1 S 2 S 3 K 0 K 1 K 2 K 3 SB OUT S 4 S 5 S 6 S 7 K 4 K 5 K 6 K 7 K 8 S 8 RC SEL RC KEY K 8 RoundKey SB IN S 8 = S ( P 8 + K 8 ) SBOX State OUT P 8 SB OUT TEXT ENC OUT

. u u u u u u u u Data flow u u u u u u u u u u u u u u u u u u u u u u b u b u u u b u b b u u u u u u b u u u u u . u u u u u u u 8-bit serial AES circuit (Moradi et al Eurocrypt 11) u u u u . 24/73 b b u u u u u u u u u u u u u u u u u u u u u u u Round 0, Cycle 14 SELXOR State OUT RoundKey 8 SB IN S 0 K 0 MIX COLUMN MC IN 32 32 S 1 S 2 S 3 S 4 K 1 K 2 K 3 K 4 SB OUT S 5 S 6 S 7 S 8 K 5 K 6 K 7 K 8 K 9 S 9 RC SEL RC KEY K 9 RoundKey SB IN S 9 = S ( P 9 + K 9 ) SBOX State OUT P 9 SB OUT TEXT ENC OUT

Atomic-AES . A Compact Implementation of the AES - PowerPoint PPT Presentation

. Atomic-AES . A Compact Implementation of the AES Encryption/Decryption Core . by . Subhadeep Banik . Sep 30, 2016 Joint work with Andrey Bogdanov, Francesco Regazzoni Asian Symmetric Key Workshop, Nagoya, 2016 . Introduction . 1/73

Efficiency of equilibria Non-atomic routing games Non-atomic routing games Definition:

DK - Batteridrevet vakuum lfter AL-Atomic 500 D - Batteriebetrieber Vakuumheber AL-Atomic 500

C 6. 7. 6 8. 2-4 9. Atomic Mass Numbers will be rounded to the

Atomic page flip and mode setting Hardware structure and abstraction Atomic page flip The

Development of the Atomic Model 6 Major Contributors to the Atomic Model Theory 1. The Greeks

Development of the Atomic Model 6 Major Contributors to the Atomic Model Theory 1. The Greeks

Cesium By Olivia H., P.10 Cesium Atomic Symbol: Cs State at room temperature: solid Atomic

ATOMIC STRUCTURE Medicine Energy Chemistry The nature of the chemical bond Nuclear

Atomic Workstation Kalev Lember, Red Hat desktop team DevConf.cz 2018 What is Fedora Atomic

Atomic dif Atomic diffusion and lithium usion and lithium pr processing in ocessing in old

Abstract nested transactions Tim Harris (MSR Cambridge) Sran Stipi (BSC) Atomic blocks and

Unit 1 Atomic Structure and Nuclear Chemistry Introduction to the atom Modern Atomic Theory

As Atomic Number Atomic number Atomic mass Symbol & Name Ad slogan Cost

The Atomic Simulation Environment Ask Hjorth Larsen and the ASE development team Abinit

Atomic clocks and frequency transfer Helen Margolis Winter College on Optics ICTP, Trieste,

Atomic Modesetting for Drivers Daniel Vetter, Intel OTC 1 Anatomy of an Atomic Modeset 1. Build

Atomic Structure Neutrons: neutral Protons: positive charge (1.6x10 -19 C, 1.67x10 -27 kg)

Atomic Transactions The Transaction Model / Primitives Serializability Implementation

C++11 atomics for G4atomic Jonathan R. Madsen Texas A&M University What is an atomic? We

Bhabha Atomic Research Centre, Mumbai, India Rajdeep Bhabha Atomic Research Centre, Mumbai,

Application of atomic data to quantitative analysis of tungsten spectra on EAST tokamak L. Zhang

Introduction to Nanomaterials and Nanotechnology Lecture 3 - Atomic Structure and Bonding 1

Atomic Physics Accelerator Facility at Darmstadt, Warsaw, November 24, 2003 Atomic Physics at

Atomic Layer Deposition Atomic Layer Deposition (ALD) Erwin Kessels w.m.m.kessels@tue.nl

Atomic-AES . A Compact Implementation of the AES - PowerPoint PPT Presentation

. Atomic-AES . A Compact Implementation of the AES Encryption/Decryption Core . by . Subhadeep Banik . Sep 30, 2016 Joint work with Andrey Bogdanov, Francesco Regazzoni Asian Symmetric Key Workshop, Nagoya, 2016 . Introduction . 1/73

Efficiency of equilibria Non-atomic routing games Non-atomic routing games Definition:

DK - Batteridrevet vakuum lfter AL-Atomic 500 D - Batteriebetrieber Vakuumheber AL-Atomic 500

C 6. 7. 6 8. 2-4 9. Atomic Mass Numbers will be rounded to the

Atomic page flip and mode setting Hardware structure and abstraction Atomic page flip The

Development of the Atomic Model 6 Major Contributors to the Atomic Model Theory 1. The Greeks

Development of the Atomic Model 6 Major Contributors to the Atomic Model Theory 1. The Greeks

Cesium By Olivia H., P.10 Cesium Atomic Symbol: Cs State at room temperature: solid Atomic

ATOMIC STRUCTURE Medicine Energy Chemistry The nature of the chemical bond Nuclear

Atomic Workstation Kalev Lember, Red Hat desktop team DevConf.cz 2018 What is Fedora Atomic

Atomic dif Atomic diffusion and lithium usion and lithium pr processing in ocessing in old

Abstract nested transactions Tim Harris (MSR Cambridge) Sran Stipi (BSC) Atomic blocks and

Unit 1 Atomic Structure and Nuclear Chemistry Introduction to the atom Modern Atomic Theory

As Atomic Number Atomic number Atomic mass Symbol &amp; Name Ad slogan Cost

The Atomic Simulation Environment Ask Hjorth Larsen and the ASE development team Abinit

Atomic clocks and frequency transfer Helen Margolis Winter College on Optics ICTP, Trieste,

Atomic Modesetting for Drivers Daniel Vetter, Intel OTC 1 Anatomy of an Atomic Modeset 1. Build

Atomic Structure Neutrons: neutral Protons: positive charge (1.6x10 -19 C, 1.67x10 -27 kg)

Atomic Transactions The Transaction Model / Primitives Serializability Implementation

C++11 atomics for G4atomic Jonathan R. Madsen Texas A&amp;M University What is an atomic? We

Bhabha Atomic Research Centre, Mumbai, India Rajdeep Bhabha Atomic Research Centre, Mumbai,

Application of atomic data to quantitative analysis of tungsten spectra on EAST tokamak L. Zhang

Introduction to Nanomaterials and Nanotechnology Lecture 3 - Atomic Structure and Bonding 1

Atomic Physics Accelerator Facility at Darmstadt, Warsaw, November 24, 2003 Atomic Physics at

Atomic Layer Deposition Atomic Layer Deposition (ALD) Erwin Kessels w.m.m.kessels@tue.nl

As Atomic Number Atomic number Atomic mass Symbol & Name Ad slogan Cost

C++11 atomics for G4atomic Jonathan R. Madsen Texas A&M University What is an atomic? We