lightweight circuits with shift and swap
play

Lightweight Circuits with Shift and Swap Subhadeep Banik Asian - PowerPoint PPT Presentation

Dec 07, 2023 •49 likes •489 views

Lightweight Circuits with Shift and Swap Subhadeep Banik Asian Symmetric Key Workshop, ISI Kolkata November 18, 2018 Introduction Types of Circuits: Brief background. Block cipher circuits: Round based vs Serial. Eg: Working example

  1. Lightweight Circuits with Shift and Swap Subhadeep Banik Asian Symmetric Key Workshop, ISI Kolkata November 18, 2018

  2. Introduction • Types of Circuits: Brief background. • Block cipher circuits: Round based vs Serial. ⇒ Eg: Working example with PRESENT • Relevance of lightweight circuits to current problem. • Results. 2 of 44

  3. bc bc Combinatorial vs Sequential • Combinatorial Circuits: • Behavior of the circuit is described completely by logic gates. • Eg: Multiplexer, AES S-box etc. A B ⊕ AB+CD C D Figure: Combinatorial Circuit 3 of 44

  4. bc bc bc bc Combinatorial vs Sequential • Sequential Circuits: • Behavior of the circuit is described over time. • Eg: Any circuit in which S t +1 = F ( S t ). Q In F S 0 Load Reg CLK 4 of 44 Figure: Combinatorial Circuit

  5. bc bc bc bc Combinatorial vs Sequential • Sequential Circuits: • Behavior of the circuit is described over time. • Eg: Any circuit in which S t +1 = F ( S t ). Q In F S 0 Load Reg CLK 1 0 CLK Load 0x1234 S 0 0x1234 0x2345 0x3456 In 0xXXXX 0x1234 0x2345 Q F ( Q ) 0xXXXX 0x2345 0x3456 5 of 44 Figure: Combinatorial Circuit

  6. bc bc bc bc b b b b Block Cipher Circuits • Repeated application of Round Fn: similar to previous circuit. • However can be implemented using both ideologies. • Eg: Fully unrolled AES. RF 1 RF 2 RF 3 RF 10 PT CT KS 1 KS 2 KS 3 KS 10 K 6 of 44 Figure: Combinatorial Circuit

  7. bc bc bc bc Block Cipher Circuits • Round Based Circuits. • One round Function Executed per clock cycle. • S 0 = PT || K || 0, F = RF || KS || ( i → i + 1). Q In F S 0 Load Reg CLK 7 of 44 Figure: Combinatorial Circuit

  8. bc bc bc bc b b b b b b b b Block Cipher Circuits: PRESENT • Serialized Circuit: One S-box (lightweight implementation). • Circuit by Rolfes et al. [CARDIS 08]. • Less than 1000 GE. K XX XX XX XX XX S 0 ← PT For i = 1 → 31 do ⊕ S A . U i ← Sbox ( S i − 1 ⊕ K i − 1 ) PT B . S i ← P.Layer ( U i ) XX XX XX XX 8 of 44

  9. bc bc bc bc b b b b b b b b Block Cipher Circuits: PRESENT • Serialized Circuit: One S-box (lightweight implementation). • Circuit by Rolfes et al. [CARDIS 08]. • Less than 1000 GE. K K 19 XX XX XX XX S 0 ← PT For i = 1 → 31 do ⊕ S A . U i ← Sbox ( S i − 1 ⊕ K i − 1 ) PT B . S i ← P.Layer ( U i ) XX XX XX XX 9 of 44

  10. bc bc bc bc b b b b b b b b Block Cipher Circuits: PRESENT • Serialized Circuit: One S-box (lightweight implementation). • Circuit by Rolfes et al. [CARDIS 08]. • Less than 1000 GE. K K 18 K 19 XX XX XX S 0 ← PT For i = 1 → 31 do ⊕ S A . U i ← Sbox ( S i − 1 ⊕ K i − 1 ) PT B . S i ← P.Layer ( U i ) XX XX XX XX 10 of 44

  11. bc bc bc bc b b b b b b b b Block Cipher Circuits: PRESENT • Serialized Circuit: One S-box (lightweight implementation). • Circuit by Rolfes et al. [CARDIS 08]. • Less than 1000 GE. K K 17 K 18 K 19 XX XX S 0 ← PT For i = 1 → 31 do ⊕ S A . U i ← Sbox ( S i − 1 ⊕ K i − 1 ) PT B . S i ← P.Layer ( U i ) XX XX XX XX 11 of 44

  12. bc bc bc bc b b b b b b b b Block Cipher Circuits: PRESENT • Serialized Circuit: One S-box (lightweight implementation). • Circuit by Rolfes et al. [CARDIS 08]. • Less than 1000 GE. K K 16 K 17 K 18 K 19 XX S 0 ← PT For i = 1 → 31 do ⊕ S A . U i ← Sbox ( S i − 1 ⊕ K i − 1 ) PT B . S i ← P.Layer ( U i ) XX XX XX XX 12 of 44

  13. bc bc bc bc b b b b b b b b Block Cipher Circuits: PRESENT • Serialized Circuit: One S-box (lightweight implementation). • Circuit by Rolfes et al. [CARDIS 08]. • Less than 1000 GE. K K 15 K 16 K 17 K 18 XX S 0 ← PT For i = 1 → 31 do ⊕ S A . U i ← Sbox ( S i − 1 ⊕ K i − 1 ) PT B . S i ← P.Layer ( U i ) P 15 XX XX XX 13 of 44

  14. bc bc bc bc b b b b b b b b Block Cipher Circuits: PRESENT • Serialized Circuit: One S-box (lightweight implementation). • Circuit by Rolfes et al. [CARDIS 08]. • Less than 1000 GE. K K 0 K 1 K 2 K 3 K 19 S 0 ← PT Q 15 For i = 1 → 31 do ⊕ S A . U i ← Sbox ( S i − 1 ⊕ K i − 1 ) PT B . S i ← P.Layer ( U i ) P 0 P 1 P 2 P 15 14 of 44

  15. bc bc bc bc b b b b b b b b Block Cipher Circuits: PRESENT • Serialized Circuit: One S-box (lightweight implementation). • Circuit by Rolfes et al. [CARDIS 08]. • Less than 1000 GE. K K 19 K 0 K 1 K 2 K 18 S 0 ← PT Q 14 For i = 1 → 31 do ⊕ S A . U i ← Sbox ( S i − 1 ⊕ K i − 1 ) PT B . S i ← P.Layer ( U i ) Q 15 P 0 P 1 P 14 15 of 44

  16. bc bc bc bc b b b b b b b b Block Cipher Circuits: PRESENT • Serialized Circuit: One S-box (lightweight implementation). • Circuit by Rolfes et al. [CARDIS 08]. • Less than 1000 GE. K K 18 K 19 K 0 K 1 K 17 S 0 ← PT Q 13 For i = 1 → 31 do ⊕ S A . U i ← Sbox ( S i − 1 ⊕ K i − 1 ) PT B . S i ← P.Layer ( U i ) Q 14 Q 15 P 0 P 13 16 of 44

  17. bc bc bc bc b b b b b b b b Block Cipher Circuits: PRESENT • After 20+16 cycles. • 1st round key addition and Substitution done. • Now to do the Permutation layer. K K 4 K 5 K 6 K 7 K 3 S 0 ← PT For i = 1 → 31 do ⊕ S A . U i ← Sbox ( S i − 1 ⊕ K i − 1 ) PT B . S i ← P.Layer ( U i ) Q 0 Q 1 Q 2 Q 15 17 of 44

  18. b b b b b b b b b b b b b b b b b b b b b bc bc bc bc b b b b b b b b b Block Cipher Circuits: PRESENT • 17th cycle dedicated to permutation layer. • Also prepare the next roundkey. • Each flip flop needs to be a scan flip-flop (144 in total). K L 19 K 4 K 5 K 6 K 7 K 3 S 0 ← PT For i = 1 → 31 do ⊕ S A . U i ← Sbox ( S i − 1 ⊕ K i − 1 ) PT B . S i ← P.Layer ( U i ) Q 0 Q 1 Q 2 Q 15 T 0 18 of 44

  19. bc bc bc bc b b b b b b b b Block Cipher Circuits: PRESENT • 1st Round now completely done. • Repeat the 17 cycles to do round 2. • Repeat 31 times. K L 0 L 1 L 2 L 3 L 19 S 0 ← PT For i = 1 → 31 do ⊕ S A . U i ← Sbox ( S i − 1 ⊕ K i − 1 ) PT B . S i ← P.Layer ( U i ) T 0 T 1 T 15 T 2 19 of 44

  20. b b b b b b b b b b b b bc bc bc bc b b b b Block Cipher Circuits: PRESENT • CHES 2017: Bit Sliding: (reducing datapath to 1 bit!!). • Use the fact that P = P 4 2 ◦ P 1 . • #Scan flip-flops: 35 (=24+11) → Area 850 GE. b 63 b 62 b 61 b 60 b 59 b 58 b 49 b 48 b 47 b 46 b 45 b 44 b 43 b 42 b 33 b 32 b 31 b 30 b 29 b 28 b 27 b 26 b 17 b 16 b 15 b 14 b 13 b 12 b 11 b 10 b 1 b 0 20 of 44

  21. b b b b Current problem Before us • More Scan flip-flops = More hardware area. • Can we reduce #Scan flip-flops to 2 ? • If so we reduce the number of implementable functions • Only Possible if P can be implemented efficiently. b 63 b 62 b 61 b 1 b 0 Sel Sel 21 of 44

  22. b b b b Current problem Before us • What functions can be implemented?. • If Sel=0, r = One bit rotate towards the left. • If Sel=1, ( b 63 , b 62 , . . . , b 1 , b 0 ) → ( b 63 , b 61 , . . . , b 0 , b 62 ) • The above function v = r ◦ w where w =SWAP( b 63 , b 62 ). b 63 b 62 b 61 b 1 b 0 Sel Sel 22 of 44

  23. b b b b Current problem Before us • Can P expressed as a composition of r , v ? • Answer is YES. • In fact r , w generate S 64 . • Delve into the theory of Permutation Groups. b 63 b 62 b 61 b 1 b 0 Sel Sel 23 of 44

  24. r , w = (63 , 62) Generate S 64 Proof • Set of all Swaps generates S 64 . • G = { (63 , 62) , (62 , 61) , (61 , 60) , . . . (1 , 0) } generates S 64 . ( i , j ) = ( i , i − 1) ◦ ( i − 1 , j ) ◦ ( i , i − 1) = ( i , i − 1) ◦ ( i − 1 , i − 2) ◦ ( i − 2 , j ) ◦ ( i − 1 , i − 2) ◦ ( i , i − 1) • Given the following identity π ◦ ( i 1 , i 2 , . . . , i k ) ◦ π − 1 = ( π ( i 1 ) , π ( i 2 ) , . . . , π ( i k )) , • Easy to see that r − (63 − i ) ◦ (63 , 62) ◦ r (63 − i ) = ( r − (63 − i ) (63) , r − (63 − i ) (62)) = ( i , i − 1) 24 of 44

  25. # Operations? Analysis • Consider (49 , 40). How many operations required ? (49 , 40) = (49 , 48) ◦ (48 , 40) ◦ (49 , 48) = (49 , 48) ◦ (48 , 47) ◦ (47 , 40) ◦ (48 , 47) ◦ (49 , 48) = (49 , 48) ◦ (48 , 47) ◦ · · · (42 , 41) ◦ (41 , 40) ◦ (42 , 41) · · · (48 , 47) ◦ (49 , 48) • (49 , 48) = r − 14 ◦ w ◦ r 14 , (48 , 47) = r − 15 ◦ w ◦ r 15 , . . . , (41 , 40) = r − 22 ◦ w ◦ r 22 • So we have (49 , 40) = r − 14 ◦ w ◦ [ r − 1 ◦ w ◦ · · · ◦ r − 1 ◦ w ] ◦ r 14 ◦ [ r ◦ w ◦ · · · ◦ r ◦ w ] � �� � � �� � 8 times 8 times = [ r 49 ◦ v ◦ r 14 ] ◦ [ r 48 ◦ v ◦ r 15 ] ◦ · · · ◦ [ r 42 ◦ v ◦ r 21 ] ◦ [ r 41 ◦ v 9 ◦ r 14 ] • 9 brackets: each takes 64 operations → 64 ∗ (49 − 40) = 576 cycles !!! 25 of 44

  26. Present Permutation Table: Specifications of Present bit-permutation layer. i 0 1 2 3 4 5 6 7 P ( i ) 0 16 32 48 1 17 33 49 8 9 10 11 12 13 14 15 i P ( i ) 2 18 34 50 3 19 35 51 i 16 17 18 19 20 21 22 23 P ( i ) 4 20 36 52 5 21 37 53 24 25 26 27 28 29 30 31 i P ( i ) 6 22 38 54 7 23 39 55 i 32 33 34 35 36 37 38 39 P ( i ) 8 24 40 56 9 25 41 57 40 41 42 43 44 45 46 47 i P ( i ) 10 26 42 58 11 27 43 59 i 48 49 50 51 52 53 54 55 P ( i ) 12 28 44 60 13 29 45 61 56 57 58 59 60 61 62 63 i P ( i ) 14 30 46 62 15 31 47 63 26 of 44

Recommend

MDS Matrices with Lightweight Circuits Sbastien Duval Gatan Leurent Sebastien.Duval@inria.fr

MDS Matrices with Lightweight Circuits Sbastien Duval Gatan Leurent Sebastien.Duval@inria.fr

MDS Matrices with Lightweight Circuits Sbastien Duval Gatan Leurent Sebastien.Duval@inria.fr February 14, 2019 Introduction Lightweight Our approach Formal Results Instantiation Conclusion Security of Block Ciphers Shannons

745 views • 59 slides
Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits Shun Li , Siwei Sun,

Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits Shun Li , Siwei Sun,

Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits Shun Li , Siwei Sun, Chaoyun Li, Zihao Wei, Lei Hu FSE 2019 @ Paris, France Li, Sun et al. Constructing Low-latency Involutory MDS Matrices with Lightweight Circuits FSE

782 views • 44 slides
Shortcuts in Dj Vu X3 vs. Dj Vu X2 Function Dj Vu X3 Shortcut Dj Vu X2 Shortcut

Shortcuts in Dj Vu X3 vs. Dj Vu X2 Function Dj Vu X3 Shortcut Dj Vu X2 Shortcut

Shortcuts in Dj Vu X3 vs. Dj Vu X2 Function Dj Vu X3 Shortcut Dj Vu X2 Shortcut Undo Ctrl+Z Ctrl+Z Redo Ctrl+Y Ctrl+Y Swap Word with Next Ctrl+Shift+N Ctrl+Shift+N Swap Word with Previous Ctrl+Shift+B Ctrl+Shift+B

413 views • 3 slides
MDS Matrices with Lightweight Circuits S ebastien Duval Ga etan Leurent March 26, 2019

MDS Matrices with Lightweight Circuits S ebastien Duval Ga etan Leurent March 26, 2019

MDS Matrices with Lightweight Circuits S ebastien Duval Ga etan Leurent March 26, 2019 Introduction Objective Search Algorithm Instantiating the Results Comparison with the Literature 2 / 18 SPN Ciphers Plaintext Shannons

482 views • 34 slides
CENG 342 Digital Systems Shift Registers Larry Pyeatt SDSM&T Compare Two Circuits What

CENG 342 Digital Systems Shift Registers Larry Pyeatt SDSM&T Compare Two Circuits What

CENG 342 Digital Systems Shift Registers Larry Pyeatt SDSM&T Compare Two Circuits What is the difference between these two circuits? What are their functions? d q d q d q d q I 3 I 2 I 1 I 0 clk clk clk clk R Q 3 Q 2 Q 1 Q

1.07k views • 9 slides
Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1.

Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1.

Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1. About Think Lightweight 2. What are Lightweight Structures? 3. Industry Applications 4. Product Line Review 5. Think Lightweight Component

832 views • 43 slides
Re-wiring plant genetic circuits - a paradigm shift from metabolic engineering to synthetic

Re-wiring plant genetic circuits - a paradigm shift from metabolic engineering to synthetic

Re-wiring plant genetic circuits - a paradigm shift from metabolic engineering to synthetic biology in plants Genes and standard components in plant engineering In the dark 3 weeks Callus ready Immature Immature embryo (2,4 D) for

238 views • 19 slides
ECED2200 Digital Circuits Serial Protocols, Registers, Shift Registers 23/07/2012 Colin

ECED2200 Digital Circuits Serial Protocols, Registers, Shift Registers 23/07/2012 Colin

ECED2200 Digital Circuits Serial Protocols, Registers, Shift Registers 23/07/2012 Colin OFlynn - CC BY-SA 1 General Notes See updates to these slides: www.newae.com/teaching These slides licensed under Creative Commons

393 views • 23 slides
Sequential Circuits Chapter 4 S. Dandamudi Outline Introduction Example chips

Sequential Circuits Chapter 4 S. Dandamudi Outline Introduction Example chips

Sequential Circuits Chapter 4 S. Dandamudi Outline Introduction Example chips Clock signal Example sequential circuits Propagation delay Shift registers Counters Latches Sequential circuit design SR

1k views • 46 slides
Sequential Circuits Chapter 4 S. Dandamudi Outline Introduction Example chips

Sequential Circuits Chapter 4 S. Dandamudi Outline Introduction Example chips

Sequential Circuits Chapter 4 S. Dandamudi Outline Introduction Example chips Clock signal Example sequential circuits Propagation delay Shift registers Latches Counters Sequential circuit design SR

107 views • 8 slides
Interest Rate Swap and Interest Rate Swap and Variable Rate Debt Programs Variable Rate Debt

Interest Rate Swap and Interest Rate Swap and Variable Rate Debt Programs Variable Rate Debt

Interest Rate Swap and Interest Rate Swap and Variable Rate Debt Programs Variable Rate Debt Programs Managing On-Going Responsibilities California Debt and Investment Advisory Commission April 11, 2008 Swap Financial Group Peter Shapiro 76

395 views • 17 slides
Z AMBIA UN Y OUTH SWAP 2015 Led: chair of the Zambia Youth SWAP (ILO) in coordination with the

Z AMBIA UN Y OUTH SWAP 2015 Led: chair of the Zambia Youth SWAP (ILO) in coordination with the

Z AMBIA UN Y OUTH SWAP 2015 Led: chair of the Zambia Youth SWAP (ILO) in coordination with the Resident Coordinator UN Agencies based in Zambia - FAO, ILO, IOM, UNECA, UNICEF, UNDP, UNFPA, UNHCR, WFP The Ministry of Youth and Sports

837 views • 6 slides
Implementation of the SWAP study findings SWAP was funded by Health Education England North

Implementation of the SWAP study findings SWAP was funded by Health Education England North

Implementation of the SWAP study findings SWAP was funded by Health Education England North Central East London and undertaken by Allied Health Solutions Purpose of this presentation This slide deck has been produced for AHP managers and AHP

211 views • 17 slides
HOLY SHIFT! Linda Zheng Roadmap You are here My Shift Introduction Shift AST Experience

HOLY SHIFT! Linda Zheng Roadmap You are here My Shift Introduction Shift AST Experience

HOLY SHIFT! Linda Zheng Roadmap You are here My Shift Introduction Shift AST Experience Overview with Shift What is the Shift Project? Abstract Syntax Tree (AST) Binary Expression Identifier Identifier PLUS a + b a b

632 views • 28 slides
Cushman & Wakefield SWAP Presentation SWAP - Safe Work Assurance Platform Overview What We

Cushman & Wakefield SWAP Presentation SWAP - Safe Work Assurance Platform Overview What We

Cushman & Wakefield SWAP Presentation SWAP - Safe Work Assurance Platform Overview What We Will Learn Today Today we will be covering: What is SWAP How it will benefit you How to register How to register

447 views • 30 slides
The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will

The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will

The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will revolutionise the international high-rise construction industry Tony Zaccarini and Dr Patrick OBrien The lightweight beam for Heavyweight

417 views • 12 slides
The lightweight beam for Heavyweight applications The impact of this lightweight beam concept

The lightweight beam for Heavyweight applications The impact of this lightweight beam concept

The lightweight beam for Heavyweight applications The impact of this lightweight beam concept will revolutionise the aviation industry Tony Zaccarini and Dr Patrick OBrien The lightweight beam for Heavyweight applications Patent Applied For

479 views • 12 slides
Market Models for Forward Swap Rates and Credit Default Swap Spreads Marek Rutkowski School of

Market Models for Forward Swap Rates and Credit Default Swap Spreads Marek Rutkowski School of

Market Models for Forward Swaps Density Processes of Martingale Measures Market Models for CDS Spreads Towards Generic Swap Models Market Models for Forward Swap Rates and Credit Default Swap Spreads Marek Rutkowski School of Mathematics and

1.03k views • 55 slides
CS162: Introduction to Computer Science II References 1 Pass-by-Value void swap(int x, int y)

CS162: Introduction to Computer Science II References 1 Pass-by-Value void swap(int x, int y)

CS162: Introduction to Computer Science II References 1 Pass-by-Value void swap(int x, int y) { int temp = x; x = y; y = temp; } Consider the swap function above, which is intended to swap the values of x and y We will use it in

353 views • 6 slides
Senex and QGC JV asset swap Julie Whitcombe, EGM Strategic Planning Craig Stallan, Chief Operating

Senex and QGC JV asset swap Julie Whitcombe, EGM Strategic Planning Craig Stallan, Chief Operating

Senex and QGC JV asset swap Julie Whitcombe, EGM Strategic Planning Craig Stallan, Chief Operating Officer 10 September 2014 Asset swap consolidates Senexs Qld gas position QGC asset swap: monetising a minority JV position into a 100% held

398 views • 12 slides
New Lightweight DES Variants Suited for RFID Applications G. Leander, C. Paar, A. Poschmann, K.

New Lightweight DES Variants Suited for RFID Applications G. Leander, C. Paar, A. Poschmann, K.

New Lightweight DES Variants Suited for RFID Applications G. Leander, C. Paar, A. Poschmann, K. Schramm Workshop on Fast Software Encryption 2007 Outline Introduction Why lightweight? Why choose DES? DESL: DES Lightweight Why change DES?

364 views • 12 slides
1 2 nd Shift Associates 2 nd Shift Associates 3 rd Shift Associates 3 rd Shift Associates 2

1 2 nd Shift Associates 2 nd Shift Associates 3 rd Shift Associates 3 rd Shift Associates 2

Office Staff Office Staff 1 st Shift Associates 1 st Shift Associates 1 2 nd Shift Associates 2 nd Shift Associates 3 rd Shift Associates 3 rd Shift Associates 2 This is the whole reason every associate here goes home at the end of the day in

338 views • 10 slides
Sequential Circuits Combinational circuits : current input output Sequential circuit :

Sequential Circuits Combinational circuits : current input output Sequential circuit :

14:332:231 DIGITAL LOGIC DESIGN Ivan Marsic, Rutgers University Electrical & Computer Engineering Fall 2013 Lecture #15: Sequential Circuits: Latches Sequential Circuits Combinational circuits : current input output Sequential

483 views • 15 slides
Lecture 14: Sequential Circuits, FSM Todays topics: Sequential circuits Finite

Lecture 14: Sequential Circuits, FSM Todays topics: Sequential circuits Finite

Lecture 14: Sequential Circuits, FSM Todays topics: Sequential circuits Finite state machines 1 Sequential Circuits Until now, circuits were combinational when inputs change, the outputs change after a while (time = logic

435 views • 19 slides

More recommend