on the lightweight design choices for diffusion layer of
play

On the Lightweight Design Choices for Diffusion Layer of Block - PowerPoint PPT Presentation

Oct 14, 2022 •326 likes •786 views

On the Lightweight Design Choices for Diffusion Layer of Block Ciphers SUMANTA SARKAR TCS Innovation Labs December 11, 2017 SUMANTA SARKAR Lightweight Cryptography Internet of Things / Connected Cars Internet of things (IoT): Network of

  1. On the Lightweight Design Choices for Diffusion Layer of Block Ciphers SUMANTA SARKAR TCS Innovation Labs December 11, 2017 SUMANTA SARKAR Lightweight Cryptography

  2. Internet of Things / Connected Cars Internet of things (IoT): Network of smart devices. Examples: cyberphysical systems: health monitoring, environmental monitoring, supply chain Smart cities: citizens, traffic systems, social system, waste management, etc all connected for better usage of resources. Connected car: core to driverless cars. (California clears the way for testing of fully driverless cars) SUMANTA SARKAR Lightweight Cryptography

  3. Threats! Jeep Cherokee Hacked in July 2015. Sitting 10 miles away hackers took the control from the driver. SUMANTA SARKAR Lightweight Cryptography

  4. Threats! Jeep Cherokee Hacked in July 2015. Sitting 10 miles away hackers took the control from the driver. picture source: amazon.in SUMANTA SARKAR Lightweight Cryptography

  5. Threats! Jeep Cherokee Hacked in July 2015. Sitting 10 miles away hackers took the control from the driver. picture source: amazon.in Alexa accidentally ordered dollhouse for many houses (January 2017). Phillips Hue smart bulbs were shown to be hackable. SUMANTA SARKAR Lightweight Cryptography

  6. Why Lightweight Cryptography? IoT network is comprised of RFID/Sensors. AES or RSA: popular choices of encryption in practice. SUMANTA SARKAR Lightweight Cryptography

  7. Why Lightweight Cryptography? IoT network is comprised of RFID/Sensors. AES or RSA: popular choices of encryption in practice. For secure communication in IoT, we cannot employ AES, we need “lightweight” encryption/decryption algorithm. SUMANTA SARKAR Lightweight Cryptography

  8. Why Lightweight Cryptography? IoT network is comprised of RFID/Sensors. AES or RSA: popular choices of encryption in practice. For secure communication in IoT, we cannot employ AES, we need “lightweight” encryption/decryption algorithm. NIST is in the process of lightweight standardisation. SUMANTA SARKAR Lightweight Cryptography

  9. Lightweight Cryptography: Examples Lightweight cryptography mostly based on symmetric key. Lightweight stream ciphers: eSTREAM finalists Grain v1, MICKEY 2.0, and Trivium, etc. Lightweight block ciphers: CLEFIA, PRESENT: Standardized by ISO/IEC 29192, etc. SUMANTA SARKAR Lightweight Cryptography

  10. Lightweight Cryptography: Metric Lightweight cryptosystem: How to measure the “weight”? (Silicon) Area , Performance and power consumption SUMANTA SARKAR Lightweight Cryptography

  11. Lightweight Cryptography: Metric Lightweight cryptosystem: How to measure the “weight”? (Silicon) Area , Performance and power consumption Area measured by number of Gate Equivalent (GE) Block cipher LED 64 bit => GE = 966 ( . 18 µ m ). Performance: Throughput. Consult Cryptolux/Lightweight_Cryptography for the list of lightweight ciphers. SUMANTA SARKAR Lightweight Cryptography

  12. Block Ciphers: Design Principles A block cipher has two building blocks: SUMANTA SARKAR Lightweight Cryptography

  13. Block Ciphers: Design Principles A block cipher has two building blocks: Confusion & Diffusion Confusion layer makes the relation between key and ciphertext as complex as possible. Diffusion spreads the plaintext statistics throughout the ciphertext. SUMANTA SARKAR Lightweight Cryptography

  14. Metric for Diffusion Layer F : F n q → F n q : Differential Branch Number of F : min { wt ( x + y ) + wt ( F ( x ) + F ( y )) } . Differential Branch Number of F ≤ n + 1 SUMANTA SARKAR Lightweight Cryptography

  15. Implementation Cost Diffusion Layer Diffusion layer: multiplication of a vector with a matrix (over GF ( 2 n ) ). Maximum Distance Separable (MDS) matrix is chosen for Diffusion: Highest diffusion power n+1. MDS matrix: square matrix whose every submatrix is nonsingular. SUMANTA SARKAR Lightweight Cryptography

  16. Implementation Cost Diffusion Layer Diffusion layer: multiplication of a vector with a matrix (over GF ( 2 n ) ). Maximum Distance Separable (MDS) matrix is chosen for Diffusion: Highest diffusion power n+1. MDS matrix: square matrix whose every submatrix is nonsingular. In practice, product of two field elements is implemented simply by some XORs. [ Khoo et al. CHES 2014 ] looked at the number of XORs required to multiply a fixed field element by an arbitrary field element and termed it as XOR Count SUMANTA SARKAR Lightweight Cryptography

  17. XOR count β ∈ GF ( 2 n ) is implemented by the corresponding vector ( β 0 , . . . , β n − 1 ) ∈ GF ( 2 ) n by choosing some basis of GF ( 2 n ) . SUMANTA SARKAR Lightweight Cryptography

  18. XOR count β ∈ GF ( 2 n ) is implemented by the corresponding vector ( β 0 , . . . , β n − 1 ) ∈ GF ( 2 ) n by choosing some basis of GF ( 2 n ) . Consider GF ( 2 3 ) under ( X 3 + X + 1 ) and a basis { 1 , α, α 2 } . How many XORs required to multiply α 4 with a general field element? SUMANTA SARKAR Lightweight Cryptography

  19. XOR count β ∈ GF ( 2 n ) is implemented by the corresponding vector ( β 0 , . . . , β n − 1 ) ∈ GF ( 2 ) n by choosing some basis of GF ( 2 n ) . Consider GF ( 2 3 ) under ( X 3 + X + 1 ) and a basis { 1 , α, α 2 } . How many XORs required to multiply α 4 with a general field element? α 4 = α + α 2 → ( 0 , 1 , 1 ) Take a general element b 0 + b 1 α + b 2 α 2 ∈ GF ( 2 3 ) → ( b 0 , b 1 , b 2 ) . SUMANTA SARKAR Lightweight Cryptography

  20. XOR count β ∈ GF ( 2 n ) is implemented by the corresponding vector ( β 0 , . . . , β n − 1 ) ∈ GF ( 2 ) n by choosing some basis of GF ( 2 n ) . Consider GF ( 2 3 ) under ( X 3 + X + 1 ) and a basis { 1 , α, α 2 } . How many XORs required to multiply α 4 with a general field element? α 4 = α + α 2 → ( 0 , 1 , 1 ) Take a general element b 0 + b 1 α + b 2 α 2 ∈ GF ( 2 3 ) → ( b 0 , b 1 , b 2 ) . Implement ( b 0 , b 1 , b 2 )( 0 , 1 , 1 ) SUMANTA SARKAR Lightweight Cryptography

  21. XOR count β ∈ GF ( 2 n ) is implemented by the corresponding vector ( β 0 , . . . , β n − 1 ) ∈ GF ( 2 ) n by choosing some basis of GF ( 2 n ) . Consider GF ( 2 3 ) under ( X 3 + X + 1 ) and a basis { 1 , α, α 2 } . How many XORs required to multiply α 4 with a general field element? α 4 = α + α 2 → ( 0 , 1 , 1 ) Take a general element b 0 + b 1 α + b 2 α 2 ∈ GF ( 2 3 ) → ( b 0 , b 1 , b 2 ) . Implement ( b 0 , b 1 , b 2 )( 0 , 1 , 1 ) ( b 0 + b 1 α + b 2 α 2 ) α 4 = ( b 1 + b 2 ) + ( b 0 + b 1 ) α + ( b 0 + b 1 + b 2 ) α 2 . In vector form this product is of the form ( b 1 ⊕ b 2 , b 0 ⊕ b 1 , b 0 ⊕ b 1 ⊕ b 2 ) SUMANTA SARKAR Lightweight Cryptography

  22. XOR count β ∈ GF ( 2 n ) is implemented by the corresponding vector ( β 0 , . . . , β n − 1 ) ∈ GF ( 2 ) n by choosing some basis of GF ( 2 n ) . Consider GF ( 2 3 ) under ( X 3 + X + 1 ) and a basis { 1 , α, α 2 } . How many XORs required to multiply α 4 with a general field element? α 4 = α + α 2 → ( 0 , 1 , 1 ) Take a general element b 0 + b 1 α + b 2 α 2 ∈ GF ( 2 3 ) → ( b 0 , b 1 , b 2 ) . Implement ( b 0 , b 1 , b 2 )( 0 , 1 , 1 ) ( b 0 + b 1 α + b 2 α 2 ) α 4 = ( b 1 + b 2 ) + ( b 0 + b 1 ) α + ( b 0 + b 1 + b 2 ) α 2 . In vector form this product is of the form ( b 1 ⊕ b 2 , b 0 ⊕ b 1 , b 0 ⊕ b 1 ⊕ b 2 ) XOR ( α 4 ) = 4. SUMANTA SARKAR Lightweight Cryptography

  23. XOR count of a matrix Challenge in lightweight block ciphers: Construct diffusion matrices with low XOR counts. Others (Kranz et al 17, JPS17]) considered re-usage of terms to decrease the number of XORs. But this costs delay and/or additional memory. SUMANTA SARKAR Lightweight Cryptography

  24. XOR Count of some Specific Elements α is a root of irreducible polynomial X n + q ( X ) + 1, if there are t nonzero terms, then XOR ( α ) 1. For example, α is a root of X 4 + X + 1 that defines GF ( 2 4 ) , then XOR ( α ) = 1. But if we change the irreducible polynomial to X 4 + X 3 + X 2 + X + 1 then none of the elements of GF ( 2 4 ) has XOR count 1. SUMANTA SARKAR Lightweight Cryptography

  25. XOR count distribution [SS16]) XOR count distribution also varies when a different basis of GF ( 2 n ) is considered, even if the underlying irreducible polynomial remains fixed. SUMANTA SARKAR Lightweight Cryptography

  26. XOR count distribution [SS16]) XOR count distribution also varies when a different basis of GF ( 2 n ) is considered, even if the underlying irreducible polynomial remains fixed. α 2 α 3 α 4 α 5 α 6 Elements 0 1 α Sum Basis { 1 , α, α 2 } 0 0 1 2 4 4 3 1 15 Basis { α 3 , α 6 , α 5 } 0 0 3 3 2 3 2 2 15 XOR count distribution of GF ( 2 3 ) under X 3 + X + 1 SUMANTA SARKAR Lightweight Cryptography

  27. Circulant Matrix Definition A matrix is called circulant if every row is a cyclic shift of other rows.  a 0 a 1 a 2 a 3  a 3 a 0 a 1 a 2   T =  .   a 2 a 3 a 0 a 1  a 1 a 2 a 3 a 0 SUMANTA SARKAR Lightweight Cryptography

  28. Toeplitz Matrices Definition A matrix is called Toeplitz if every descending diagonal from left to right is constant. A typical 4 × 4 Toeplitz matrix looks like  a 0 a 1 a 2 a 3  a − 1 a 0 a 1 a 2   T =  .   a − 2 a − 1 a 0 a 1  a − 3 a − 2 a − 1 a 0 Definition A matrix M is called involutory if M ∗ M = Identity matrix. SUMANTA SARKAR Lightweight Cryptography

Recommend

Design of Lightweight Linear Diffusion Layers from Near-MDS Matrices Chaoyun Li 1 Qingju Wang 1 ,

Design of Lightweight Linear Diffusion Layers from Near-MDS Matrices Chaoyun Li 1 Qingju Wang 1 ,

Design of Lightweight Linear Diffusion Layers from Near-MDS Matrices Chaoyun Li 1 Qingju Wang 1 , 2 1 imec and COSIC, KU Leuven 2 DTU Compute, Technical University of Denmark March 6, 2017 Chaoyun Li, Qingju Wang ( imec and COSIC, KU Leuven, DTU

548 views • 29 slides
c + = Diffusion Diffusion 2 6.82 10 -6 v c D c 10 -1 Equation

c + = Diffusion Diffusion 2 6.82 10 -6 v c D c 10 -1 Equation

! Diffusivity ! Diffusivity ! Diffusion Equation ! Diffusion Equation ! Diffusion to a Wall ! Diffusion to a Wall ! Deposition Velocity, Diffusion ! Deposition Velocity, Diffusion Boundary Layer, Diffusion Force Boundary Layer, Diffusion

515 views • 8 slides
Automatic Algorithm Configuration Design choices and parameters everywhere Todays

Automatic Algorithm Configuration Design choices and parameters everywhere Todays

HEURISTIC OPTIMIZATION Automatic Algorithm Configuration Design choices and parameters everywhere Todays high-performance optimizers involve a large number of design choices and parameter settings I exact solvers I design choices include

458 views • 15 slides
Diffusion model Developing diffusion model: kinetic strength of the heat cycle The

Diffusion model Developing diffusion model: kinetic strength of the heat cycle The

Diffusion model Developing diffusion model: kinetic strength of the heat cycle The transformation of pearlite to austenite The homogenization of austenite Volume fraction of martensite Hardness of transformed surface layer

93 views • 7 slides
Diffusion model Developing diffusion model: kinetic strength of the heat cycle The

Diffusion model Developing diffusion model: kinetic strength of the heat cycle The

Diffusion model Developing diffusion model: kinetic strength of the heat cycle The transformation of pearlite to austenite The homogenization of austenite Volume fraction of martensite Hardness of transformed surface layer

1.27k views • 26 slides
On the Design and Use of Lightweight Cryptography for Cyber-Physical Systems Hirotaka Yoshida 1 1

On the Design and Use of Lightweight Cryptography for Cyber-Physical Systems Hirotaka Yoshida 1 1

On the Design and Use of Lightweight Cryptography for Cyber-Physical Systems Hirotaka Yoshida 1 1 AIST, Japan Kolkata, India (16 November 2018) 1 / 38 Table of contents 1 Introduction 2 Lightweight Crypto Stack for Circuit/RAM Size Requirement

670 views • 38 slides
Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1.

Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1.

Its time to Think Lightweight! www.thinklightweight.com TO D A Y S TO P IC S 1. About Think Lightweight 2. What are Lightweight Structures? 3. Industry Applications 4. Product Line Review 5. Think Lightweight Component

832 views • 43 slides
Concepts of Programming Design Scala and Lightweight Modular Staging (LMS) Alexey Rodriguez

Concepts of Programming Design Scala and Lightweight Modular Staging (LMS) Alexey Rodriguez

Concepts of Programming Design Scala and Lightweight Modular Staging (LMS) Alexey Rodriguez Blanter, Ferenc Balla, Matthijs Steen, Ruben Meerkerk, Ratih Ngestrini [ Faculty of Science Information and Computing Sciences] 1 Scala and Lightweight

1.33k views • 56 slides
How Julia Goes Fast Leah Hanson Main Points 1. Design choices make Julia fast. 2. Design and

How Julia Goes Fast Leah Hanson Main Points 1. Design choices make Julia fast. 2. Design and

How Julia Goes Fast Leah Hanson Main Points 1. Design choices make Julia fast. 2. Design and implementation choices work together. 3. You should try using Julia. 1. What problem is Julia solving? 2. What design choices does that lead to? 3.

972 views • 74 slides
1 ISO/OSI reference model: end ISO/OSI reference model: end- -to to- -end dialogue 2/2 end

1 ISO/OSI reference model: end ISO/OSI reference model: end- -to to- -end dialogue 2/2 end

Topics in Computer Networks 2010 Introduction, What is CrossLayer Design ? Mesh Network Cross Layer Design : Seminar 3 Taxonomy of cross-layer methods Detailed overview on cross-layer interactions Jonas Karlsson Karlstad Universitet

307 views • 10 slides
Preventing Error SWE 632, Spring 2018 Today What causes errors? What design choices can

Preventing Error SWE 632, Spring 2018 Today What causes errors? What design choices can

Preventing Error SWE 632, Spring 2018 Today What causes errors? What design choices can help reduce the frequency of errors? What design choices can help users resolve errors more effectively? 2 Human Error Root cause analysis

582 views • 41 slides
1 Transport Layer Transport Layer Outline Message, Segment, Datagram Transport-layer

1 Transport Layer Transport Layer Outline Message, Segment, Datagram Transport-layer

Transport Layer Transport Layer Chapter 3: Transport Layer Mobile network Our goals: Global ISP understand principles learn about transport Chapter 3 behind transport layer protocols in the Transport Layer Internet: layer

678 views • 5 slides
5 Network Layer Network Layer Network Layer Network Layer Example: Choosing among multiple ASes

5 Network Layer Network Layer Network Layer Network Layer Example: Choosing among multiple ASes

Network Layer Network Layer Network Layer Network Layer Network Layer Comparison of LS and DV algorithms Message complexity Robustness: what happens 1 Introduction 5 Routing algorithms if router malfunctions? LS: with n nodes, E

325 views • 4 slides
Dissecting Design Choices for Power Efficient Continuous-time DS Converters Shanthi Pavan Indian

Dissecting Design Choices for Power Efficient Continuous-time DS Converters Shanthi Pavan Indian

Dissecting Design Choices for Power Efficient Continuous-time DS Converters Shanthi Pavan Indian Institute of Technology, Madras Chennai, India Outline Introduction Architectural design choices Circuit techniques for low power

947 views • 94 slides
Design a Cross-Layer Cognitive Engine using Cross-Layer Optimization with Case- Based Reasoning

Design a Cross-Layer Cognitive Engine using Cross-Layer Optimization with Case- Based Reasoning

Design a Cross-Layer Cognitive Engine using Cross-Layer Optimization with Case- Based Reasoning and Reinforcement Learning 4 th Workshop of COST Action IC0902 Rome, Italy 09 11, October, 2013 Ali Haider Mahdi, Andreas Mitschele-Thiel

672 views • 40 slides
Chapter 5 The Network Layer 1 Network Layer Design Isues Store-and-Forward Packet

Chapter 5 The Network Layer 1 Network Layer Design Isues Store-and-Forward Packet

Chapter 5 The Network Layer 1 Network Layer Design Isues Store-and-Forward Packet Switching Services Provided to the Transport Layer Implementation of Connectionless Service Implementation of Connection-Oriented Service

1.18k views • 83 slides
Chapter 3 The Data Link Layer 1 Data Link Layer Design Issues Services Provided to the

Chapter 3 The Data Link Layer 1 Data Link Layer Design Issues Services Provided to the

Chapter 3 The Data Link Layer 1 Data Link Layer Design Issues Services Provided to the Network Layer Framing Error Control Flow Control 2 Functions of the Data Link Layer Provide service interface to the network

928 views • 46 slides
1 Network Layer Network Layer Recall: Circuit Switching vs. Packet Interplay between routing

1 Network Layer Network Layer Recall: Circuit Switching vs. Packet Interplay between routing

Network Layer Network Layer Chapter 4: Network Layer Mobile network Chapter goals: Global ISP understand principles behind network layer Network Layer services: Home network network layer service models Regional ISP forwarding

550 views • 3 slides
Welcome to the Middle! Courses w/o Choices Courses with Choices English A/B Arts

Welcome to the Middle! Courses w/o Choices Courses with Choices English A/B Arts

Welcome to the Middle! Courses w/o Choices Courses with Choices English A/B Arts Visual Arts Mandarin B (in most cases) Music Math Drama Languages Science Korean A Humanties Mandarin A Design

323 views • 4 slides
Lightweight Block Cipher Design Gregor Leander DTU Mathematics, Denmark ECRYPT II summer school

Lightweight Block Cipher Design Gregor Leander DTU Mathematics, Denmark ECRYPT II summer school

Motivation Industry Academia We Start To Cheat... And Fail! Lightweight Block Cipher Design Gregor Leander DTU Mathematics, Denmark ECRYPT II summer school May/June 2011 G. Leander Lightweight Block Cipher Design Motivation Industry

577 views • 56 slides
Lightweight Block Cipher Design Gregor Leander HGI, Ruhr University Bochum, Germany Sardinia

Lightweight Block Cipher Design Gregor Leander HGI, Ruhr University Bochum, Germany Sardinia

Motivation Industry Academia Lightweight: 2nd Generation NIST Initiative Lightweight Block Cipher Design Gregor Leander HGI, Ruhr University Bochum, Germany Sardinia 2015 Motivation Industry Academia Lightweight: 2nd Generation NIST

1.4k views • 95 slides
Making Ma ng the the Ri Righ ght Choices Choices Presen esentati tion on Title Title Helping

Making Ma ng the the Ri Righ ght Choices Choices Presen esentati tion on Title Title Helping

Making Ma ng the the Ri Righ ght Choices Choices Presen esentati tion on Title Title Helping Customers and Partners to Design and Implement a Future Ready Laboratory Com Compan pany Profile ofile Desi Designi gning and and Commi

400 views • 22 slides
Lightweight Block Cipher Design Gregor Leander HGI, Ruhr University Bochum, Germany Croatia 2014

Lightweight Block Cipher Design Gregor Leander HGI, Ruhr University Bochum, Germany Croatia 2014

Motivation Industry Academia A Critical View Lightweight: 2nd Generation Wrap-Up Lightweight Block Cipher Design Gregor Leander HGI, Ruhr University Bochum, Germany Croatia 2014 Motivation Industry Academia A Critical View Lightweight:

1.77k views • 79 slides
The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will

The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will

The lightweight beam for Heavyweight applications The impact of this lightweight steel beam will revolutionise the international high-rise construction industry Tony Zaccarini and Dr Patrick OBrien The lightweight beam for Heavyweight

417 views • 12 slides

More recommend