software benchmarking of the 2 nd round caesar candidates
play

Software Benchmarking of the 2 nd round CAESAR Candidates Ralph - PowerPoint PPT Presentation

Sep 21, 2023 •495 likes •972 views

Software Benchmarking of the 2 nd round CAESAR Candidates Ralph Ankele 1 , Robin Ankele 2 1 Royal Holloway, University of London, UK 2 University of Oxford, UK September 27, 2016 Directions in Authenticated Ciphers - Nagoya, Japan Software

  1. Software Benchmarking of the 2 nd round CAESAR Candidates Ralph Ankele 1 , Robin Ankele 2 1 Royal Holloway, University of London, UK 2 University of Oxford, UK September 27, 2016 Directions in Authenticated Ciphers - Nagoya, Japan Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 1 /39

  2. Motivation 1 Use Case 1: Lightweight applications (resource constrained environments) Use Case 2: High-performance applications I critical: e ffi ciency on 64-bit CPUs (servers) and/or dedicated hardware I desirable: e ffi ciency on 32-bit CPUs (small smartphones) I desirable: constant time when the message length is constant I message sizes: usually long (more than 1024 bytes), sometimes shorter Use Case 3: Defense in depth 1 CAESAR usecases on CAESAR mailing list (16. July 2016) by Dan J. Bernstein: https://groups.google.com/forum/#!topic/crypto-competitions/DLv193SPSDc Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 2 /39

  3. Overview 1. Classification of the 2 nd round CAESAR Candidates 2. Software Optimizations 3. Benchmarking Framework 4. Results 5. Conclusions Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 3 /39

  4. Classification of the 2 nd round CAESAR Candidates 1. Classification of the 2 nd round CAESAR Candidates 2. Software Optimizations 3. Benchmarking Framework 4. Results 5. Conclusions Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 4 /39

  5. CAESAR competition CAESAR Round 2 candidates ACORN AEGIS AES-COPA AES-JAMBU AES-OTR AEZ Ascon CLOC Deoxys ELmD HS1-SIV ICEPOLE Joltik Ketje Keyak MORUS Minalpher NORX OCB OMD PAEQ POET PRIMATEs SCREAM SHELL SILC STRIBOB Tiaoxin TriviA-ck π -Cipher Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 5 /39

  6. Type Block Cipher 15 1 Compression Function 2 8 4 Permutations Sponge Construction Stream Cipher Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 6 /39

  7. Underlying Primitive AES Others 10 9 1 1 Dedicated Permutation 1 3 1 1 Dedicated Stream Cipher 3 2 3 Dedicated Block Cipher AES Round SHA2 ARX SPN LRX Keccak Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 7 /39

  8. Parallel Encryption/Decryption Fully/Fully 14 1 Fully/No 5 10 Partly/Partly No/No Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 8 /39

  9. Online Encryption/Decryption Fully/Fully 27 3 No/No Encryption of a message block M i only depends on message blocks M 1 . . . M i � 1 . Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 9 /39

  10. Inverse Free Yes 19 10 No Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 10 /39

  11. Security Proof Yes 24 6 No Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 11 /39

  12. Nonce-Missuse Resistance None 16 1 2 Intermediate 7 Max (O ffl ine Ciphers) Longest Common Prefix (Online Ciphers) Longest common prefix: an adversary can observe the longest common prefix of messages for repeated nonces Max: the repetition of nonces only leak the ability to see a repeated message Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 12 /39

  13. Software Optimizations 1. Classification of the 2 nd round CAESAR Candidates 2. Software Optimizations 3. Benchmarking Framework 4. Results 5. Conclusions Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 13 /39

  14. Software Optimizations AES New Instructions Streaming SIMD Extensions 12 9 4 7 4 NEON 6 No Software Optimization Dedicated Processor Optimizations Advanced Vector Instructions Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 14 /39

  15. AES-New Instructions Instructions � 2010 Westmere microarchitecture I Introduced with Intel R I Consists of 6 new instructions that are implemented in hardware I Four instructions for encryption/decryption ( i.e. AESENC , AESENCLAST , AESDEC , AESDECLAST ) I Two instructions for the keyschedule ( i.e. AESKEYGENASSIST , AESIMC ) Performance I 10 times faster for parallel modes ( i.e. CTR) I 2-3 times faster for non-parallel modes ( i.e. CBC) Security I Improved security against side channel attacks [Gue12] Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 15 /39

  16. AES-New Instructions Instructions � 2010 Westmere microarchitecture I Introduced with Intel R I Consists of 6 new instructions that are implemented in hardware I Four instructions for encryption/decryption ( i.e. AESENC , AESENCLAST , AESDEC , AESDECLAST ) I Two instructions for the keyschedule ( i.e. AESKEYGENASSIST , AESIMC ) Performance I 10 times faster for parallel modes ( i.e. CTR) I 2-3 times faster for non-parallel modes ( i.e. CBC) Security I Improved security against side channel attacks [Gue12] Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 15 /39

  17. AES-New Instructions Instructions � 2010 Westmere microarchitecture I Introduced with Intel R I Consists of 6 new instructions that are implemented in hardware I Four instructions for encryption/decryption ( i.e. AESENC , AESENCLAST , AESDEC , AESDECLAST ) I Two instructions for the keyschedule ( i.e. AESKEYGENASSIST , AESIMC ) Performance I 10 times faster for parallel modes ( i.e. CTR) I 2-3 times faster for non-parallel modes ( i.e. CBC) Security I Improved security against side channel attacks [Gue12] Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 15 /39

  18. Streaming SIMD Extensions Instructions I Vector-mode operations that enables parallel execution of one instruction on multible data I 16 · 128-bit registers (xmm0-15) � processor generations to include SSE2, I Expanded over Intel R SSE3/SSE3S and SSE4 Image: https://software.intel.com/sites/default/files/37208.gif Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 16 /39

  19. Advanced Vector Extensions Instructions � SandyBridge microarchitecture I Introduced with Intel R I Extends SSE 128-bit registers with 16 new 256-bit registers (ymm0-15) I Support of three-operand non-destructive operations (two-operand instructions e.g. A = A + B are replaced by three-operand instructions e.g. A = B + C) I AVX2 instructions expand integer vector types and vector shift operations Performance I AVX is 1.8 times faster than fastest SSE4.2 instructions [Len14] I AVX2 is 2.8 times faster than fastest SSE4.2 instructions [Len14] Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 17 /39

  20. Advanced Vector Extensions Instructions � SandyBridge microarchitecture I Introduced with Intel R I Extends SSE 128-bit registers with 16 new 256-bit registers (ymm0-15) I Support of three-operand non-destructive operations (two-operand instructions e.g. A = A + B are replaced by three-operand instructions e.g. A = B + C) I AVX2 instructions expand integer vector types and vector shift operations Performance I AVX is 1.8 times faster than fastest SSE4.2 instructions [Len14] I AVX2 is 2.8 times faster than fastest SSE4.2 instructions [Len14] Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 17 /39

  21. NEON Instructions I Advanced SIMD instructions for ARM processors avaliable since CORTEX-A microarchitecture I 32 · 64-bit registers (dual view 16 · 128-bit registers) Performance I 2-8 times performance boost [neo] Image: http://www.arm.com/assets/images/NEON_ISA.jpg Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 18 /39

  22. NEON Instructions I Advanced SIMD instructions for ARM processors avaliable since CORTEX-A microarchitecture I 32 · 64-bit registers (dual view 16 · 128-bit registers) Performance I 2-8 times performance boost [neo] Image: http://www.arm.com/assets/images/NEON_ISA.jpg Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 18 /39

  23. Benchmarking Framework 1. Classification of the 2 nd round CAESAR Candidates 2. Software Optimizations 3. Benchmarking Framework 4. Results 5. Conclusions Software Benchmarking of the 2nd round CAESAR Candidates Ralph Ankele - Royal Holloway, University of London slide 19 /39

Recommend

Toward Fair and Comprehensive Benchmarking of CAESAR Candidates in Hardware: Standard API,

Toward Fair and Comprehensive Benchmarking of CAESAR Candidates in Hardware: Standard API,

Toward Fair and Comprehensive Benchmarking of CAESAR Candidates in Hardware: Standard API, High-Speed ImplementaCons in VHDL/Verilog, and Benchmarking Using FPGAs Ekawat Homsirikamol, William Diehl, Ahmed Ferozpuri, Farnoud Farahmand, Michael

908 views • 53 slides
An Alterna)ve Approach to Hardware Benchmarking of CAESAR Candidates Based on the Use of

An Alterna)ve Approach to Hardware Benchmarking of CAESAR Candidates Based on the Use of

An Alterna)ve Approach to Hardware Benchmarking of CAESAR Candidates Based on the Use of High-Level Synthesis Tools Ekawat Homsirikamol and Kris Gaj George Mason University USA Based on work partially supported by the National Science

775 views • 50 slides
Software benchmarking of SHA-3 candidates http://bench.cr.yp.to D. J. Bernstein University of

Software benchmarking of SHA-3 candidates http://bench.cr.yp.to D. J. Bernstein University of

Software benchmarking of SHA-3 candidates http://bench.cr.yp.to D. J. Bernstein University of Illinois at Chicago Tanja Lange Technische Universiteit Eindhoven Selecting cryptographic primitives NISTs final AES report, 2001: Security

950 views • 61 slides
Announcement of the CAESAR finalists Daniel J. Bernstein Announcement of the CAESAR finalists

Announcement of the CAESAR finalists Daniel J. Bernstein Announcement of the CAESAR finalists

Announcement of the CAESAR finalists Daniel J. Bernstein Announcement of the CAESAR finalists Daniel J. Bernstein CAESAR timeline planned in 2012 2013.01: Announce tentative schedule. 2014.01: Deadline for first-round submissions.

527 views • 10 slides
Classification of the CAESAR Candidates Farzaneh Abed Christian Forler Stefan Luck

Classification of the CAESAR Candidates Farzaneh Abed Christian Forler Stefan Luck

Introduction Design Approaches Functional Features Masking Methods Security Conclusion Classification of the CAESAR Candidates Farzaneh Abed Christian Forler Stefan Luck Bauhaus-Universit at Weimar ESC 2015, Luxembourg Jan, 2015

784 views • 62 slides
MSA Benchmarking Daniel Yuan and Stanley Liu Intro Benchmarking 6 MSA software 3

MSA Benchmarking Daniel Yuan and Stanley Liu Intro Benchmarking 6 MSA software 3

MSA Benchmarking Daniel Yuan and Stanley Liu Intro Benchmarking 6 MSA software 3 progressive methods Progressive T-Coffee 11.00.8cbe486 Heuristics Sequences -> Guide Tree MAFFT 7 -> MSA PSAlign

240 views • 5 slides
* Dr. Axel Voigt (voigt@caesar.de) research center caesar crystal growth group

* Dr. Axel Voigt (voigt@caesar.de) research center caesar crystal growth group

AMDiS Adaptive Multidimensional simulations: Parallel Concepts Parallel Concepts Christina Stcker (stoecker@caesar.de), Dr. Angel Ribalta (ribalta@caesar.de), Simon Vey (vey@caesar.de), * Dr. Axel Voigt (voigt@caesar.de) research

806 views • 23 slides
Sharing Resources Between AES and the SHA-3 Second Round Candidates Fugue and Grstl Kimmo

Sharing Resources Between AES and the SHA-3 Second Round Candidates Fugue and Grstl Kimmo

Sharing Resources Between AES and the SHA-3 Second Round Candidates Fugue and Grstl Kimmo Jrvinen Department of Information and Computer Science Aalto University, School of Science and Technology Espoo, Finland AES-inspired SHA-3

311 views • 12 slides
Fixslicing - Application to some NIST LWC round 2 candidates Alexandre Adomnicai Thomas Peyrin

Fixslicing - Application to some NIST LWC round 2 candidates Alexandre Adomnicai Thomas Peyrin

Fixslicing - Application to some NIST LWC round 2 candidates Alexandre Adomnicai Thomas Peyrin Nanyang Technological University, Singapore Temasek Laboratories, Singapore Lightweight Cryptography Workshop 2020 What this talk is about B Constant-time

510 views • 24 slides
Benchmarking: The Way Forward for Software Evolution Susan Elliott Sim University of

Benchmarking: The Way Forward for Software Evolution Susan Elliott Sim University of

Benchmarking: The Way Forward for Software Evolution Susan Elliott Sim University of California, Irvine ses@ics.uci.edu Background Developed a theory of benchmarking based on own experience and historical research Successful

730 views • 35 slides
FOSTERING RESEARCH THROUGH BENCHMARKING IN COMPUTER SCIENCE / SOFTWARE ENGINEERING FOUNDJEM

FOSTERING RESEARCH THROUGH BENCHMARKING IN COMPUTER SCIENCE / SOFTWARE ENGINEERING FOUNDJEM

FOSTERING RESEARCH THROUGH BENCHMARKING IN COMPUTER SCIENCE / SOFTWARE ENGINEERING FOUNDJEM ARMSTRONG SWART POLYTECHNIQUE MONTREAL PLAN Introduction Motivation & Background The BonFIRE Experiment Benchmarking in

370 views • 16 slides
BUILDING STRONG The Friends of Caesar Creek is hosted at the Visitor Center and conducts its

BUILDING STRONG The Friends of Caesar Creek is hosted at the Visitor Center and conducts its

Friends of Caesar Creek is a not-for-profit volunteer organization dedicated to educating the public about the natural resources of the Caesar Creek Lake Region. They support the educational, scientific, and historical activities of the region

497 views • 18 slides
Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or horizontal half-planes Round 1 Round 1 Round 1 Round 1 Round 1 h 1 D 2 " 1 =0.30 ! =0.42 1 Round 2 Round 2 Round 2 Round 2 Round

188 views • 5 slides
Layering CS 438: Spring 2014 Instructor: Matthew Caesar http://www.cs.illinois.edu/~caesar/cs438

Layering CS 438: Spring 2014 Instructor: Matthew Caesar http://www.cs.illinois.edu/~caesar/cs438

Layering CS 438: Spring 2014 Instructor: Matthew Caesar http://www.cs.illinois.edu/~caesar/cs438 Outline Last time: low-level plumbing Today: top-down architecting of the Internet Goals Layering Protocols The end-to-end

946 views • 58 slides
Software benchmarking http://bench.cr.yp.to D. J. Bernstein University of Illinois at Chicago

Software benchmarking http://bench.cr.yp.to D. J. Bernstein University of Illinois at Chicago

Software benchmarking http://bench.cr.yp.to D. J. Bernstein University of Illinois at Chicago Joint work with: Tanja Lange Technische Universiteit Eindhoven Selecting cryptographic primitives NISTs final AES report, 2001: Security was

686 views • 50 slides
Benchmarking case for validation of draping software K. Vanclooster, S.V. Lomov and I.Verpoest

Benchmarking case for validation of draping software K. Vanclooster, S.V. Lomov and I.Verpoest

Benchmarking case for validation of draping software K. Vanclooster, S.V. Lomov and I.Verpoest K.U. Leuven - Department of Metallurgy and Materials Engineering Downloaded from http://www.mtm.kuleuven.ac.be/Research/C2/poly/index.htm

92 views • 6 slides
Benchmarking Lunch-n-Learn March 18, 2019 Agenda 1. Why Benchmarking? 2. Introduction to

Benchmarking Lunch-n-Learn March 18, 2019 Agenda 1. Why Benchmarking? 2. Introduction to

Benchmarking Lunch-n-Learn March 18, 2019 Agenda 1. Why Benchmarking? 2. Introduction to SoCalREN 3. Benchmarking and Compliance Overview What is Energy Benchmarking What is ENERGY STAR Portfolio Manager California Building

368 views • 35 slides
The International Software Benchmarking Standards Group (ISBSG) The global and independent

The International Software Benchmarking Standards Group (ISBSG) The global and independent

The International Software Benchmarking Standards Group (ISBSG) The global and independent source of data and analysis for the IT industry ISBSG Mission To improve the management of IT resources by both business and government through the

422 views • 15 slides
Psychosocial Evaluation of Adult Cardiothoracic Transplant Candidates and Candidates for

Psychosocial Evaluation of Adult Cardiothoracic Transplant Candidates and Candidates for

Psychosocial Evaluation of Adult Cardiothoracic Transplant Candidates and Candidates for Long-term Mechanical Circulatory Support by Kathleen L. Grady, PhD, RN, MS, FAAN Administrative Director, Center for Heart Failure, Bluhm Cardiovascular

589 views • 47 slides
www.ExploreCalling.org www.ExploreCalling.org/presentations/aumcpbo 7436 active candidates 1295

www.ExploreCalling.org www.ExploreCalling.org/presentations/aumcpbo 7436 active candidates 1295

www.ExploreCalling.org www.ExploreCalling.org/presentations/aumcpbo 7436 active candidates 1295 candidates are under 30 35% of NEW candidates are U35* Under 35 Years Old * 2012 - 2013 NEW candidates by track* Chaplain Deacon Elder Local

898 views • 34 slides
Empirical Software Metrics for Benchmarking of Verification Tools Yulia Demyanova, Thomas Pani ,

Empirical Software Metrics for Benchmarking of Verification Tools Yulia Demyanova, Thomas Pani ,

Empirical Software Metrics for Benchmarking of Verification Tools Yulia Demyanova, Thomas Pani , Helmut Veith, Florian Zuleger TU Wien FMCAD17 Student Forum October 3, 2017 Fu Fully-au autom omated Soft oftwar are Verific ification

328 views • 14 slides
Mentoring Internal Candidates as Mentoring Internal Candidates as a Component of Leadership

Mentoring Internal Candidates as Mentoring Internal Candidates as a Component of Leadership

Mentoring Internal Candidates as Mentoring Internal Candidates as a Component of Leadership Development Maria Marques Workforce Reliability Workshop Series San Francisco Water, Power, Sewer , , Todays Presentation How EBMUD uses

458 views • 26 slides
Dockerization Impacts in Database Performance Benchmarking ..,

Dockerization Impacts in Database Performance Benchmarking ..,

Dockerization Impacts in Database Performance Benchmarking .., -05-18 The Problems of Benchmarking Confjguration process of a single node is complex and involves a lot of efgort Benchmarking client;

466 views • 7 slides
Cloud Benchmarking Estimating Cloud Application Performance Based on Micro Benchmark Profiling

Cloud Benchmarking Estimating Cloud Application Performance Based on Micro Benchmark Profiling

software evolution & architecture lab Department of Informatics s.e.a.l. Cloud Benchmarking Estimating Cloud Application Performance Based on Micro Benchmark Profiling Joel Scheuner 2017-06-15 Page 1 Master Thesis Defense software

510 views • 38 slides

More recommend