spin me right round rotational symmetry for fpga specific
play

Spin Me Right Round: Rotational Symmetry for FPGA-Specific AES CHES - PowerPoint PPT Presentation

Dec 07, 2022 •163 likes •572 views

Spin Me Right Round: Rotational Symmetry for FPGA-Specific AES CHES 2018, Amsterdam Grant. Nr. 16KIS0666 SYSKIT_HW Lauren De Meyer 1 , Amir Moradi 2 , Felix Wegener 2 1 imec - COSIC, KU Leuven, Belgium 2 Horst Grtz Institute for IT-Security,

  1. Spin Me Right Round: Rotational Symmetry for FPGA-Specific AES CHES 2018, Amsterdam Grant. Nr. 16KIS0666 SYSKIT_HW Lauren De Meyer 1 , Amir Moradi 2 , Felix Wegener 2 1 imec - COSIC, KU Leuven, Belgium 2 Horst Görtz Institute for IT-Security, Ruhr-Universität Bochum, Germany

  2. Embedded Security Group Area Optimization: ASICs vs FPGAs ASIC CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 2

  3. Embedded Security Group Area Optimization: ASICs vs FPGAs FPGA (Xilinx 6/7 series) ASIC Spartan-6 FPGA Configurable Logic Block User Guide CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 3

  4. Embedded Security Group FPGA Building Blocks (Xilinx) ▪ Slice contents: Slice – 4 LUT6 elements LUT 6 – Auxiliar MUX LUT – (8 registers) 6 LUT 6 LUT 6 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 4

  5. Embedded Security Group FPGA Building Blocks (Xilinx) ▪ Slice contents: Slice – 4 LUT6 elements LUT 6 – Auxiliar MUX LUT – (8 registers) 6 LUT 6 One slice can implement LUT 8 → 𝔾 2 function any 𝔾 2 6 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 5

  6. Embedded Security Group AES S-box Structure 𝑦 −1 = 𝑦 254 Power Map 𝐻𝐺(2 8 ) 𝐵𝑦 + 𝑐 Affine Map CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 6

  7. Embedded Security Group AES S-box in FPGAs ▪ Naive Approach: one slice per coordinate: 8 slices slice slice slice slice slice slice slice slice CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 7

  8. Embedded Security Group AES S-box in FPGAs ▪ Naive Approach: one slice per coordinate: 8 slices slice slice slice slice slice slice slice slice ▪ Algebraic degree 7 → no obvious improvements CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 8

  9. Embedded Security Group AES S-box in FPGAs ▪ Naive Approach: one slice per coordinate: 8 slices slice slice slice slice slice slice slice slice ▪ Algebraic degree 7 → no obvious improvements ▪ Tower field doesn‘t suit LUTs Canright. A Very Compact S-box for AES . CHES 2005 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 9

  10. Embedded Security Group AES S-box in FPGAs ▪ Naive Approach: one slice per coordinate: 8 slices slice slice slice slice slice slice slice slice Our Contribution: Reduction to 4 slices ▪ Algebraic degree 7 → no obvious improvements ▪ Tower field doesn‘t suit LUTs Canright: A Very Compact S-box for AES . CHES 2005 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 10

  11. Embedded Security Group Rotational Symmetry of Power Maps Inversion in 𝐻𝐺 2 8 : 𝑦 ↦ 𝑦 254 𝑦 ↦ 𝜚 𝑦 Conversion to normal base: Rotation: 𝑠𝑝𝑢 𝑏 0 , … , 𝑏 𝑜−1 = (𝑏 𝑜−1 , 𝑏 0 , … , 𝑏 𝑜−2 ) CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 11

  12. Embedded Security Group Rotational Symmetry of Power Maps Inversion in 𝐻𝐺 2 8 : 𝑦 ↦ 𝑦 254 𝑦 ↦ 𝜚 𝑦 Conversion to normal base: Rotation: 𝑠𝑝𝑢 𝑏 0 , … , 𝑏 𝑜−1 = (𝑏 𝑜−1 , 𝑏 0 , … , 𝑏 𝑜−2 ) Theorem 1 : Power Map: 𝐺(𝑦) = 𝑦 𝑛 in 𝐻𝐺(2 8 ) Normal base: 𝑇(𝑦) = 𝜚(𝐺(𝜚 −1 (𝑦))) ⇒ 𝑠𝑝𝑢(𝑇 𝑦 ) = 𝑇(𝑠𝑝𝑢(𝑦)) 1 Rijmen, Barreto, Gazzoni Filho. Rotation Symmetry in Algebraically Generated Cryptographic Substitution Tables . Information Processing Letters 2008 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 12

  13. Embedded Security Group Rotational Symmetry: Area Reduction Idea: Create circuit for only one coordinate function (LSB) 7 6 5 4 3 2 1 0 LSB of S-box: S* CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 13

  14. Embedded Security Group Rotational Symmetry: Area Reduction Idea: Create circuit for only one coordinate function (LSB) 6 5 4 3 2 1 0 7 LSB of S-box: S* CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 14

  15. Embedded Security Group Rotational Symmetry: Area Reduction Idea: Create circuit for only one coordinate function (LSB) 5 4 3 2 1 0 7 6 LSB of S-box: S* CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 15

  16. Embedded Security Group Rotational Symmetry: Area Reduction Idea: Create circuit for only one coordinate function (LSB) 0 7 6 5 4 3 2 1 LSB of S-box: S* CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 16

  17. Embedded Security Group AES S-box: Byte-serial Circuit ▪ Transformation to (p2n) and from (n2p) normal basis p2n 𝑦 ▪ Occupies 4 slices: 8 8 16LUTs / 15Regs ▪ Latency: 8 cycles 1 8 R2 𝑇 ∗ 1 7 8 n2p 𝑧 8 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 17

  18. Embedded Security Group First Design: Improve smallest FPGA-specific AES CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 18

  19. Embedded Security Group Former record by Sasdrich et al. 1 ▪ 21 slices on Xilinx Spartan-6 ▪ 15 slices shown + 6 for control unit K P Key Mix RAM Col. 256 Naive S-Box MUX MUX & C 2:1 4:1 (8 slices) State Add RAM RndK 256 1 Sasdrich, Güneysu. A grain in the silicon: SCA-protected AES in less than 30 slices . ASAP 2016 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 19

  20. Embedded Security Group Former record by Sasdrich et al. 1 ▪ 21 slices on Xilinx Spartan-6 ▪ 15 slices shown + 6 for control unit K P Key Mix RAM Col. 256 Naive S-Box MUX MUX & C 2:1 4:1 (8 slices) State Add RAM RndK 256 2 slices 2 slices 1 slice 2 slices 1 Sasdrich, Güneysu. A grain in the silicon: SCA-protected AES in less than 30 slices . ASAP 2016 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 20

  21. Embedded Security Group Former record by Sasdrich et al. 1 ▪ 21 slices on Xilinx Spartan-6 ▪ 15 slices shown + 6 for control unit K P Key Mix RAM Col. 256 Our S-Box MUX MUX & C 2:1 (4 slices) 4:1 State Add RAM RndK 256 Total design: 17 slices 1 Sasdrich, Güneysu. A grain in the silicon: SCA-protected AES in less than 30 slices . ASAP 2016 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 21

  22. Embedded Security Group Second Design: Port smallest AES on ASICs to FPGAs CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 22

  23. Embedded Security Group Bitsliding Design: Jean et al , CHES 2017 1 Adapt smallest ASIC-based AES to FPGAs 1 Jean, Moradi, Peyrin, Sasdrich. Bit-sliding: A generic technique for bit-serial implementations of SPN-based primitives - applications to AES, PRESENT and SKINNY . CHES 2017 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 23

  24. Embedded Security Group Bitsliding Design: Jean et al , CHES 2017 1 Adapt smallest ASIC-based AES to FPGAs 1 Jean, Moradi, Peyrin, Sasdrich. Bit-sliding: A generic technique for bit-serial implementations of SPN-based primitives - applications to AES, PRESENT and SKINNY . CHES 2017 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 24

  25. Embedded Security Group Fully-bitserial S-box ▪ Bitserial in-/output R1 𝑦 𝑗 ▪ Area: 4 slices: 1 1 7 8 8 16 LUTs, 16 Regs 𝑇 ∗ p2n ▪ Latency: 16 Cycles 8 R2 𝑧 𝑗 1 7 8 n2p 8 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 25

  26. Embedded Security Group Bitsliding Design: Jean et al , CHES 2017 1 Adapt smallest ASIC-based AES to FPGAs 1 Jean, Moradi, Peyrin, Sasdrich. Bit-sliding: A generic technique for bit-serial implementations of SPN-based primitives - applications to AES, PRESENT and SKINNY . CHES 2017 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 26

  27. Embedded Security Group Bitsliding on an FPGA ▪ 4 LUTs as 32-bit shift registers ▪ Shiftrows: 32 cycles ▪ Mixcolumns: 32 cycles 1 slice 4 LUTs 2 slices Total design: 63 LUTs 6 LUTs, 4 FF CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 27

  28. Embedded Security Group Comparison Design # LUTs # Flipflops # Slices #Clockcyc. Max. Freq. Sasdrich et al. [SG16] 84 24 21 1471 108 Mhz Our AES based on [SG16] 68 39 17 5538 109 Mhz Our AES based on [JMPS17] 63 38 19 4852 155 Mhz [SG16] Sasdrich, Güneysu. A grain in the silicon: SCA-protected AES in less than 30 slices . ASAP 2016 [JMPS17] Jean, Moradi, Peyrin, Sasdrich. Bit-sliding: A generic technique for bit-serial implementations of SPN-based primitives - applications to AES, PRESENT and SKINNY . CHES 2017 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 28

  29. Embedded Security Group Third Design: Smallest First-order secure AES on FPGAs CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 29

  30. Embedded Security Group Masking ▪ Decomposition into cubic function 1 : 𝑦 −1 = 𝑦 254 = 𝑦 26 49 ▪ Implement one coordinate of each cubic function: 𝐻 ∗ 𝜚(𝑦) = 𝜚(𝑦 26 ), 𝐺 ∗ 𝜚(𝑦) = 𝜚(𝑦 49 ) 1 Moradi. Advances in Side-channel Security. 2016 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 30

  31. Embedded Security Group Masking ▪ Decomposition into cubic function 1 : 𝑦 −1 = 𝑦 254 = 𝑦 26 49 ▪ Implement one coordinate of each cubic function: 𝐻 ∗ 𝜚(𝑦) = 𝜚(𝑦 26 ), 𝐺 ∗ 𝜚(𝑦) = 𝜚(𝑦 49 ) ▪ Find first-order masking (CMS 2 ): any-order: 𝑒 + 1 input sh. / 𝑒 + 1 𝑢 output sh. first-order: 2 input shares / 8 output shares 1 Moradi. Advances in Side-channel Security. 2016 2 Reparaz, Bilgin, Nikova, Gierlichs, Verbauwhede. Consolidating masking schemes . CRYPTO 2015 CHES 2018| Amsterdam | 12.09.2018 Felix Wegener 31

Recommend

Breaking and restoration of rotational symmetry in the spectrum of conjugate nuclei on the

Breaking and restoration of rotational symmetry in the spectrum of conjugate nuclei on the

Introduction The Framework Finite Volume Effects Discretization Effects Conclusion Appendix 57th International Winter Meeting on Nuclear Physics - Bormio, Italy Breaking and restoration of rotational symmetry in the spectrum of

762 views • 41 slides
NN-Correlations in the spin symmetry energy of neutron matter Symmetry energy of nuclear

NN-Correlations in the spin symmetry energy of neutron matter Symmetry energy of nuclear

NN-Correlations in the spin symmetry energy of neutron matter Symmetry energy of nuclear matter Spin symmetry energy of neutron matter. Kinetic and potential energy contributions. A. Rios, I. Vidaa, A. Carbone, C. Providencia, W.

668 views • 48 slides
Rotational Momentum Observation Experiment 1 - Figure Skater Observation Experiment 2 - Diver

Rotational Momentum Observation Experiment 1 - Figure Skater Observation Experiment 2 - Diver

Rotational Momentum Observation Experiment 1 - Figure Skater Observation Experiment 2 - Diver Rotational Momentum Observation Experiment 3 You sit on a chair that can spin with little friction and hold barbells far from your body. You spin

355 views • 17 slides
From OO to FPGA: From OO to FPGA: Fitting Round Objects Fitting Round Objects into Square

From OO to FPGA: From OO to FPGA: Fitting Round Objects Fitting Round Objects into Square

From OO to FPGA: From OO to FPGA: Fitting Round Objects Fitting Round Objects into Square Hardware? into Square Hardware? Stephen Kou Stephen Kou Jens Palsberg Jens Palsberg UCLA Computer Science Department UCLA Computer Science

429 views • 31 slides
P4, FPGA, HLS Domain-specific language - network data forwarding Standardized and

P4, FPGA, HLS Domain-specific language - network data forwarding Standardized and

P4, FPGA, HLS Domain-specific language - network data forwarding Standardized and maintained by P4 Language Consortium @ p4.org Independent of network protocols (VLAN, VxLAN, INT, ) and target architectures (ASIC, FPGA, NPU,

343 views • 9 slides
Higgsing the stringy higher spin symmetry Ida Zadeh Brandeis University All about AdS 3 workshop

Higgsing the stringy higher spin symmetry Ida Zadeh Brandeis University All about AdS 3 workshop

Higgsing the stringy higher spin symmetry Ida Zadeh Brandeis University All about AdS 3 workshop ETH Z urich November 19, 2015 Based on: M. R. Gaberdiel, C. Peng, and IGZ, 1506.02045 Stringy symmetries at tensionless point In the context of

708 views • 29 slides
Topological symmetry and (de)confinement in gauge theories and spin systems Mithat Unsal,

Topological symmetry and (de)confinement in gauge theories and spin systems Mithat Unsal,

Topological symmetry and (de)confinement in gauge theories and spin systems Mithat Unsal, SLAC, Stanford University based on arXiv:0804.4664 QCD* parts with M. Shifman Thanks to Eun-ah Kim, B. Marston, M. Shifman, J. Harvey, M.

610 views • 32 slides
Symmetry Detection in Building Footprints Presentation of the Master's thesis Hagen Schwa

Symmetry Detection in Building Footprints Presentation of the Master's thesis Hagen Schwa

Symmetry Detection in Building Footprints Presentation of the Master's thesis Hagen Schwa Introduction Symmetry is a fundamental element of design in architecture Building group with reflectional The rotational symmetric symmetries

653 views • 20 slides
Non-equilibrium phenomena in spinor Bose gases Dan S tamper-Kurn University of California,

Non-equilibrium phenomena in spinor Bose gases Dan S tamper-Kurn University of California,

Non-equilibrium phenomena in spinor Bose gases Dan S tamper-Kurn University of California, Berkeley outline Introductory material Interactions under rotational symmetry Energy scales Ground states S pin dynamics microscopic spin mixing

1.03k views • 63 slides
Integrable spin chains with U(1) 3 symmetry Lisa Freyhult Helsinki 28/10 2005

Integrable spin chains with U(1) 3 symmetry Lisa Freyhult Helsinki 28/10 2005

Deformations in AdS/CFT Integrable spin chains with U(1) 3 symmetry Lisa Freyhult Helsinki 28/10 2005 freyhult@nordita.dk Deformations in AdS/CFT p.1/30 Plan Introduction -deformation and generalisations in gauge theory

437 views • 30 slides
1 AP Physics C Mechanics Rotational Motion 20151203 www.njctl.org 2 Table of Contents

1 AP Physics C Mechanics Rotational Motion 20151203 www.njctl.org 2 Table of Contents

1 AP Physics C Mechanics Rotational Motion 20151203 www.njctl.org 2 Table of Contents Click on the topic to go to that section Rotational Kinematics Review Rotational Dynamics Rotational Kinetic Energy Angular Momentum

1.46k views • 130 slides
Symmetry Transforms 1 1 Motivation Symmetry is everywhere 2 Motivation Symmetry is

Symmetry Transforms 1 1 Motivation Symmetry is everywhere 2 Motivation Symmetry is

Symmetry Transforms 1 1 Motivation Symmetry is everywhere 2 Motivation Symmetry is everywhere Perfect Symmetry [Blum 64, 67] [Wolter 85] [Minovic 97] [Martinet 05] 3 Motivation Symmetry is everywhere Local Symmetry

741 views • 45 slides
AP Physics C - Mechanics Rotational Motion 2015-12-03 www.njctl.org Slide 3 / 130 Table of

AP Physics C - Mechanics Rotational Motion 2015-12-03 www.njctl.org Slide 3 / 130 Table of

Slide 1 / 130 Slide 2 / 130 AP Physics C - Mechanics Rotational Motion 2015-12-03 www.njctl.org Slide 3 / 130 Table of Contents Click on the topic to go to that section Rotational Kinematics Review Rotational Dynamics Rotational

562 views • 54 slides
FPGA What is a FPGA? How FPGAs work How do they work? Manufacturers

FPGA What is a FPGA? How FPGAs work How do they work? Manufacturers

2/21/2012 Content FPGA What is a FPGA? How FPGAs work How do they work? Manufacturers Distributed RAM History FPGA vs ASIC FPGA and Microprocessors Alternatives to FPGAs ETI135, Advanced Digital IC Design

123 views • 10 slides
Software into GPU code, Multicore Software and FPGA Hardware Satnam Singh Microsoft Research,

Software into GPU code, Multicore Software and FPGA Hardware Satnam Singh Microsoft Research,

Synthesis of Data-Parallel GPU Software into GPU code, Multicore Software and FPGA Hardware Satnam Singh Microsoft Research, Cambridge UK locks monitors condition variables spin locks priority inversion FPGA hardware (VHDL, ISE) GPU

1.16k views • 86 slides
Rotational Dynamics I Rotational Kinetic Energy Moment of Inertia Calculating the

Rotational Dynamics I Rotational Kinetic Energy Moment of Inertia Calculating the

Rotational Dynamics I Rotational Kinetic Energy Moment of Inertia Calculating the Moment of Inertia Vector Product Torque Newtons 2nd Law for Rotation Homework 1 Rotational Kinetic Energy K i = 1 i = 1 2 m i v 2 2 m

538 views • 15 slides
WWW.FPGA What is an FPGA? Field Programmable Gate Array Introduction to FPGA designs

WWW.FPGA What is an FPGA? Field Programmable Gate Array Introduction to FPGA designs

WWW.FPGA What is an FPGA? Field Programmable Gate Array Introduction to FPGA designs Generic logic cells + Programmable switches Why do we use it? High performance & Flexible Shorter time to market Joachim Rodrigues

308 views • 8 slides
Parallel Programming and Heterogeneous Computing FPGA Accelerators Max Plauth, Sven Khler, Felix

Parallel Programming and Heterogeneous Computing FPGA Accelerators Max Plauth, Sven Khler, Felix

Parallel Programming and Heterogeneous Computing FPGA Accelerators Max Plauth, Sven Khler, Felix Eberhardt, Lukas Wenzel and Andreas Polze Operating Systems and Middleware Group FPGA Hardware Characteristics Application Specific Integrated

591 views • 10 slides
Validity of spin wave theory for the quantum Heisenberg model Alessandro Giuliani Based on joint

Validity of spin wave theory for the quantum Heisenberg model Alessandro Giuliani Based on joint

Validity of spin wave theory for the quantum Heisenberg model Alessandro Giuliani Based on joint work with M. Correggi and R. Seiringer GGI, Arcetri, May 30, 2014 Outline 1 Introduction: continuous symmetry breaking and spin waves 2 Main

925 views • 59 slides
Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or horizontal half-planes Round 1 Round 1 Round 1 Round 1 Round 1 h 1 D 2 " 1 =0.30 ! =0.42 1 Round 2 Round 2 Round 2 Round 2 Round

188 views • 5 slides
Rotation of a Rigid Body Topics: Rotational Motion Rotation About the Center of Mass

Rotation of a Rigid Body Topics: Rotational Motion Rotation About the Center of Mass

Rotation of a Rigid Body Topics: Rotational Motion Rotation About the Center of Mass Rotational Energy Calculating Moment of Inertia Torque Rotational Dynamics Rotation About a Fixed Axis Static Equilibrium

160 views • 3 slides
What is the execution time of spin(n) when n = 1 000 000? Function spin(n) : void spin(int n) {

What is the execution time of spin(n) when n = 1 000 000? Function spin(n) : void spin(int n) {

What is the execution time of spin(n) when n = 1 000 000? Function spin(n) : void spin(int n) { int i = n; while (--i >= 0); } Computer: Intel Pentium 4 workstation with 1.5 GHz i686 processor (1st-level cache: 8 KB, 8- way associative

522 views • 12 slides
CDA 4253 FPGA System Design Introduction to VHDL Hao Zheng Dept of Comp Sci & Eng USF

CDA 4253 FPGA System Design Introduction to VHDL Hao Zheng Dept of Comp Sci & Eng USF

CDA 4253 FPGA System Design Introduction to VHDL Hao Zheng Dept of Comp Sci & Eng USF Reading P. Chu, FPGA Prototyping by VHDL Examples - Chapter 1, Gate-level combinational circuits Xilinx XST User Guide - Xilinx specific

1.49k views • 92 slides
9/2/2015 Spin Currents An overview Sources of Spin Currents Spin current introduction Spin

9/2/2015 Spin Currents An overview Sources of Spin Currents Spin current introduction Spin

9/2/2015 Spin Currents An overview Sources of Spin Currents Spin current introduction Spin angular momentum current sources Sergio O. Valenzuela ICREA and Catalan Institute of Nanoscience and Nanotechnology (ICN2), Barcelona, Spain

263 views • 12 slides

More recommend