suggestions for hardware evaluation of cryptographic
play

Suggestions for Hardware Evaluation of Cryptographic Algorithms - PowerPoint PPT Presentation

Dec 09, 2023 •286 likes •798 views

Suggestions for Hardware Evaluation of Cryptographic Algorithms Frank K. G urkaynak Microelectronics Design Center, ETH Z urich 6 July 2012 My Goal To improve the quality of hardware evaluations for crypto algorithms. Microelectronics

  1. Suggestions for Hardware Evaluation of Cryptographic Algorithms Frank K. G¨ urkaynak Microelectronics Design Center, ETH Z¨ urich 6 July 2012

  2. My Goal To improve the quality of hardware evaluations for crypto algorithms. Microelectronics Design Center Department of Information Technology 2 / 26 Zurich and Electrical Engineering

  3. My Goal To improve the quality of hardware evaluations for crypto algorithms. Problems Many degrees of freedom in Hardware Design Microelectronics Design Center Department of Information Technology 2 / 26 Zurich and Electrical Engineering

  4. My Goal To improve the quality of hardware evaluations for crypto algorithms. Problems Many degrees of freedom in Hardware Design Is costly (time/money) not many are performed Microelectronics Design Center Department of Information Technology 2 / 26 Zurich and Electrical Engineering

  5. My Goal To improve the quality of hardware evaluations for crypto algorithms. Problems Many degrees of freedom in Hardware Design Is costly (time/money) not many are performed Different goals, technologies, metrics Microelectronics Design Center Department of Information Technology 2 / 26 Zurich and Electrical Engineering

  6. My Goal To improve the quality of hardware evaluations for crypto algorithms. Problems Many degrees of freedom in Hardware Design Is costly (time/money) not many are performed Different goals, technologies, metrics Studies are therefore not comparable Microelectronics Design Center Department of Information Technology 2 / 26 Zurich and Electrical Engineering

  7. My Experience: AES Rijndael and Serpent http://dx.doi.org/10.1007/3-540-36400-5_12 Microelectronics Design Center Department of Information Technology 3 / 26 Zurich and Electrical Engineering

  8. My Experience: E-stream Microelectronics Design Center Department of Information Technology 4 / 26 Zurich and Electrical Engineering

  9. My Experience: SHA-3 Collaboration with K. Gaj http://dx.doi.org/10.1007/978-3-642-15031-9_17 Microelectronics Design Center Department of Information Technology 5 / 26 Zurich and Electrical Engineering

  10. So What is Wrong? Some observations Hardware design needs constraints! Hardware design is an exercise in finding the best circuit that satisfies given constraints . Microelectronics Design Center Department of Information Technology 6 / 26 Zurich and Electrical Engineering

  11. So What is Wrong? Some observations Hardware design needs constraints! Hardware design is an exercise in finding the best circuit that satisfies given constraints . Until now Implementers choose some constraints arbitrarily Results are not comparable between studies Can not make conlusions Microelectronics Design Center Department of Information Technology 6 / 26 Zurich and Electrical Engineering

  12. So What is Wrong? Some observations Hardware design needs constraints! Hardware design is an exercise in finding the best circuit that satisfies given constraints . Until now Implementers choose some constraints arbitrarily Results are not comparable between studies Can not make conlusions Any constraint is better than none The exact constraint is not very important. Microelectronics Design Center Department of Information Technology 6 / 26 Zurich and Electrical Engineering

  13. What do we suggest ? To improve the quality of hardware evaluations for crypto algorithms. Microelectronics Design Center Department of Information Technology 7 / 26 Zurich and Electrical Engineering

  14. What do we suggest ? To improve the quality of hardware evaluations for crypto algorithms. Four suggestions Define a standard testbench . Specify a target application scenario. State reference IC technology and FPGA device for comparisons. Submitters should include HDL code. Microelectronics Design Center Department of Information Technology 7 / 26 Zurich and Electrical Engineering

  15. #1: Standard Testbench The call should include a standard testbench for hardware implementations which should read the same KAT files as software models. Microelectronics Design Center Department of Information Technology 8 / 26 Zurich and Electrical Engineering

  16. Why a Standard Testbench ? Testbench determines the interface I/O bit-widths Processing order Additional functionality Microelectronics Design Center Department of Information Technology 9 / 26 Zurich and Electrical Engineering

  17. Why a Standard Testbench ? Testbench determines the interface I/O bit-widths Processing order Additional functionality Removes ambiguity about auxillary (non-vital) functions, which may have non-negligable impact on results Microelectronics Design Center Department of Information Technology 9 / 26 Zurich and Electrical Engineering

  18. #2: Define Application Scenario The call should include define an application scenario for hardware designs that sets clear constraints for the circuits. Microelectronics Design Center Department of Information Technology 10 / 26 Zurich and Electrical Engineering

  19. Hardware Design Targets Differ Microelectronics Design Center Department of Information Technology 11 / 26 Zurich and Electrical Engineering

  20. Scenario Examples Some suggestions Sensor Node Messages of 32 to 512 bits Throughput 100 kbits/s Key change every 3 months Priority energy consumption Second priority small area Microelectronics Design Center Department of Information Technology 12 / 26 Zurich and Electrical Engineering

  21. Scenario Examples Some suggestions Sensor Node Embedded core Messages of 32 bits to 4 Mbits Throughput 100 Mbits/s Key change every 10ms Priority energy/bit Second priority small area Microelectronics Design Center Department of Information Technology 12 / 26 Zurich and Electrical Engineering

  22. Scenario Examples Some suggestions Sensor Node Embedded core Data Center Messages of 2 10 bits to 2 64 bits Throughput 10 Gbits/s Key change every 2 14 bits Priority throughput per area Second priority power Microelectronics Design Center Department of Information Technology 12 / 26 Zurich and Electrical Engineering

  23. Why One Scenario Should Suffice Defining more than one scenario Is more work Preparing good scenarios is difficult. Microelectronics Design Center Department of Information Technology 13 / 26 Zurich and Electrical Engineering

  24. Why One Scenario Should Suffice Defining more than one scenario Is more work Preparing good scenarios is difficult. Will result in fewer data to compare Groups will choose one of the scenarios, reduce data points Microelectronics Design Center Department of Information Technology 13 / 26 Zurich and Electrical Engineering

  25. Why One Scenario Should Suffice Defining more than one scenario Is more work Preparing good scenarios is difficult. Will result in fewer data to compare Groups will choose one of the scenarios, reduce data points 2 or 3 will also not be enough There will always be an argument for more . Microelectronics Design Center Department of Information Technology 13 / 26 Zurich and Electrical Engineering

  26. Why One Scenario Should Suffice Defining more than one scenario Is more work Preparing good scenarios is difficult. Will result in fewer data to compare Groups will choose one of the scenarios, reduce data points 2 or 3 will also not be enough There will always be an argument for more . Suggestion: One rather conservative scenario Microelectronics Design Center Department of Information Technology 13 / 26 Zurich and Electrical Engineering

  27. Standard does not Mean Universal Actual applications will vary The goal is to achieve uniform results Not necessarily optimal for all applications. Consistency is more important. Microelectronics Design Center Department of Information Technology 14 / 26 Zurich and Electrical Engineering

  28. Standard does not Mean Universal Actual applications will vary The goal is to achieve uniform results Not necessarily optimal for all applications. Consistency is more important. Not possible to account for everything! It should not be the goal of the call to do so. Microelectronics Design Center Department of Information Technology 14 / 26 Zurich and Electrical Engineering

  29. Standard does not Mean Universal Actual applications will vary The goal is to achieve uniform results Not necessarily optimal for all applications. Consistency is more important. Not possible to account for everything! It should not be the goal of the call to do so. Free to evaluate different options Every evaluation should use standard, but free to explore other options. Microelectronics Design Center Department of Information Technology 14 / 26 Zurich and Electrical Engineering

  30. #3: Choose a Reference Technology The call should determine a reference technology and standard cell library for ASIC implementations and a reference FPGA device to be used for comparisons. Microelectronics Design Center Department of Information Technology 15 / 26 Zurich and Electrical Engineering

  31. Even if Same Technology is Used Significant differences depending on: Manufacturer Performance of UMC != ST != TSMC Microelectronics Design Center Department of Information Technology 16 / 26 Zurich and Electrical Engineering

Recommend

Hardware evaluation and procurement Hardware: competition, evolution, Evaluation of CPU nodes

Hardware evaluation and procurement Hardware: competition, evolution, Evaluation of CPU nodes

Hardware evaluation and procurement Yannick Perret Hardware evaluation and procurement Hardware: competition, evolution, Evaluation of CPU nodes manufactur- ers. . . for procurement purposes at CC-IN2P3 Hardware: CPU Manufacturers

394 views • 21 slides
Open Source Hardware Verification A survey and suggestions for future work Ben Marshall

Open Source Hardware Verification A survey and suggestions for future work Ben Marshall

29th March 2019 Open Source Hardware Verification A survey and suggestions for future work Ben Marshall University of Bristol Computer Science Department Open Source Hardware Verification Outline Open Source Hardware Verification 2019-03-07

189 views • 6 slides
Does gate count matter? Hardware efficiency of logic-minimization techniques for cryptographic

Does gate count matter? Hardware efficiency of logic-minimization techniques for cryptographic

Does gate count matter? Hardware efficiency of logic-minimization techniques for cryptographic primitives Shashank Raghuraman and Leyla Nazhandali Abstract Logical metrics such as gate count have been extensively used in estimating the hardware

401 views • 12 slides
Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted

Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted

Practical Secure Two-Party Computation and Applications Lecture 4: Hardware-Assisted Cryptographic Protocols Estonian Winter School in Computer Science 2016 Motivation 2 Two Areas Cryptographic Protocols Secure Hardware strong security

759 views • 52 slides
CACHE-TIMING ATTACKS ON RSA KEY GENERATION Conference on Cryptographic Hardware and Embedded

CACHE-TIMING ATTACKS ON RSA KEY GENERATION Conference on Cryptographic Hardware and Embedded

CACHE-TIMING ATTACKS ON RSA KEY GENERATION Conference on Cryptographic Hardware and Embedded Systems (CHES) 2019 Alejandro Cabrera Aldaya 1 , Cesar Pereida Garca 2 , Luis Manuel Alvarez Tapia 1 , Billy Bob Brumley 2 , {aldaya,

371 views • 21 slides
Summary Introduction & Cryptographic Background Hardware Support for Physical Security

Summary Introduction & Cryptographic Background Hardware Support for Physical Security

Summary Introduction & Cryptographic Background Hardware Support for Physical Security Side Channel Attacks Arnaud Tisserand Fault Injection Attacks CNRS, Lab-STICC laboratory CRiSIS 2017, Dinard, France Protections Examples

266 views • 15 slides
Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15 000 Messages Graham Steel joint work with R. Bardou, R. Focardi, Y. Kawamoto, L. Simionato, J.-K. Tsay CRYPTO August 2012 BLUF (Bottom Line Up

602 views • 19 slides
Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15

Efficient Padding Oracle Attacks On Cryptographic Hardware or The Million Message Attack in 15 000 Messages Graham Steel joint work with R. Bardou, R. Focardi, Y. Kawamoto, L. Simionato, J. Kai-Tsay CRYPTO August 2012 BLUF (Bottom Line Up

584 views • 42 slides
Open Source Hardware Verification A survey and suggestions for future work Ben Marshall

Open Source Hardware Verification A survey and suggestions for future work Ben Marshall

29th March 2019 Open Source Hardware Verification A survey and suggestions for future work Ben Marshall University of Bristol Computer Science Department Open Source Hardware Verification 29th March 2019 Outline Introduction & Motivation

958 views • 17 slides
White-Box Cryptography Matthieu Rivain CARDIS 2017 How to protect a cryptographic key? How to

White-Box Cryptography Matthieu Rivain CARDIS 2017 How to protect a cryptographic key? How to

White-Box Cryptography Matthieu Rivain CARDIS 2017 How to protect a cryptographic key? How to protect a cryptographic key? Well, put it in a smartcard of course! ... or any piece of secure hardware But... Secure hardware is expensive

1.6k views • 98 slides
Automatic Annotation Suggestions for Audiovisual Archives: Evaluation Aspects L.Gazendam,

Automatic Annotation Suggestions for Audiovisual Archives: Evaluation Aspects L.Gazendam,

Automatic Annotation Suggestions for Audiovisual Archives: Evaluation Aspects L.Gazendam, V.Malaise,A.Jong,C.Wartena,H.Brugman, G.Schreiber Evi Kiagia NLP/Text Mining for historical documents Framework of the Project Initiative forwarded

589 views • 27 slides
CHES Tutorial Cryptographic hardware: how to make it cool, fast and secure Junfeng Fan KULeuven,

CHES Tutorial Cryptographic hardware: how to make it cool, fast and secure Junfeng Fan KULeuven,

9/9/2012 CHES Tutorial Cryptographic hardware: how to make it cool, fast and secure Junfeng Fan KULeuven, ESAT/SCD-COSIC CHES 2012 Crypto hardware 9/9/2012 CHES Tutorial: Crypto hardware design 3 1 9/9/2012 Smart card SoC (NXP P60C080)

826 views • 54 slides
The IBM 4758 Secure Cryptographic Coprocessor Hardware Architecture and Physical Security Steve

The IBM 4758 Secure Cryptographic Coprocessor Hardware Architecture and Physical Security Steve

The IBM 4758 Secure Cryptographic Coprocessor Hardware Architecture and Physical Security Steve Weingart Senior Engineer (561) 392 6100 c1shw@us.ibm.com Secure Systems and Smart Cards IBM T.J. Watson Research Center Hawthorne, NY 4758 PCI

386 views • 11 slides
Summary Security: Applications & Aspects Part I Cryptographic Features Introduction

Summary Security: Applications & Aspects Part I Cryptographic Features Introduction

Summary Security: Applications & Aspects Part I Cryptographic Features Introduction Software vs Hardware Support Hardware Acceleration Solutions Processor Extensions for Security Basic Cyphering Part II Symmetric vs Asymmetric

1.14k views • 21 slides
SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna Ors Yal cn Istanbul Technical University Department of Electronics and Communication Engineering Introduction A side-channel analysis attack

1.81k views • 99 slides
Good Practices for Designing Cryptographic Primitives in Hardware Miroslav Kne evi NXP

Good Practices for Designing Cryptographic Primitives in Hardware Miroslav Kne evi NXP

Good Practices for Designing Cryptographic Primitives in Hardware Miroslav Kne evi NXP Semiconductors miroslav.knezevic@nxp.com January 25, 2016 School on Design for a Secure IoT, Tenerife, 2016 THINGS Smart Plugs 3. January 28, 2016

1.09k views • 86 slides
Open-Source FPGA Implementation of Post-Quantum Cryptographic Hardware Primitives Rashmi Agrawal

Open-Source FPGA Implementation of Post-Quantum Cryptographic Hardware Primitives Rashmi Agrawal

Open-Source FPGA Implementation of Post-Quantum Cryptographic Hardware Primitives Rashmi Agrawal , Bu Lake, Alan Ehret, and Michel Kinsy Adaptive & Secure Computing Systems Lab Department of Electrical & Computer Engineering Boston

964 views • 48 slides
Analysing Cryptographic Hardware Interfaces with Tookan Graham Steel joint work with R. Bardou,

Analysing Cryptographic Hardware Interfaces with Tookan Graham Steel joint work with R. Bardou,

Analysing Cryptographic Hardware Interfaces with Tookan Graham Steel joint work with R. Bardou, M. Bortolozzo, M. Centenaro, R. Focardi, Y. Kawamoto, L. Simionato, J.-K. Tsay Graham Steel September 23, 2012 Analysing Security Device

377 views • 22 slides
CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools Cryptographic Tools Cryptographic algorithms important element in security services Review various types of elements symmetric encryption secure

1.27k views • 23 slides
MQO for percentiles: suggestions for change Jan Horlek (CHMI, ETC/ACM) 1. Motivation 2. MQO

MQO for percentiles: suggestions for change Jan Horlek (CHMI, ETC/ACM) 1. Motivation 2. MQO

MQO for percentiles: suggestions for change Jan Horlek (CHMI, ETC/ACM) 1. Motivation 2. MQO for annual averages vs. for percentiles 3. Observation uncertainty in MQO 4. Suggestions concerning MQO for percentiles Motivation Evaluation of

326 views • 21 slides
Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction to cryptographic protocols communication (various security goals) Bruno Blanchet use cryptographic primitives (e.g. encryption, hash function,

451 views • 14 slides
DATA FLOW ORIENTED HARDWARE DESIGN OF RNS-BASED POLYNOMIAL MULTIPLICATION FOR SHE ACCELERATION

DATA FLOW ORIENTED HARDWARE DESIGN OF RNS-BASED POLYNOMIAL MULTIPLICATION FOR SHE ACCELERATION

Jol Cathbras Alexandre Carbon Peter Milder Renaud Sirdey Nicolas Ventroux DATA FLOW ORIENTED HARDWARE DESIGN OF RNS-BASED POLYNOMIAL MULTIPLICATION FOR SHE ACCELERATION Conference on Cryptographic Hardware and Embedded Systems 2018 |

1.01k views • 35 slides
Cryptographic Logical Relations What is the contextual equivalence for cryptographic

Cryptographic Logical Relations What is the contextual equivalence for cryptographic

Cryptographic Logical Relations What is the contextual equivalence for cryptographic protocols and how to prove it? Yu ZHANG Including joint work with J. Goubault-Larrecq, D. Nowak and S. Lasota EVEREST, INRIA Sophia-Antipolis February

487 views • 37 slides
Report on Evaluation of Symmetric-Key Cryptographic Techniques May 22, 2003 Toshinobu Kaneko

Report on Evaluation of Symmetric-Key Cryptographic Techniques May 22, 2003 Toshinobu Kaneko

Report on Evaluation of Symmetric-Key Cryptographic Techniques May 22, 2003 Toshinobu Kaneko Chair, Symmetric-Key Cryptography Subcommittee (Science University of Tokyo) 1 Symmetric-Key Cryptography Subcommittee(2002) K.Araki (TIT)

998 views • 20 slides

More recommend