usuba
play

Usuba High-Throughput and Constant-Time Ciphers, by Construction - PowerPoint PPT Presentation

Jan 10, 2024 •198 likes •1.02k views

Usuba High-Throughput and Constant-Time Ciphers, by Construction Pierre- Darius Mercadier Evariste Dagand LIP6 CNRS Inria Sorbonne Universit e June 24, 2019 1 / 15 Anatomy of a block cipher The Rectangle cipher Plaintext (64

  1. Usuba High-Throughput and Constant-Time Ciphers, by Construction Pierre-´ Darius Mercadier Evariste Dagand LIP6 – CNRS – Inria Sorbonne Universit´ e June 24, 2019 1 / 15

  2. Anatomy of a block cipher The Rectangle cipher Plaintext (64 bits) key ₀ (64 bits) SubColumn ShiftRows key ₁ (64 bits) SubColumn ShiftRows ... key ₂₄ (64 bits) SubColumn ShiftRows key ₂₅ (64 bits) Ciphertext (64 bits) 2 / 15

  3. Anatomy of a block cipher The Rectangle cipher Plaintext (64 bits) U SUBA key ₀ node Rectangle (plain:b64, (64 bits) key :b64[26]) SubColumn returns (cipher:b64) ShiftRows vars key ₁ round : b64[26] (64 bits) let SubColumn round[0] = plain; forall i in [0,24] { ShiftRows round[i+1] = ... ShiftRows( key ₂₄ SubColumn( (64 bits) round[i] ^ key[i] SubColumn ) ) ShiftRows } key ₂₅ (64 bits) cipher = round[25] ^ key[25] Ciphertext (64 bits) tel 2 / 15

  4. Anatomy of a block cipher Rectangle/ShiftRows void ShiftRows(bool a[64], bool b[64]) { b[0] = a[0]; b[1] = a[1]; b[2] = a[2]; b[3] = a[3]; b[4] = a[4]; b[5] = a[5]; ... b[59] = a[56]; b[60] = a[57]; b[61] = a[58]; b[62] = a[59]; b[63] = a[60]; } 3 / 15

  5. Anatomy of a block cipher Rectangle/ShiftRows node ShiftRows (input:u16x4) returns (out:u16x4) 3 / 15

  6. Anatomy of a block cipher Rectangle/ShiftRows node ShiftRows (input:u16x4) returns (out:u16x4) let out[0] = input[0]; tel 3 / 15

  7. Anatomy of a block cipher Rectangle/ShiftRows node ShiftRows (input:u16x4) returns (out:u16x4) let out[0] = input[0]; out[1] = input[1] <<< 1; tel 3 / 15

  8. Anatomy of a block cipher Rectangle/ShiftRows node ShiftRows (input:u16x4) returns (out:u16x4) let out[0] = input[0]; out[1] = input[1] <<< 1; out[2] = input[2] <<< 12; tel 3 / 15

  9. Anatomy of a block cipher Rectangle/ShiftRows node ShiftRows (input:u16x4) returns (out:u16x4) let out[0] = input[0]; out[1] = input[1] <<< 1; out[2] = input[2] <<< 12; out[3] = input[3] <<< 13 tel 3 / 15

  10. Anatomy of a block cipher Rectangle/SubColumn Caution: lookup tables are strictly forbidden ! 4 / 15

  11. Anatomy of a block cipher Rectangle/SubColumn a 0 b 0 a 1 b 1 a 2 b 2 a 3 b 3 4 / 15

  12. Anatomy of a block cipher Rectangle/SubColumn void SubColumn(bool *a0, bool *a1, bool *a2, bool *a3) { bool t1, t2, t3, t5, t6, t8, t9, t11; bool a0_ = *a0; bool a1_ = *a1; t1 = ~*a1; t2 = *a0 & t1; t3 = *a2 ^ *a3; *a0 = t2 ^ t3; t5 = *a3 | t1; t6 = a0_ ^ t5; *a1 = *a2 ^ t6; t8 = a1_ ^ *a2; t9 = t3 & t6; *a3 = t8 ^ t9; t11 = *a0 | t8; *a2 = t6 ^ t11; } 4 / 15

  13. Anatomy of a block cipher Rectangle/SubColumn table SubColumn (a:v4) returns (b:v4) { 6, 5, 12, 10, 1, 14, 7, 9, 11, 0, 3, 13, 8, 15, 4, 2 } 4 / 15

  14. Anatomy of a block cipher Rectangle, our way node ShiftRows (input:u16x4) node Rectangle (plain:u16x4, returns (out:u16x4) key :u16x4[26]) vars returns (cipher:u16x4) let vars out[0] = input[0]; round : u16x4[26] out[1] = input[1] <<< 1; let out[2] = input[2] <<< 12; round[0] = plain; out[3] = input[3] <<< 13 forall i in [0,24] { tel round[i+1] = ShiftRows( SubColumn( round[i] ^ key[i] ) table SubColumn (input:v4) ) returns (out:v4) { } 6, 5, 12, 10, 1, 14, 7, 9, cipher = round[25] ^ key[25] 11, 0, 3, 13, 8, 15, 4, 2 tel } 5 / 15

  15. Man vs. Machine 7 6 5 cycles/byte 4 3 2 1 0 Naïve Usuba SSE (128-bit) 6 / 15

  16. Man vs. Machine 7 6 5 cycles/byte 4 3 2 1 0 Naïve Hand-tuned Usuba SSE (128-bit) 6 / 15

Recommend

1 -strongly compact cardinals and cardinal functions in topology Toshimichi Usuba Waseda

1 -strongly compact cardinals and cardinal functions in topology Toshimichi Usuba Waseda

1 -strongly compact cardinals and cardinal functions in topology Toshimichi Usuba Waseda University Nov. 19, 2018 Reflections on Set Theoretic reflection, Sant Bernat T. Usuba (Waseda Univ.) 1 -strongly compact Nov.19, 2018 1 / 27

821 views • 54 slides
Set-theoretic geology with large cardinals Toshimichi Usuba ( ) Kobe University

Set-theoretic geology with large cardinals Toshimichi Usuba ( ) Kobe University

Set-theoretic geology with large cardinals Toshimichi Usuba ( ) Kobe University September 11, 2015 Computability Theory and Foundations of Mathematics 2015 Tokyo Institute of Technology 1 / 19 Definability of the ground model

486 views • 34 slides
Partial Stationary Reflection Principles Toshimichi Usuba ( ) Nagoya University

Partial Stationary Reflection Principles Toshimichi Usuba ( ) Nagoya University

Partial Stationary Reflection Principles Toshimichi Usuba ( ) Nagoya University RIMS Set Theory Workshop 2012 Forcing extensions and large cardinals RIMS Kyoto Univ. December 5, 2012 Stationary reflection : infinite cardinal

498 views • 21 slides
Lindel of spaces and large cardinals Toshimichi Usuba ( ) Waseda University July

Lindel of spaces and large cardinals Toshimichi Usuba ( ) Waseda University July

Lindel of spaces and large cardinals Toshimichi Usuba ( ) Waseda University July 26, 2016 TOPOSYM 2016 1 / 30 Abstract: We are going to show some connections between large cardinals and Lindel of spaces with small

814 views • 58 slides
Weak Reflection Principle Definition 1. X : non-empty set. S [ X ] is stationary

Weak Reflection Principle Definition 1. X : non-empty set. S [ X ] is stationary

Reflection principles on [ ] Toshimichi Usuba Nagoya University Oct. 26, 2010 RIMS Set Theory Workshop 2010, Kyoto Weak Reflection Principle Definition 1. X : non-empty set. S [ X ] is stationary (in [ X ] ) For

768 views • 39 slides

More recommend