Secure and Efficient Implementations of Cryptographic Primitives

Guo, Xu

30 May 2012

Nowadays pervasive computing opens up many new challenges. Personal and sensitive data and computations are distributed over a wide range of computing devices. This presents great challenges in cryptographic system designs: how to protect privacy, authentication, and integrity in this distributed and connected computing world, and how to satisfy the requirements of different platforms, ranging from resource constrained embedded devices to high-end servers. Moreover, once mathematically strong cryptographic algorithms are implemented in either software or hardware, they are known to be vulnerable to various implementation attacks. Although many countermeasures have been proposed, selecting and integrating a set of countermeasures thwarting multiple attacks into a single design is far from trivial. Security, performance and cost need to be considered together. The research presented in this dissertation deals with the secure and efficient implementation of cryptographic primitives. We focus on how to integrate cryptographic coprocessors in an efficient and secure way. The outcome of this research leads to four contributions to hardware security research. First, we propose a programmable and parallel Elliptic Curve Cryptography (ECC) coprocessor architecture. We use a systematic way of analyzing the impact of System-on-Chip (SoC) integration to the cryptographic coprocessor performance and optimize the hardware/software codesign of cryptographic coprocessors. Second, we provide a hardware evaluation methodology to the NIST SHA-3 standardization process. Our research efforts cover both of the SHA-3 fourteen Second Round candidates and five Third Round finalists. We design the first SHA-3 benchmark chip and discuss the technology impact to the SHA-3 hardware evaluation process. Third, we discuss two technology dependent issues in the fair comparison of cryptographic hardware. We provide a systematic approach to do a cross-platform comparison between SHA-3 FPGA and ASIC benchmarking results and propose a methodology for lightweight hash designs. Finally, we provide guidelines to select implementation attack countermeasures in ECC cryptosystem designs. We discuss how to integrate a set of countermeasures to resist a collection of side-channel analysis (SCA) attacks and fault attacks. The first part of the dissertation discusses how system integration can affect the efficiency of the cryptographic primitives. We focus on the SoC integration of cryptographic coprocessors and analyze the system profile in a co-simulation environment and then on an actual FPGA-based SoC platform. We use this system-level design flow to analyze the SoC integration issues of two block ciphers: the existing Advanced Encryption Standard (AES) and a newly proposed lightweight cipher PRESENT. Next, we use hardware/software codesign techniques to design a programmable ECC coprocessor architecture which is highly flexible and scalable for system integration into a SoC architecture. The second part of the dissertation describes our efforts in designing a hardware evaluation methodology applied to the NIST SHA-3 standardization process. Our Application Specific Integrated Circuit (ASIC) implementation results of five SHA-3 finalists are the first ASIC real measurement results reported in the literature. As a contribution to the NIST SHA-3 competition, we provide timely ASIC implementation cost and performance results of the five SHA-3 finalists in the SHA-3 standard final round evaluation process. We define a consistent and comprehensive hardware evaluation methodology to the NIST SHA-3 standardization process from Field Programmable Gate Array (FPGA) prototyping to ASIC implementation. The third part of the dissertation extends the discussion on hardware benchmarking of NIST SHA-3 candidates by analyzing the impact of technology to the fair comparison of cryptographic hardware. First, a cross-platform comparison between the FPGA and ASIC results of SHA-3 designs demonstrates the gap between two sets of benchmarking results. We describe a systematic approach to analyze a SHA-3 hardware benchmark process for both FPGAs and ASICs. Next, by observing the interaction of hash algorithm design, architecture design, and technology mapping, we propose a methodology for lightweight hash implementation and apply it to CubeHash optimizations. Our ultra-lightweight design of the CubeHash algorithm represents the smallest ASIC implementation of this algorithm reported in the literature. Then, we introduced a cost model for analyzing the hardware cost of lightweight hash implementations. The fourth part of the dissertation discusses SCA attacks and fault attacks resistant cryptosystem designs. We complete a comprehensive survey of state-of-the-art of secure ECC implementations and propose a methodology on selecting countermeasures to thwart multiple side-channel attacks and fault attacks. We focus on a systematic way of organizing and understanding known attacks and countermeasures. / Ph. D.

Block Cipher

Side-Channel Attacks

SHA-3

Hash Function

System-on-Chip

Cryptographic Coprocessor

Elliptic Curve Cryptography

Fault Attacks

Rijndael Circuit Level Cryptanalysis

Pehlivanoglu, Serdar

05 May 2005

The Rijndael cipher was chosen as the Advanced Encryption Standard (AES) in August 1999. Its internal structure exhibits unusual properties such as a clean and simple algebraic description for the S-box. In this research, we construct a scalable family of ciphers which behave very much like the original Rijndael. This approach gives us the opportunity to use computational complexity theory. In the main result, we generate a candidate one-way function family from the scalable Rijndael family. We note that, although reduction to one-way functions is a common theme in the theory of public-key cryptography, it is rare to have such a defense of security in the private-key theatre. In this thesis a plan of attack is introduced at the circuit level whose aim is not break the cryptosystem in any practical way, but simply to break the very bold Rijndael security claim. To achieve this goal, we are led to a formal understanding of the Rijndael security claim, juxtaposing it with rigorous security treatments. Several of the questions that arise in this regard are as follows: ``Do invertible functions represented by circuits with very small numbers of gates have better than worst case implementations for their inverses?' ``How many plaintext/ciphertext pairs are needed to uniquely determine the Rijndael key?'

computational complexity

private-key cryptography

Advanced Encryption Standard

Rijndael

cryptanalysis

K-secure

hermetic

block cipher

circuit complexity

Cryptography

Computational complexity

Data encryption (Computer science)

Codes additifs et matrices MDS pour la cryptographie / Additive codes and MDS matrices for the cryptographic applications

El Amrani, Nora

24 February 2016

Cette thèse porte sur les liens entre les codes correcteurs d'erreurs et les matrices de diffusion linéaires utilisées en cryptographie symétrique. L'objectif est d'étudier les constructions possibles de codes MDS additifs définis sur le groupe (Fm2, +) des m-uplets binaires et de minimiser le coût de l'implémentation matérielle ou logicielles de ces matrices de diffusion. Cette thèse commence par l'étude des codes définis sur un anneau de polynômes du type F[x]/f(x), qui généralisent les codes quasi-cycliques. Elle se poursuit par l'étude des codes additifs systématiques définis sur (Fm2, +) et leur lien avec la diffusion linéaire en cryptographie symétrique. Un point important de la thèse est l'introduction de codes à coefficient dans l'anneau des endomorphismes de Fm2. Le lien entre les codes qui sont des sous-modules à gauche et les codes additifs est mis en évidence. La dernière partie porte sur l'étude et la construction de matrices de diffusion MDS ayant de bonnes propriétés pour la cryptographie, à savoir les matrices circulantes, les matrices dyadiques, ainsi que les matrices ayant des représentations creuses minimisant leur implémentation. / This PhD focuses on the links between error correcting codes and diffusion matrices used in cryptography symmetric. The goal is to study the possible construction of additives MDS codes defined over the group (Fm2, +) of binary m-tuples and minimize cost of hardware or software implementation of these diffusion matrices. This thesis begins with the study of codes defined over the polynomial ring F[x]/f(x), these codes are a generalization of quasi-cyclic codes, and continues with the study of additive systematic codes over (Fm2, +) and there relation with linear diffusion on symmetric cryptography. An important point of this thesis is the introduction of codes with coefficients in the ring of endomorphisms of Fm2. The link between codes which are a left-submodules and additive codes have been identified. The last part focuses on the study and construction of efficient diffusion MDS matrices for the cryptographic applications, namely the circulantes matrices, dyadic matrices, and matrices with hollow representation, in ordre to minimize their implementations.

Codes additifs

Codes MDS

Matrices de diffusion

Cryptographie symétrique

Chiffrement par bloc

Codes sur des anneaux

Additive codes

MDS codes

Diffusion matrices

Symmetric cryptography

Block cipher

Codes over rings

005.82

Simulace a analýza provozu blokové šifry se statistickou samosynchronizací / Simulation and analysis of the block cipher mode with statistical self-synchronization

Kopčan, Marek

January 2008

There is a enormous rise in importance of cryptography. In age of hi-technologies, where information are the most valuable asset, is need to protect this value. But we need to transport information between us and keep information confidental. In this case we use special modes of block cipher because of defect in communication canal. Not all modes are able to deal with this problem. For this purpose, there are special modes. This work deal with self-synchronization modes of block cipher. It is protection of tranfered information in communication canal against different types of defects. We will exam two self-synchronization modes - OCFB (Optimized Cipher FeedBack) and SCFB (Statistical Cipher FeedBack). Both have their advantages and disadvantages. The goal of this work is to provide analyse of both modes and to create simulation model. This model should help with further research of self-synchronization modes.

Mathématiques discrètes appliquées à la cryptographie symétrique / Mathématiques discrètes appliquées à la cryptographie symétrique

Rotella, Yann

19 September 2018

Dans cette thèse, nous étudions la sécurité de primitives cryptographiques. Ces systèmes sont fondés sur des transformations utilisant des objets mathématiques représentés de multiples manières. Nous utilisons alors certaines structures inhérentes à leurs composantes, et jusqu'alors non prises en compte, pour mettre en évidence de nouvelles vulnérabilités. Par l'exploitation de diverses représentations, nous avons ainsi cryptanalysé des chiffrements authentifiés de la compétition CAESAR, des chiffrements à flot spécifiques et des constructions génériques. Nous avons donné des critères de conception en vue de la standardisation par le NIST de chiffrements à bas coût. Dans le cas des chiffrements à flot, nous avons défini de nouveaux critères cryptographiques plus pertinents que les critères usuels. Plus précisément, nous analysons la sécurité des chiffrements par bloc légers au regard des récentes attaques par invariant, et nous montrons comment les éviter par un choix approprié de la couche linéaire de diffusion et des constantes de tour. Nous proposons une nouvelle cryptanalyse des registres filtrés, grâce à la décomposition des éléments dans les sous-groupes multiplicatifs du corps fini à 2^n éléments. L'analyse du chiffrement FLIP, mais aussi du générateur pseudo-aléatoire de Goldreich a mis en évidence des faiblesses exploitables dans des attaques de type ``supposer et déterminer'', qui nécessitent la prise en compte de nouveaux critères sur les fonctions booléennes utilisées dans ce contexte. Enfin, nous cryptanalysons une version simplifiée du chiffrement authentifié Ketje en utilisant plusieurs techniques, permettant ainsi d'affiner l'évaluation de sa sécurité. / In this thesis, we study the security of symmetric cryptographic primitives. These systems are based on transformations relying on mathematical objects that can be represented in multiple ways. We then exploit different induced structures to highlight new vulnerabilities. By exploiting various representations, we cryptanalyzed some schemes submitted to the CAESAR competition, and also some dedicated and generic stream ciphers. We exhibited design criteria for lightweight block ciphers in view of the NIST standardization process and in the case of stream ciphers we defined new cryptographic criteria more relevant than the usual ones. More precisely, we study the security of lightweight block ciphers with respect to the recent invariant attacks, and we show how to avoid them with an appropriate choice of the linear layer and the round constants. We propose a new cryptanalysis of the filtered registers, by decomposing elements in the multiplicative subgroups of the finite field with 2^n elements. The analysis of the FLIP cipher, but also of the Goldreich pseudo-random generator, revealed weaknesses that are exploitable in ``guess and determine'' attacks. This leads to new criteria on the Boolean functions used in this context. Finally, we cryptanalyze a weaker version of the authenticated encryption scheme Ketje using several techniques, in order to refine the security evaluation of this cipher.

Cryptographie symétrique

Cryptanalyse

Fonctions booléennes

Corps finis

Chiffrements à flot

Chiffrements par bloc

Symmetric cryptography

Cryptanalysis

Boolean functions

Finited fields

Stream cipher

Block cipher

650

Zabezpečení vysokorychlostních komunikačních systémů / Protection of highspeed communication systems

Smékal, David

January 2015

The diploma thesis deals with 128–bit AES data encryption and its implementation in FPGA network card using VHDL programming language. The theoretical part explains AES encryption and decryption, its individual steps and operating modes. Further was described the VHDL programming language, development environment Vivado, FPGA network card Combo–80G and configurable framework NetCOPE. The practical part is the implementation of AES–128 in VHDL. A simulation was used to eliminate errors, then the synthesis was performed. These steps were made using Vivado software. Last step of practical part was testing of synthesized firmware on COMBO–80G card. Total of 4 projects were implemented in FPGA card. Two of them were AES encryption and decryption with ECB mode and another two describe the encryption and decryption with CBC mode.

Návrh hardwarového šifrovacího modulu / Design of hardware cipher module

Bayer, Tomáš

January 2009

This diploma’s thesis discourses the cryptographic systems and ciphers, whose function, usage and practical implementation are analysed. In the first chapter basic cryptographic terms, symmetric and asymetric cryptographic algorithms and are mentioned. Also usage and reliability are analysed. Following chapters mention substitution, transposition, block and stream ciphers, which are elementary for most cryptographic algorithms. There are also mentioned the modes, which the ciphers work in. In the fourth chapter are described the principles of some chosen cryptographic algorithms. The objective is to make clear the essence of the algorithms’ behavior. When describing some more difficult algorithms the block scheme is added. At the end of each algorithm’s description the example of practical usage is written. The chapter no. five discusses the hardware implementation. Hardware and software implementation is compared from the practical point of view. Several design instruments are described and different hardware design programming languages with their progress, advantages and disadvantages are mentioned. Chapter six discourses the hardware implementation design of chosen ciphers. Concretely the design of stream cipher with pseudo-random sequence generator is designed in VHDL and also in Matlab. As the second design was chosen the block cipher GOST, which was designed in VHDL too. Both designs were tested and verified and then the results were summarized.