Fair Comparison of ASIC Performance for SHA-3 Finalists

Zuo, Yongbo

22 June 2012

In the last few decades, secure algorithms have played an irreplaceable role in the protection of private information, such as applications of AES on modems, as well as online bank transactions. The increasing application of secure algorithms on hardware has made implementations on ASIC benchmarks extremely important. Although all kinds of secure algorithms have been implemented into various devices, the effects from different constraints on ASIC implementation performance have never been explored before. In order to analyze the effects from different constraints for secure algorithms, SHA-3 finalists, which includes Blake, Groestl, Keccak, JH, and Skein, have been chosen as the ones to be implemented for experiments in this thesis. This thesis has first explored the effects of different synthesis constraints on ASIC performance, such as the analysis of performance when it is constrained for frequency, or maximum area, etc. After that, the effects of choosing various standard libraries were tested, for instance, the performance of UMC 130nm and IBM 130nm standard libraries have been compared. Additionally, the effects of different technologies have been analyzed, such as 65nm, 90nm, 130nm and 180nm of UMC libraries. Finally, in order to further understand the effects, experiments for post-layout analysis has been explored. While some algorithms remain unaffected by floor plan shapes, others have shown preference for a specific shape, such as JH, which shows a 12% increase in throughput/area with a 1:2 rectangle compared to a square. Throughout this thesis, the effects of different ASIC implementation factors have been comprehensively explored, as well as the details of the methodology, metrics, and the framework of the experiments. Finally, detailed experiment results and analysis will be discussed in the following chapters. / Master of Science

SHA

NIST

ASIC

Finalist

Hardware

Encryption

Hash

Cipher

Key

Softwarová podpora výuky klasické kryptoanalýzy / Software support of education in classical cryptoanalysis

Fojtová, Lucie

January 2010

Number of today's modern cipher systems are based on the classical symmetric cipher systems, such as the transposition principle in the DES cipher. Successful analysis and deciphering of these ciphers is therefore underlined by solid knowledge of the elementary cryptanalysis methods. This implies the importance of classical cryptanalysis education -- for better a understanding of the field, using visual means is of utmost importance. The aim of the thesis is to summarize selected cipher methods of the classical cryptanalysis, namely the mono-- and polyalphabetical substitution and transposition route cipher. Along with the theoretical part, ciphering/deciphering software is introduced to be used for educational purposes, particularly a website and a standalone application providing tools for ciphering, analysis and code breaking of the classical cipher based code.

Autentizace pomocí smartkaret / Smartcard authentication

Juras, Stanislav

January 2010

The master’s thesis outlines the problem of authentication. It describes authentication factors like ownership, knowledge and inherent. There are described properties of each of that. Authentication based on ownership focuses on authenticators - the smartcards. The thesis also describes different types of smartcards (contact, contactless and hybrid smartcards) and refers to their basic properties. Emphasis is placed on the description of contact and contactless smartcard, specifically focusing on .NET smartcards. It describes their internal components such as memory (RAM, ROM, EEPROM), crypto processor etc. Smartcards are also examined in terms of support for cryptographic primitives. The thesis also introduces the cryptographic methods and principles describing symmetric and asymmetric ciphers. Symmetric ciphers are divided in to stream and block ciphers. There is description of asymmetric cipher, digital signature etc. This work also touches on the fundamental principles required for safe programming. Part of this work is also practical implementation (programs). Practical part aims to implement the communication between the user and AC (Access Control) AASR system. The first suite of applications provides encrypted communication between the PC and smartcards. These applications should create on smartcard services that will be able to perform operations on the client side, which are necessary to authenticate in the AASR system. The paper also presents algorithms for working with big numbers - addition, subtraction, multiplication, and Montgomery's algorithm for multiplication. The second application implements the functionality of AC components (Access Control). This functionality is for example – authenticate received token, digital signature authentication, generating random numbers, logging etc.

Mathématiques discrètes appliquées à la cryptographie symétrique / Mathématiques discrètes appliquées à la cryptographie symétrique

Rotella, Yann

19 September 2018

Dans cette thèse, nous étudions la sécurité de primitives cryptographiques. Ces systèmes sont fondés sur des transformations utilisant des objets mathématiques représentés de multiples manières. Nous utilisons alors certaines structures inhérentes à leurs composantes, et jusqu'alors non prises en compte, pour mettre en évidence de nouvelles vulnérabilités. Par l'exploitation de diverses représentations, nous avons ainsi cryptanalysé des chiffrements authentifiés de la compétition CAESAR, des chiffrements à flot spécifiques et des constructions génériques. Nous avons donné des critères de conception en vue de la standardisation par le NIST de chiffrements à bas coût. Dans le cas des chiffrements à flot, nous avons défini de nouveaux critères cryptographiques plus pertinents que les critères usuels. Plus précisément, nous analysons la sécurité des chiffrements par bloc légers au regard des récentes attaques par invariant, et nous montrons comment les éviter par un choix approprié de la couche linéaire de diffusion et des constantes de tour. Nous proposons une nouvelle cryptanalyse des registres filtrés, grâce à la décomposition des éléments dans les sous-groupes multiplicatifs du corps fini à 2^n éléments. L'analyse du chiffrement FLIP, mais aussi du générateur pseudo-aléatoire de Goldreich a mis en évidence des faiblesses exploitables dans des attaques de type ``supposer et déterminer'', qui nécessitent la prise en compte de nouveaux critères sur les fonctions booléennes utilisées dans ce contexte. Enfin, nous cryptanalysons une version simplifiée du chiffrement authentifié Ketje en utilisant plusieurs techniques, permettant ainsi d'affiner l'évaluation de sa sécurité. / In this thesis, we study the security of symmetric cryptographic primitives. These systems are based on transformations relying on mathematical objects that can be represented in multiple ways. We then exploit different induced structures to highlight new vulnerabilities. By exploiting various representations, we cryptanalyzed some schemes submitted to the CAESAR competition, and also some dedicated and generic stream ciphers. We exhibited design criteria for lightweight block ciphers in view of the NIST standardization process and in the case of stream ciphers we defined new cryptographic criteria more relevant than the usual ones. More precisely, we study the security of lightweight block ciphers with respect to the recent invariant attacks, and we show how to avoid them with an appropriate choice of the linear layer and the round constants. We propose a new cryptanalysis of the filtered registers, by decomposing elements in the multiplicative subgroups of the finite field with 2^n elements. The analysis of the FLIP cipher, but also of the Goldreich pseudo-random generator, revealed weaknesses that are exploitable in ``guess and determine'' attacks. This leads to new criteria on the Boolean functions used in this context. Finally, we cryptanalyze a weaker version of the authenticated encryption scheme Ketje using several techniques, in order to refine the security evaluation of this cipher.

Cryptographie symétrique

Cryptanalyse

Fonctions booléennes

Corps finis

Chiffrements à flot

Chiffrements par bloc

Symmetric cryptography

Cryptanalysis

Boolean functions

Finited fields

Stream cipher

Block cipher

650

Threshold Implementations of the Present Cipher

Farmani, Mohammad

06 September 2017

"The process of securing data has always been a challenge since it is related to the safety of people and society. Nowadays, there are many cryptographic algorithms developed to solve security problems. However, some applications have constraints which make it difficult to achieve high levels of security. Light weight cryptography aims to address this issue while trying to maintain low costs. Side-channel attacks have changed the way of cryptography significantly. In this kind of attacks, the attacker has physical access to the crypto-system and can extract the sensitive data by monitoring and measuring the side-channels such as power consumption, electromagnetic emanation, timing information, sound, etc. These attacks are based on the relationship between side-channels and secret data. Therefore, there need to be countermeasures to eliminate or reduce side channel leaks or to break the relationship between side-channels and secret data to protect the crypto systems against side-channel attacks. In this work, we explore the practicality of Threshold Implementation (TI) with only two shares for a smaller design that needs less randomness but is still leakage resistant. We demonstrate the first two-share Threshold Implementations of light-weight block cipher Present. Based on implementation results, two-share TI has a lower area overhead and better throughput when compared with a first-order resistant three-share scheme. Leakage analysis of the developed implementations reveals that two-share TI can retain perfect first-order resistance. However, the analysis also exposes a strong second-order leakage. "

Masking

Countermeasure

Side channel countermeasure

Present cipher

FPGA

Lightweight cryptography

Cryptography

Threshold implementation

Verification of Pipelined Ciphers

Lam, Chiu Hong

January 2009

The purpose of this thesis is to explore the formal verification technique of completion functions and equivalence checking by verifying two pipelined cryptographic circuits, KASUMI and WG ciphers. Most of current methods of communications either involve a personal computer or a mobile phone. To ensure that the information is exchanged in a secure manner, encryption circuits are used to transform the information into an unintelligible form. To be highly secure, this type of circuits is generally designed such that it is hard to analyze. Due to this fact, it becomes hard to locate a design error in the verification of cryptographic circuits. Therefore, cryptographic circuits pose significant challenges in the area of formal verification. Formal verification use mathematics to formulate correctness criteria of designs, to develop mathematical models of designs, and to verify designs against their correctness criteria. The results of this work can extend the existing collection of verification methods as well as benefiting the area of cryptography. In this thesis, we implemented the KASUMI cipher in VHDL, and we applied the optimization technique of pipelining to create three additional implementations of KASUMI. We verified the three pipelined implementations of KASUMI with completion functions and equivalence checking. During the verification of KASUMI, we developed a methodology to handle the completion functions efficiently based on VHDL generic parameters. We implemented the WG cipher in VHDL, and we applied the optimization techniques of pipelining and hardware re-use to create an optimized implementation of WG. We verified the optimized implementation of WG with completion functions and equivalence checking. During the verification of WG, we developed the methodology of ``skipping" that can decrease the number of verification obligations required to verify the correctness of a circuit. During the verification of WG, we developed a way of applying the completion functions approach such that it can deal with a circuit that has been optimized with hardware re-use.

verification

cryptography

pipelining

cipher

kasumi

welch-gong

fpga

hardware

vhdl

completion functions

Electrical and Computer Engineering

Verification of Pipelined Ciphers

Lam, Chiu Hong

January 2009

The purpose of this thesis is to explore the formal verification technique of completion functions and equivalence checking by verifying two pipelined cryptographic circuits, KASUMI and WG ciphers. Most of current methods of communications either involve a personal computer or a mobile phone. To ensure that the information is exchanged in a secure manner, encryption circuits are used to transform the information into an unintelligible form. To be highly secure, this type of circuits is generally designed such that it is hard to analyze. Due to this fact, it becomes hard to locate a design error in the verification of cryptographic circuits. Therefore, cryptographic circuits pose significant challenges in the area of formal verification. Formal verification use mathematics to formulate correctness criteria of designs, to develop mathematical models of designs, and to verify designs against their correctness criteria. The results of this work can extend the existing collection of verification methods as well as benefiting the area of cryptography. In this thesis, we implemented the KASUMI cipher in VHDL, and we applied the optimization technique of pipelining to create three additional implementations of KASUMI. We verified the three pipelined implementations of KASUMI with completion functions and equivalence checking. During the verification of KASUMI, we developed a methodology to handle the completion functions efficiently based on VHDL generic parameters. We implemented the WG cipher in VHDL, and we applied the optimization techniques of pipelining and hardware re-use to create an optimized implementation of WG. We verified the optimized implementation of WG with completion functions and equivalence checking. During the verification of WG, we developed the methodology of ``skipping" that can decrease the number of verification obligations required to verify the correctness of a circuit. During the verification of WG, we developed a way of applying the completion functions approach such that it can deal with a circuit that has been optimized with hardware re-use.

verification

cryptography

pipelining

cipher

kasumi

welch-gong

fpga

hardware

vhdl

completion functions

Electrical and Computer Engineering

Generating Functions And Their Applications

Bilgin, Begul

01 August 2010

Generating functions are important tools that are used in many areas of mathematics and especially statistics. Besides analyzing the general structure of sequences and their asymptotic behavior / these functions, which can be roughly thought as the transformation of sequences into functions, are also used effciently to solve combinatorial problems. In this thesis, the effects of the transformations of generating functions on their corresponding sequences and the effects of the change in sequences on the generating functions are examined. With these knowledge, the generating functions for the resulting sequence of some combinatorial problems such as number of partitions, number of involutions, Fibonacci numbers and Catalan numbers are found. Moreover, some mathematical identities are proved by using generating functions. The sequences are the bases of especially symmetric key cryptosystems in cryptography. It is seen that by using generating functions, linear complexities and periods of sequences generated by constant coeffcient linear homogeneous recursions, which are used in linear feedback shift register (LFSR) based stream ciphers, can be calculated. Hence studying generating functions leads to have a better understanding in them. Therefore, besides combinatorial problems, such recursions are also examined and the results are used to observe the linear complexity and the period of LFSR&rsquo / s combined in different ways to generate &ldquo / better&rdquo / system of stream cipher.

QA Mathematics 1-939

Stream Cipher Analysis Based on FCSRs

Xu, Jinzhong

01 January 2000

Cryptosystems are used to provide security in communications and data transmissions. Stream ciphers are private key systems that are often used to transform large volumn data. In order to have security, key streams used in stream ciphers must be fully analyzed so that they do not contain specific patterns, statistical infomation and structures with which attackers are able to quickly recover the entire key streams and then break down the systems. Based on different schemes to generate sequences and different ways to represent them, there are a variety of stream cipher analyses. The most important one is the linear analysis based on linear feedback shift registers (LFSRs) which have been extensively studied since the 1960's. Every sequence over a finite field has a well defined linear complexity. If a sequence has small linear complexity, it can be efficiently recoverd by Berlekamp-Messay algorithm. Therefore, key streams must have large linear complexities. A lot of work have been done to generate and analyze sequences that have large linear complexities. In the early 1990's, Klapper and Goresky discovered feedback with carry shift registers over Z/(p) (p-FCSRS), p is prime. Based on p-FCSRs, they developed a stream cipher analysis that has similar properties to linear analysis. For instance, every sequence over Z/(p) has a well defined p-adic complexity and key streams of small p-adic complexity are not secure for use in stream ciphers. This disstation focuses on stream cipher analysis based on feedback with carry shift registers. The first objective is to develop a stream cipher analysis based on feedback with carry shift registers over Z/(N) (N-FCSRs), N is any integer greater than 1, not necessary prime. The core of the analysis is a new rational approximation algorithm that can be used to efficiently compute rational representations of eventually periodic N-adic sequences. This algorithm is different from that used in $p$-adic sequence analysis which was given by Klapper and Goresky. Their algorithm is a modification of De Weger's rational approximation algorithm. The second objective is to generalize feedback with carry shift register architecture to more general algebraic settings which are called algebraic feedback shift registers (AFSRs). By using algebraic operations and structures on certain rings, we are able to not only construct feedback with carry shift registers, but also develop rational approximation algorithms which create new analyses of stream ciphers. The cryptographic implication of the current work is that any sequences used in stream ciphers must have large N-adic complexities and large AFSR-based complexities as well as large linear complexities.

Cryptanalyse de primitives symétriques basées sur le chiffrement AES

Jean, Jérémy

24 September 2013

Dans cette thèse, nous nous intéressons à la cryptanalyse de certaines primitives de cryptographie symétrique qui utilisent les concepts de construction du schéma de chiffrement AES. Nous commençons par une analyse de l'AES lui-même dans trois modèles de sécurité différents: le modèle standard, le modèle à clefs reliées et le modèle ouvert. Dans le modèle standard, où l'adversaire cherche à récupérer la clef secrète, nous décrivons les meilleures attaques différentielles existantes sur cet algorithme de chiffrement, en améliorant les attaques différentielles précédemment publiées. Ensuite, nous procédons à une analyse structurelle de l'AES dans le modèle à clefs reliées. Nous montrons des résultats d'impossibilité, indiquant que l'on ne peut pas prouver la sécurité de la structure de l'AES contre les attaques différentielles dans ce modèle. Enfin, dans le modèle ouvert, nous proposons le premier distingueur pour neuf tours d'AES-128, ce qui résout un problème ouvert depuis plusieurs années dans la communauté symétrique. Dans une deuxième partie, nous analysons en détail l'application de l'attaque par rebond sur les primitives basées sur l'AES. Nous montrons qu'il est possible de considérer un tour de plus dans la première des deux phases de cette stratégie, ce qui améliore les meilleurs résultats connus sur les permutations à base d'AES. Ceci résout le problème ouvert consistant à augmenter le nombre total de tours attaqués grâce à cette technique. Nous montrons également qu'il est possible de relâcher certaines contraintes pour augmenter la probabilité de succès de la deuxième étape. Ceci conduit à une diminution des complexités de toutes les attaques publiées. Nous appliquons ces améliorations à la fonction de hachage Grostl, obtenant les meilleures attaques sur la permutation interne. Finalement, nous nous intéressons à la fonction de hachage ECHO pour montrer qu'il est possible d'appliquer plusieurs fois l'attaque par rebond et ainsi attaquer plus de tours de la permutation interne.

Cryptography

Cryptanalysis

AES

Block Cipher

Hash Function