New Block Cipher for Ultra-Compact Hardware - PowerPoint PPT Presentation

About This Presentation
Title:

New Block Cipher for Ultra-Compact Hardware

Description:

Title: IBM blue-and-white template with image Subject: IBM Presentation System Author: Industrie Brand Partners Last modified by: atechi Created Date – PowerPoint PPT presentation

Number of Views:73
Avg rating:3.0/5.0
Slides: 11
Provided by: Industrie5
Learn more at: https://www.iacr.org
Category:

less

Transcript and Presenter's Notes

Title: New Block Cipher for Ultra-Compact Hardware


1
New Block Cipher forUltra-Compact Hardware
  • NBeeM
  • ???

A. Satoh K. Aoki
2
Rapid Growth of RFID market
3
Security for RFID
Security is very important for radio
communication, but there is no room for
cryptography in RFIDs
We need More room!
Bear (unpackaged) RFID chips
AES-16 for ultra-compact hardware is proposed
4
Architecture of AES-16
  • AES-16 uses the design concept of AES
  • All the basic components are shrunk down to 1/8

AES-16
AES
Data 128 bits ? 16 bits
Key 128 bits ? 16 bits
5
S-box Comparison
AES
AES-16

S-box can be implemented as one inverter!
8-bit S-box defined over GF(28) is replaced by
1-bit S-box over GF(2)!
6
Performance comparison
  • Sizes and speeds were evaluated by using a
    0.13-um ASIC library

Algorithm Size Frequency Throughput
AES-16 1.0 Kgates 1 GHz 1.6 Gbps
AES 5.4 Kgates 131 MHz 311 Mbps
AES-16 achieved 1/5 gates with x5 throughput
7
Secure against Power Analysis
A switching probability highly dependent on the
input data pattern is the key for DPA success
Very low power S-box with 100 switching
probability gives no clue for DPA
Innovative "Linear" Round Function
8
Secure against Cache Attack
Cache attack measures the operating time
depending on cache hit or miss to estimate the
secret data
MPU has enough cache memory for a 1-bit S-box
table
Cash Hit
Cash Miss
9
Security Assessment of AES-16
Provably secure against Linear cryptanalysis,
Higher-order differential attack, SQUARE attack,
Boomerang attack, Truncated linear attack, etc.
Provably secure against differential
cryptanalysis
All candidates show the same differential
probability
Because, its linear
Why?
Gotcha!
Its a liner
10
Conclusion
16-bit block cipher AES-16
  • Ultra compact and high-speed H/W
  • Astonishing linear 1-bit S-box
  • Probably secure against all the side channel
    attacks and all the conventional cryptanalysis

Tip-top cryptographers never speak about trivial
brute force attack
Write a Comment
User Comments (0)
About PowerShow.com