Title: New Block Cipher for Ultra-Compact Hardware
1New Block Cipher forUltra-Compact Hardware
A. Satoh K. Aoki
2Rapid Growth of RFID market
3Security for RFID
Security is very important for radio
communication, but there is no room for
cryptography in RFIDs
We need More room!
Bear (unpackaged) RFID chips
AES-16 for ultra-compact hardware is proposed
4Architecture of AES-16
- AES-16 uses the design concept of AES
- All the basic components are shrunk down to 1/8
AES-16
AES
Data 128 bits ? 16 bits
Key 128 bits ? 16 bits
5S-box Comparison
AES
AES-16
S-box can be implemented as one inverter!
8-bit S-box defined over GF(28) is replaced by
1-bit S-box over GF(2)!
6Performance comparison
- Sizes and speeds were evaluated by using a
0.13-um ASIC library
Algorithm Size Frequency Throughput
AES-16 1.0 Kgates 1 GHz 1.6 Gbps
AES 5.4 Kgates 131 MHz 311 Mbps
AES-16 achieved 1/5 gates with x5 throughput
7Secure against Power Analysis
A switching probability highly dependent on the
input data pattern is the key for DPA success
Very low power S-box with 100 switching
probability gives no clue for DPA
Innovative "Linear" Round Function
8Secure against Cache Attack
Cache attack measures the operating time
depending on cache hit or miss to estimate the
secret data
MPU has enough cache memory for a 1-bit S-box
table
Cash Hit
Cash Miss
9Security Assessment of AES-16
Provably secure against Linear cryptanalysis,
Higher-order differential attack, SQUARE attack,
Boomerang attack, Truncated linear attack, etc.
Provably secure against differential
cryptanalysis
All candidates show the same differential
probability
Because, its linear
Why?
Gotcha!
Its a liner
10Conclusion
16-bit block cipher AES-16
- Ultra compact and high-speed H/W
- Astonishing linear 1-bit S-box
- Probably secure against all the side channel
attacks and all the conventional cryptanalysis
Tip-top cryptographers never speak about trivial
brute force attack