New Block Cipher for Ultra-Compact Hardware

1
New Block Cipher forUltra-Compact Hardware

• NBeeM
• ???

A. Satoh K. Aoki
2
Rapid Growth of RFID market
3
Security for RFID
Security is very important for radio
communication, but there is no room for
cryptography in RFIDs
We need More room!
Bear (unpackaged) RFID chips
AES-16 for ultra-compact hardware is proposed
4
Architecture of AES-16

• AES-16 uses the design concept of AES
• All the basic components are shrunk down to 1/8

AES-16
AES
Data 128 bits ? 16 bits
Key 128 bits ? 16 bits
5
S-box Comparison
AES
AES-16

S-box can be implemented as one inverter!
8-bit S-box defined over GF(28) is replaced by
1-bit S-box over GF(2)!
6
Performance comparison

• Sizes and speeds were evaluated by using a
  0.13-um ASIC library

Algorithm Size Frequency Throughput
AES-16 1.0 Kgates 1 GHz 1.6 Gbps
AES 5.4 Kgates 131 MHz 311 Mbps
AES-16 achieved 1/5 gates with x5 throughput
7
Secure against Power Analysis
A switching probability highly dependent on the
input data pattern is the key for DPA success
Very low power S-box with 100 switching
probability gives no clue for DPA
Innovative "Linear" Round Function
8
Secure against Cache Attack
Cache attack measures the operating time
depending on cache hit or miss to estimate the
secret data
MPU has enough cache memory for a 1-bit S-box
table
Cash Hit
Cash Miss
9
Security Assessment of AES-16
Provably secure against Linear cryptanalysis,
Higher-order differential attack, SQUARE attack,
Boomerang attack, Truncated linear attack, etc.
Provably secure against differential
cryptanalysis
All candidates show the same differential
probability
Because, its linear
Why?
Gotcha!
Its a liner
10
Conclusion
16-bit block cipher AES-16

• Ultra compact and high-speed H/W
• Astonishing linear 1-bit S-box
• Probably secure against all the side channel
  attacks and all the conventional cryptanalysis

Tip-top cryptographers never speak about trivial
brute force attack