Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Introduction to Lightweight Symmetric Cryptosystem
Rajat Sadhukhan
IoTSec Workshop (24th-26th October’16) ,
SEAL lab, IIT Kharagpur
• Motivation
• Objective
• Design Strategy
• Case Study: Khudra
• ASIC and FPGA implementation of Khudra
• Results
• Future Works
IoTSec Workshop (24th-26th October’16), IIT Kharagpur 2
• Upcoming Information Technology and Computing landscape• Number of users to device mapping (past- n:1, present- 1:1, future- 1:n)
• Mass production of pervasive devices with ASIC/FPGA
• Extremely constrained resources• Battery
• Memory
• Computation power
• Standard Algorithms cannot be used• Expensive for very small devices
• Good trade-off among area, throughput and resistance against attacks
IoTSec Workshop (24th-26th October’16), IIT Kharagpur 3
• Motivation
• Objective
• Design Strategy
• Case Study: Khudra
• ASIC and FPGA implementation of Khudra
• Results
• Future Works
IoTSec Workshop (24th-26th October’16), IIT Kharagpur 4
• Investigate lightweight design strategies to achieve:• Gate Equivalent/LUT efficiency (mainly considering hardware)
• Simplicity
• Security
• Suitability for both ASIC as well as FPGA
• Less clock cycle requirement for encryption
• Area and area-time metric should be considered for design
IoTSec Workshop (24th-26th October’16), IIT Kharagpur 5
• Motivation
• Objective
• Design Strategy
• Case Study: Khudra
• ASIC and FPGA implementation of Khudra
• Results
• Future Works
IoTSec Workshop (24th-26th October’16), IIT Kharagpur 6
• Design strategies followed for designing block ciphers
IoTSec Workshop (24th-26th October’16), IIT Kharagpur 7
• Key scheduling also requires significant amount of LUTs
• n (block) + k (key) bit registers and n + k number of 2 : 1 mux is also required for the feedback of message and keys of the previous round. So n+k Flip-Flops and n+k LUTs are required
• Total number of LUTs required is at least 3 *n + k and register is at least n + k
• So from above observation, number of slices can be reduced if we can decrease the LUT requirements by utilizing some more Flip-Flops
• Follow balancing LUTs and FF strategy where we choose a new design for which number of LUTs reduces, number of Flip-Flops increases and the ratio (RLUT=FF ) is close to 1.
IoTSec Workshop (24th-26th October’16), IIT Kharagpur 8
• Motivation
• Objective
• Design Strategy
• Case Study: Khudra
• ASIC and FPGA implementation of Khudra
• Results
• Future Works
IoTSec Workshop (24th-26th October’16), IIT Kharagpur 9
• Architectural features• Data Processing
• 64-bit data block, 80-bit key size, 18 rounds, 32-bit round key size
• Feistel structure in our design to reduce the number of S-boxes but without using any extra diffusion layer
• As the F-function is computed in rounds, the intermediate values are stored in some registers, thereby improving flip flop implementation rather than wastage
• The Fiestel structure consist of two parts: Fiestel permutation and F-function. F-function in turn again consist of 6 rounds of recursive Fiestel function
• Key Scheduling part• shift-register base key-schedule, which require less number of LUTs and more FFs
• In data processing part, Khudra require more LUTs compared to FFs, so the planned key-schedule will improve the overall RLUT=FF ratio
IoTSec Workshop (24th-26th October’16), IIT Kharagpur 10
IoTSec Workshop (24th-26th October’16), IIT Kharagpur 11
• Motivation
• Objective
• Design Strategy
• Case Study: Khudra
• ASIC and FPGA implementation of Khudra
• Results
• Future Works
IoTSec Workshop (24th-26th October’16), IIT Kharagpur 12
• FPGA implementation
IoTSec Workshop (24th-26th October’16), IIT Kharagpur 13
• ASIC implementation
IoTSec Workshop (24th-26th October’16), IIT Kharagpur 14
• Motivation
• Objective
• Design Strategy
• Case Study: Khudra
• ASIC and FPGA implementation of Khudra
• Results
• Future Works
IoTSec Workshop (24th-26th October’16), IIT Kharagpur 15
• Comparison of Khudra with other block cipher FPGA design
IoTSec Workshop (24th-26th October’16), IIT Kharagpur 16
• Comparison of Khudra with other block cipher ASIC design
IoTSec Workshop (24th-26th October’16), IIT Kharagpur 17
• Motivation
• Objective
• Design Strategy
• Case Study: Khudra
• ASIC and FPGA implementation of Khudra
• Results
• Future Works
IoTSec Workshop (24th-26th October’16), IIT Kharagpur 18
• Extend Khudra to 128 –bit key size and explore performance and security features with extension
• Analyze the resistance of Khudra against side channel attacks and frame strategies to make cipher design resistant against SCA
• Performing various types of cryptoanalysis techniques to raise the security bar of the block cipher with no compromise on its lightweightedness
IoTSec Workshop (24th-26th October’16), IIT Kharagpur 19
References
IoTSec Workshop (24th-26th October’16), IIT Kharagpur 20
Thankyou !!
IoTSec Workshop (24th-26th October’16), IIT Kharagpur 21