Results 1  10
of
61
An FPGA Implementation and Performance Evaluation of the AES Block Cipher Candidate Algorithm Finalists
, 1999
"... The technical analysis used in determining which of the Advanced Encryption Standard candidates will be selected as the Advanced Encryption Algorithm includes efficiency testing of both hardware and software implementations of candidate algorithms. Reprogrmmable devices such as Field Programmable ..."
Abstract

Cited by 52 (4 self)
 Add to MetaCart
The technical analysis used in determining which of the Advanced Encryption Standard candidates will be selected as the Advanced Encryption Algorithm includes efficiency testing of both hardware and software implementations of candidate algorithms. Reprogrmmable devices such as Field Programmable Gate Arrays (FPGAs) are highly attractive options for hardware implementations of encryption algorithms as they provide cryptographic algorithm agility, physical security, and potentially much higher performance than software solutions. This contribution investigates the significance of FPGA implementations of four of the Advanced Encryption Standard candidate algorithm finalists. Multiple architectural implementation options are explored for each algorithm. A strong focus is placed on high throughput implementations, which are required to support security for current and future high bandwidth applications.
Architectural Support for Fast SymmetricKey Cryptography
 in Proc. Intl. Conf. ASPLOS
, 2000
"... The emergence of the Internet as a trusted medium for commerce and communication has made cryptography an essential component of modern information systems. Cryptography provides the mechanisms necessary to implement accountability, accuracy, and confidentiality in communication. As demands for secu ..."
Abstract

Cited by 52 (0 self)
 Add to MetaCart
(Show Context)
The emergence of the Internet as a trusted medium for commerce and communication has made cryptography an essential component of modern information systems. Cryptography provides the mechanisms necessary to implement accountability, accuracy, and confidentiality in communication. As demands for secure communication bandwidth grow, efficient cryptographic processing will become increasingly vital to good system performance. In this paper, we explore techniques to improve the performance of symmetric key cipher algorithms. Eight popular strong encryption algorithms are examined in detail. Analysis reveals the algorithms are computationally complex and contain little parallelism. Overall throughput on a highend microprocessor is quite poor, a 600 Mhz processor is incapable of saturating a T3 communication line with 3DES (triple DES) encrypted data. We introduce new instructions that improve the efficiency of the analyzed algorithms. Our approach adds instruction set support for fast substitutions, general permutations, rotates, and modular arithmetic. Performance analysis of the optimized ciphers shows an overall speedup of 59 % over a baseline machine with rotate instructions and 74 % speedup over a baseline without rotates. Even higher speedups are demonstrated with optimized substitutions (SBOXes) and additional functional unit resources. Our analyses of the original and optimized algorithms suggest future directions for the design of highperformance programmable cryptographic processors. 1
An FPGABased Performance Evaluation of the AES Block Cipher Candidate Algorithm Finalists
 IEEE TRANSACTIONS ON VERY LARGE SCALE INTEGRATION (VLSI) SYSTEMS
, 2001
"... The technical analysis used in determining which of the potential Advanced Encryption Standard candidates will be selected as the Advanced Encryption Algorithm includes efficiency testing of both hardware and software implementations of candidate algorithms. Reprogrammable devices such as Field P ..."
Abstract

Cited by 47 (8 self)
 Add to MetaCart
The technical analysis used in determining which of the potential Advanced Encryption Standard candidates will be selected as the Advanced Encryption Algorithm includes efficiency testing of both hardware and software implementations of candidate algorithms. Reprogrammable devices such as Field Programmable Gate Arrays (FPGAs) are highly attractive options for hardware implementations of encryption algorithms as they provide cryptographic algorithm agility, physical security, and potentially much higher performance than software solutions. This contribution investigates the significance of FPGA implementations of the Advanced Encryption Standard candidate algorithms. Multiple architectural implementation options are explored for each algorithm. A strong focus is placed on high throughput implementations, which are required to support security for current and future high bandwidth applications. Finally, the implementations of each algorithm will be compared in an effort to determine the most suitable candidate for hardware implementation within commercially available FPGAs.
Cryptographic Access Control in a Distributed File System
, 2003
"... Traditional access control mechanisms rely on a reference monitor to mediate access to protected resources. Reference monitors are inherently centralized and existing attempts to distribute the functionality of the reference monitor suffer from problems of scalability. Cryptographic access control i ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
Traditional access control mechanisms rely on a reference monitor to mediate access to protected resources. Reference monitors are inherently centralized and existing attempts to distribute the functionality of the reference monitor suffer from problems of scalability. Cryptographic access control is a new distributed access control paradigm designed for a global federation of information systems. It defines an implicit access control mechanism, which relies exclusively on cryptography to provide confidentiality and integrity of data managed by the system. It is particularly designed to operate in untrusted environments where the lack of global knowledge and control are defining characteristics. The proposed
Turing: A Fast Stream Cipher
, 2002
"... This paper proposes the Turing stream cipher. Turing offers up to 256bit key strength, and is designed for extremely efficient software implementation. It combines an LFSR generator based on that of SOBER[27] with a keyed mixing function reminiscent of a block cipher round. Aspects of the block mix ..."
Abstract

Cited by 17 (5 self)
 Add to MetaCart
This paper proposes the Turing stream cipher. Turing offers up to 256bit key strength, and is designed for extremely efficient software implementation. It combines an LFSR generator based on that of SOBER[27] with a keyed mixing function reminiscent of a block cipher round. Aspects of the block mixer round have been derived from Rijndael[20], Twofish[21], tc24[23] and SAFER[22].
OnChip Lookup Tables for Fast SymmetricKey Encryption
 PROCEEDINGS OF THE IEEE INTERNATIONAL CONF. ON APPLICATIONSPECIFIC SYSTEMS, ARCHITECTURES AND PROCESSORS
, 2005
"... On public communication networks such as the Internet, data confidentiality can be provided by symmetrickey ciphers. One of the most common operations used in symmetrickey ciphers are table lookups. These frequently constitute the largest fraction of the execution time when the ciphers are impleme ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
On public communication networks such as the Internet, data confidentiality can be provided by symmetrickey ciphers. One of the most common operations used in symmetrickey ciphers are table lookups. These frequently constitute the largest fraction of the execution time when the ciphers are implemented using a typical RISClike instruction set. To accelerate these table lookups, we describe a new hardware module, called PTLU (for Parallel Table Lookup), which consists of multiple lookup tables that can be accessed in parallel. A novel combinational circuit included in the module can optionally perform simple logic operations on the data read from the tables. On a singleissue 64bit RISC processor, PTLU provides maximum speedups of 7.7 for AES and 5.4 for DES. With wordsize scaling, PTLU speedups are significantly higher than that available through more conventional architectural techniques such as superscalar or VLIW execution.
Perfect diffusion primitives for block ciphers
 In [14
, 2004
"... Abstract. Although linear perfect diffusion primitives, i.e. MDS matrices, are widely used in block ciphers, e.g. AES, very little systematic work has been done on how to find "efficient " ones. In this paper we attempt to do so by considering software implementations on various platforms. ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
Abstract. Although linear perfect diffusion primitives, i.e. MDS matrices, are widely used in block ciphers, e.g. AES, very little systematic work has been done on how to find "efficient " ones. In this paper we attempt to do so by considering software implementations on various platforms. These considerations lead to interesting combinatorial problems: how to maximize the number of occurrences of 1 in those matrices, and how to minimize the number of pairwise different entries. We investigate these problems and construct efficient 4*4 and 8*8 MDS matrices to be used e.g. in block ciphers. 1 Introduction Block ciphers are cascades of diffusion and confusion layers [9]. We usually formalize confusion layers as application of substitution boxes which are defined by lookup tables. Since those tables must be as small as possible for implementationreasons, confusion layers apply substitution in parallel on pieces of informations, e.g. elements whose values lie in a set K of size 256. The goal of diffusion is tomix up those pieces. One possibility for formalizing the notion of perfect diffusion is the concept of multipermutation which was introduced in [8, 10]. Bydefinition, a diffusion function f from Kp to Kq is a multipermutation if for any x1,..., xp 2 K and any integer r such that 1 < = r < = p, the influence of modifying r input values on f (x1,..., xp) is to modify at least q r + 1 output values.Another way to define it consists of saying that the set of all words consisting of
Subword Sorting with Versatile Permutation Instructions
, 2002
"... Subword parallelism has succeeded in accelerating many multimedia applications. Subword permutation instructions have been proposed to efficiently rearrange subwords in or among registers. Bitlevel permutation instructions have also been proposed recently for their importance in cryptography. Howev ..."
Abstract

Cited by 9 (7 self)
 Add to MetaCart
Subword parallelism has succeeded in accelerating many multimedia applications. Subword permutation instructions have been proposed to efficiently rearrange subwords in or among registers. Bitlevel permutation instructions have also been proposed recently for their importance in cryptography. However, some important algorithms, especially ones with lots of conditional control dependencies such as sorting, have not exploited the advantage of subword parallel instructions. In this paper, we show how one of the bit permutation instructions, GRP, can be used for fast sorting. In the process, we demonstrate the versatility of this permutation instruction for uses other than bit permutations. This versatility is important in considering the addition of a new instruction to a generalpurpose processor. The results show that our sorting methods have a significant speedup even when compared with the fastest sorting algorithms. We also discuss the hardware implementation of the GRP instruction and compare its latency to a typical processor's cycle time.
Performance analysis of AES candidates on the 6805 CPU core
 Proceedings of The Second AES Candidate Conference
, 1999
"... The AES candidate block ciphers Crypton, Mars, RC6, Rijndael, and Serpent were implemented on the Motorola 6805 series 8bit architecture. Their performance, including ROM and RAM sizes and time to encrypt a single block, was measured in simulation, and the results presented and compared with result ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
The AES candidate block ciphers Crypton, Mars, RC6, Rijndael, and Serpent were implemented on the Motorola 6805 series 8bit architecture. Their performance, including ROM and RAM sizes and time to encrypt a single block, was measured in simulation, and the results presented and compared with results for the other NIST cryptography algorithms SHA and DEA and previously published results for AES candidate Twofish. Rijndael was found to be the clear “winner”, but the ciphers Crypton, Serpent, and Twofish also performed acceptably. The NIST is currently evaluating block cipher algorithms as part of its Advanced Encryption Standard development effort. Among the requirements for the AES is that it should be efficient on small 8bit processors as found in smart cards. Unfortunately, although most of the AES submissions presented performance estimates (sometimes even timings of actual implementations) for some kind of 8bit processor, there were almost as many 8bit processors used as there were submissions. In this paper, we hope to rectify this by implementing the most likely AES candidates for a single 8bit platform, the Motorola 6805 series [3] and measuring their performance in simulation. The candidates chosen were Crypton, Mars, RC6, Rijndael, and Serpent. The authors of the Twofish AES submission [8] have already implemented Twofish on a 6805 CPU, so we simply quote their results below. These include the fastest five algorithms on the reference platform. There is some discussion below of the next two fastest candidates, CAST and E2. 1 The 6805 processors The processor family we chose is based around the Motorola HC05 core. There are a large number of variants, all of which use the same instruction set and tim