Results 11  20
of
64
CorrelationEnhanced Power Analysis Collision Attack
"... Abstract. Sidechannel based collision attacks are a mostly disregarded alternative to DPA for analyzing unprotected implementations. The advent of strong countermeasures, such as masking, has made further research in collision attacks seemingly in vain. In this work, we show that the principles of ..."
Abstract

Cited by 18 (11 self)
 Add to MetaCart
(Show Context)
Abstract. Sidechannel based collision attacks are a mostly disregarded alternative to DPA for analyzing unprotected implementations. The advent of strong countermeasures, such as masking, has made further research in collision attacks seemingly in vain. In this work, we show that the principles of collision attacks can be adapted to efficiently break some masked hardware implementation of the AES which still have firstorder leakage. The proposed attack breaks an AES implementation based on the corrected version of the masked Sbox of Canright and Batina presented at ACNS 2008. The attack requires only six times the number of traces necessary for breaking a comparable unprotected implementation. At the same time, the presented attack has minimal requirements on the abilities and knowledge of an adversary. The attack requires no detailed knowledge about the design, nor does it require a profiling phase. 1
Parallel Multipliers Based on Special Irreducible Pentanomials
 IEEE Trans on Computers
, 2003
"... Abstract—The stateoftheart Galois field GFð2 m Þ multipliers offer advantageous space and time complexities when the field is generated by some special irreducible polynomial. To date, the best complexity results have been obtained when the irreducible polynomial is either a trinomial or an equal ..."
Abstract

Cited by 18 (0 self)
 Add to MetaCart
(Show Context)
Abstract—The stateoftheart Galois field GFð2 m Þ multipliers offer advantageous space and time complexities when the field is generated by some special irreducible polynomial. To date, the best complexity results have been obtained when the irreducible polynomial is either a trinomial or an equally spaced polynomial (ESP). Unfortunately, there exist only a few irreducible ESPs in the range of interest for most of the applications, e.g., errorcorrecting codes, computer algebra, and elliptic curve cryptography. Furthermore, it is not always possible to find an irreducible trinomial of degree m in this range. For those cases where neither an irreducible trinomial nor an irreducible ESP exists, the use of irreducible pentanomials has been suggested. Irreducible pentanomials are abundant, and there are several eligible candidates for a given m. In this paper, we promote the use of two special types of irreducible pentanomials. We propose new Mastrovito and dual basis multiplier architectures based on these special irreducible pentanomials and give rigorous analyses of their space and time complexity. Index Terms—Finite fields arithmetic, parallel multipliers, pentanomials, multipliers for GFð2 m Þ. æ
Turing: A Fast Stream Cipher
, 2002
"... This paper proposes the Turing stream cipher. Turing offers up to 256bit key strength, and is designed for extremely efficient software implementation. It combines an LFSR generator based on that of SOBER[27] with a keyed mixing function reminiscent of a block cipher round. Aspects of the block mix ..."
Abstract

Cited by 17 (5 self)
 Add to MetaCart
This paper proposes the Turing stream cipher. Turing offers up to 256bit key strength, and is designed for extremely efficient software implementation. It combines an LFSR generator based on that of SOBER[27] with a keyed mixing function reminiscent of a block cipher round. Aspects of the block mixer round have been derived from Rijndael[20], Twofish[21], tc24[23] and SAFER[22].
A Very Compact "Perfectly Masked" SBox for AES
 In Applied Cryptography and Network Security  ACNS 2008, volume 5037 of LNCS
, 2008
"... Abstract. Implementations of the Advanced Encryption Standard (AES), including hardware applications with limited resources (e.g., smart cards), may be vulnerable to “sidechannel attacks ” such as differential power analysis. One countermeasure against such attacks is adding a random mask to the da ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Implementations of the Advanced Encryption Standard (AES), including hardware applications with limited resources (e.g., smart cards), may be vulnerable to “sidechannel attacks ” such as differential power analysis. One countermeasure against such attacks is adding a random mask to the data; this randomizes the statistics of the calculation at the cost of computing “mask corrections. ” The single nonlinear step in each AES round is the “Sbox ” (involving a Galois inversion), which incurs the majority of the cost for mask corrections. Oswald et al.[1] showed how the “tower field ” representation allows maintaining an additive mask throughout the Galois inverse calculation. This work applies a similar masking strategy to the most compact (unmasked) Sbox to date[2]. The result is the most compact masked Sbox so far, with “perfect masking” (by the definition of Blömer[3]) giving suitable implementations immunity to firstorder differential sidechannel attacks. keywords: AES, Sbox, masking, DPA, composite Galois field
Systematic evaluation of compact hardware implementations for the Rijndael Sbox
 In Topics in Cryptology — CTRSA 2005
, 2005
"... Abstract. This work proposes a compact implementation of the AES Sbox using composite field arithmetic in GF(((2 2) 2) 2). It describes a systematic exploration of different choices for the irreducible polynomials that generate the extension fields. It also examines all possible transformation matr ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
(Show Context)
Abstract. This work proposes a compact implementation of the AES Sbox using composite field arithmetic in GF(((2 2) 2) 2). It describes a systematic exploration of different choices for the irreducible polynomials that generate the extension fields. It also examines all possible transformation matrices that map one field representation to another. We show that the area of Satoh’s Sbox, which is the most compact to our knowledge, is at least 5 % away from an optimal solution. We implemented this optimal solution and Satoh’s design using a 0.18 µm standard cell library. Keywords: AES, Sbox, inversion in GF (2 n), composite fields, smart card implementation
The tClass of SOBER Stream Ciphers
, 2000
"... This paper proposes the tclass of SOBER stream ciphers: t8, t16 and t32. t8, t16 and t32 offer 64, 128 and 256bit key strength respectively. The tclass ciphers are based on the same principles as the original SOBER family: SOBER [17], SOBERII [18], S16 and S32 [19], utilising the structure SOB ..."
Abstract

Cited by 9 (5 self)
 Add to MetaCart
This paper proposes the tclass of SOBER stream ciphers: t8, t16 and t32. t8, t16 and t32 offer 64, 128 and 256bit key strength respectively. The tclass ciphers are based on the same principles as the original SOBER family: SOBER [17], SOBERII [18], S16 and S32 [19], utilising the structure SOBERII and S16 are based. The tclass ciphers are software stream ciphers designed for software implementation. Changes between the tclass and the original SOBER family are centred around constructing a stronger nonlinear filter and more secure key loading. Also, t32 is now based on the same structure as t8 and t16 (S32 had a different structure). Much of the analysis of SOBERII and S16 applies to the tclass; this paper discusses the applications of such analyses to the tclass and introduces further analyses. The output streams from these ciphers have proven to perform well in all statistical tests.
Efficient Implementation of Rijndael Encryption With Composite Field Arithmetic
"... We explore the use of subfield arithmetic for efficient implementations Galois Field arithmetic in the context of Rijndael cipher. ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
We explore the use of subfield arithmetic for efficient implementations Galois Field arithmetic in the context of Rijndael cipher.
Some remarks on efficient inversion in finite fields
 In 1995 IEEE International Symposium on Information Theory
, 1995
"... ..."
High Speed Architecture for Galois/Counter Mode of Operation (GCM)
 IACR PREPRINT ARCHIVE
, 2005
"... In this paper we present a fully pipelined high speed hardware architecture for Galois/Counter Mode of Operation (GCM) by analyzing the data dependencies in the GCM algorithm at the architecture level. We show that GCM encryption circuit and GCM authentication circuit have similar critical path dela ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
In this paper we present a fully pipelined high speed hardware architecture for Galois/Counter Mode of Operation (GCM) by analyzing the data dependencies in the GCM algorithm at the architecture level. We show that GCM encryption circuit and GCM authentication circuit have similar critical path delays resulting in an efficient pipeline structure. The proposed GCM architecture yields a throughput of 34 Gbps running at 271 MHz using a 0.18 µm CMOS standard cell library.
Finite field polynomial multiplication in the frequency domain with application to elliptic curve cryptography
 In Proceedings of the 21th International Symposium on Computer and Information Sciences (ISCIS 2006), volume 4263 of Lecture Notes in Computer Science (LNCS
, 2006
"... Abstract. We introduce an efficient method for computing Montgomery products of polynomials in the frequency domain. The discrete Fourier transform (DFT) based method originally proposed for integer multiplication provides an extremely efficient method with the best asymptotic complexity, i.e. O(m l ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
(Show Context)
Abstract. We introduce an efficient method for computing Montgomery products of polynomials in the frequency domain. The discrete Fourier transform (DFT) based method originally proposed for integer multiplication provides an extremely efficient method with the best asymptotic complexity, i.e. O(m log m log log m), for multiplication of mbit integers or (m − 1) st degree polynomials. However, the original DFT method bears significant overhead due to the conversions between the time and the frequency domains which makes it impractical for short operands as used in many applications. In this work, we introduce DFT modular multiplication which performs the entire modular multiplication (including the reduction step) in the frequency domain, and thus eliminates costly back and forth conversions. We show that, especially in computationally constrained platforms, multiplication of finite field elements may be achieved more efficiently in the frequency domain than in the time domain for operand sizes relevant to elliptic curve cryptography (ECC). To the best of our knowledge, this is the first work that proposes the use of frequency domain arithmetic for ECC and shows that it can be efficient. Key Words: Finite field multiplication, DFT, elliptic curve cryptography. 1