1 / 128

ECE 545 Project Background Fall 2015

ECE 545 Project Background Fall 2015. Crypto 101. Cryptography is Everywhere. Buying a book on-line. Withdrawing cash from ATM. Backing up files on remote server. Teleconferencing over Intranets. Alice: I love you! Bob. Alice: I love you!

blake
Download Presentation

ECE 545 Project Background Fall 2015

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ECE 545 Project Background Fall 2015

  2. Crypto 101

  3. Cryptography is Everywhere Buying a book on-line Withdrawing cash from ATM Backing up files on remote server Teleconferencing over Intranets

  4. Alice: I love you! Bob

  5. Alice: I love you! Bob

  6. Basic Security Services (1) 1. Confidentiality Bob Alice Charlie 2. Message integrity Bob Alice Charlie 3. Message authentication Bob Alice Charlie

  7. Confidentiality Ciphers Alice Bob N Ciphertext N Message KAB KAB Cipher Cipher Message N Ciphertext KAB - Secret key of Alice and Bob N – Nonce or Initialization Vector

  8. Authentication Message Authentication Code - MAC Alice Bob Tag Tag Message Message KAB MAC KAB MAC Tag’ = valid/invalid Tag KAB - Secret key of Alice and Bob

  9. Confidentiality & Authentication Authenticated Ciphers Alice Bob N Ciphertext Tag N Message KAB KAB Authenticated Cipher Decryption Authenticated Cipher Encryption invalid or Message N Ciphertext Tag KAB - Secret key of Alice and Bob N – Nonce or Initialization Vector

  10. Confidentiality & Authentication Authenticated Ciphers KAB KAB Npub - Public Message Number Nsec - Secret Message Number Enc Nsec - Encrypted Secret Message Number AD - Associated Data KAB - Secret key of Alice and Bob

  11. Cryptographic Transformations Most Often Implemented in Practice Hash Functions Secret-Key Ciphers Block Ciphers Stream Ciphers message & user authentication encryption Public-Key Cryptosystems digital signatures key agreement key exchange

  12. Hash Function arbitrary length m message hash function h Collision Resistance: It is computationally infeasible to find such m and m’ that h(m)=h(m’) h(m) hash value fixed length

  13. Hash Functions in Digital Signature Schemes Alice Bob Signature Message Signature Message Hash function Hash function Hash value 1 Hash value yes no Hash value 2 Public key cipher Public key cipher Alice’s public key Alice’s private key

  14. Cryptographic Standards Before 1997 Secret-Key Block Ciphers 2005 1999 1977 IBM & NSA DES – Data Encryption Standard Triple DES 1995 2003 1993 Hash Functions NSA SHA-1–Secure Hash Algorithm SHA-2 SHA 2000 1970 1990 1980 2010 time

  15. Why a Contest for a Cryptographic Standard? • Avoid back-door theories • Speed-up the acceptance of the standard • Stimulate non-classified research on methods of • designing a specific cryptographic transformation • Focus the effort of a relatively small cryptographic • community

  16. Cryptographic Standard Contests IX.1997 X.2000 AES 15 block ciphers1 winner NESSIE I.2000 XII.2002 CRYPTREC XI.2004 IV.2008 34 stream 4 HW winners ciphers + 4 SW winners eSTREAM X.2012 X.2007 51 hash functions1 winner SHA-3 XII.2017 I.2013 CAESAR 57 authenticated ciphers  multiple winners 97 98 99 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 time

  17. Cryptographic Contests - Evaluation Criteria Security Software Efficiency Hardware Efficiency μProcessors μControllers FPGAs ASICs Licensing Simplicity Flexibility

  18. Specific Challenges of Evaluations in Cryptographic Contests • Very wide range of possible applications, and as a result • performance and cost targets • throughput: single Mbits/s to hundreds Gbits/s • cost: single cents to thousands of dollars • Winner in use for the next 20-30 years, implemented using • technologies not in existence today • Large number of candidates • Limited time for evaluation • Only one winner and the results are final

  19. Mitigating Circumstances • Security is a primary criterion • Performance of competing algorithms tend to very significantly • (sometimes as much as 500 times) • Only relatively large differences in performance matter • (typically at least 20%) • Multiple groups independently implement the same algorithms • (catching mistakes, comparing best results, etc.) • Second best may be good enough

  20. AES Contest 1997-2000

  21. Rules of the Contest Each team submits Detailed cipher specification Justification of design decisions Tentative results of cryptanalysis Source code in C Source code in Java Test vectors

  22. AES: Candidate Algorithms 2 8 4 Germany: Korea: Canada: CAST-256 Deal Magenta Crypton Japan: Belgium: USA: E2 Mars RC6 Twofish Safer+ HPC Rijndael France: 1 DFC Israel, UK, Norway: Australia: Costa Rica: LOKI97 Serpent Frog

  23. AES Contest Timeline June 1998 Round 1 15 Candidates CAST-256, Crypton, Deal, DFC, E2, Frog, HPC, LOKI97, Magenta, Mars, RC6, Rijndael, Safer+, Serpent, Twofish, Security Software efficiency August 1999 Round 2 5 final candidates Mars, RC6, Twofish (USA) Rijndael, Serpent (Europe) Security Software efficiency Hardware efficiency October 2000 1 winner: Rijndael Belgium

  24. NIST Report: Security & Simplicity Security MARS High Serpent Twofish Rijndael Adequate RC6 Simple Complex Simplicity

  25. Efficiency in software: NIST-specified platform 200 MHz Pentium Pro, Borland C++ Throughput [Mbits/s] 128-bit key 192-bit key 256-bit key 30 25 20 15 10 5 0 Rijndael Twofish RC6 Mars Serpent

  26. NIST Report: Software Efficiency Encryption and Decryption Speed 32-bit processors 64-bit processors DSPs Rijndael Twofish RC6 Rijndael Twofish high Rijndael Mars Twofish Mars RC6 Mars RC6 medium low Serpent Serpent Serpent

  27. Efficiency in FPGAs: Speed Xilinx Virtex XCV-1000 Throughput [Mbit/s] 500 444 George Mason University 431 450 414 University of Southern California 400 353 Worcester Polytechnic Institute 350 294 300 250 177 200 173 149 143 150 112 102 104 88 100 62 61 50 0 RC6 Mars Rijndael Twofish Serpent x1 Serpent x8

  28. Efficiency in ASICs: Speed MOSIS 0.5μm, NSA Group Throughput [Mbit/s] 700 606 128-bit key scheduling 600 3-in-1 (128, 192, 256 bit) key scheduling 500 443 400 300 202 202 200 105 105 103 104 57 57 100 0 Mars RC6 Twofish Rijndael Serpent x1

  29. Lessons Learned Results for ASICs matched very well results for FPGAs, and were both very different than software FPGA ASIC x8 x1 x1 GMU+USC, Xilinx Virtex XCV-1000 NSA Team, ASIC, 0.5μm MOSIS Serpent fastest in hardware, slowest in software

  30. Lessons Learned Hardware results matter! Final round of the AES Contest, 2000 Votes at the AES 3 conference Speed in FPGAs GMU results

  31. Limitations of the AES Evaluation • Optimization for maximum throughput • Single high-speedarchitecture per candidate • No use of embedded resources of FPGAs (Block RAMs, dedicated multipliers) • Single FPGA family from a single vendor: • Xilinx Virtex

  32. eSTREAM Contest 2004-2008

  33. eSTREAM - Contest for a new stream cipher standard PROFILE 1 (SW) • Stream cipher suitable for • software implementations optimized for high speed • Key size - 128 bits • Initialization vector – 64 bits or 128 bits PROFILE 2 (HW) • Stream cipher suitable for • hardware implementations with limited memory, • number of gates, or power supply • Key size - 80 bits • Initialization vector – 32 bits or 64 bits

  34. eSTREAM Contest Timeline April 2005 PROFILE 1 (SW) PROFILE 2 (HW) 25 Phase 1 Candidates 23 Phase 1 Candidates July 2006 20 Phase 2 Candidates 13 Phase 2 Candidates April 2007 8 Phase 3 Candidates 8 Phase 3 Candidates May 2008 4 winners: Grain v1, Mickey v2, Trivium, F-FCSR-H v2 4 winners: HC-128, Rabbit, Salsa20, SOSEMANUK

  35. Hardware Efficiency in FPGAs Xilinx Spartan 3, GMU SASC 2007 Throughput [Mbit/s] x64 12000 10000 Trivium 8000 x32 6000 4000 x16 x16 2000 Grain AES-CTR x1 Mickey-128 0 Area [CLB slices] 0 200 400 600 800 1000 1200 1400

  36. Lessons Learned Very large differences among 8 leading candidates ~30 x in terms of area ~500 x in terms of the throughput to area ratio

  37. SHA-3 Contest 2007-2012

  38. NIST SHA-3 Contest - Timeline Round 1 Round 3 Round 2 51 candidates 14 5 1 Dec. 2010 July 2009 Oct. 2012 Oct. 2008

  39. SHA-3 Round 2

  40. Throughput vs. Area Normalized to Results for SHA-256 and Averaged over 11 FPGA Families – 256-bit variants

  41. Throughput vs. Area Normalized to Results for SHA-512 and Averaged over 11 FPGA Families – 512-bit variants

  42. Primary Secondary 1. Throughput 2. Area 3. Throughput / Area 4. Hash Time for Short Messages (up to 1000 bits) Performance Metrics

  43. Overall Normalized Throughput: 256-bit variants of algorithmsNormalized to SHA-256, Averaged over 10 FPGA families

  44. 256-bit variants 512-bit variants Thr/Area Thr Area Short msg. Thr/Area Thr Area Short msg. BLAKE BMW CubeHash ECHO Fugue Groestl Hamsi JH Keccak Luffa Shabal SHAvite-3 SIMD Skein

  45. SHA-3 Round 3

  46. SHA-3 Contest Finalists

  47. New in Round 3 • Multiple Hardware Architectures • Effect of the Use of Embedded Resources • (Block RAMs, DSP units) • Low-Area Implementations

  48. BLAKE-256 in Virtex 5 x1 – basic iterative architecture /k(h) – horizontal folding by a factor of k /k(v) – vertical folding by a factor of k xk – unrolling by a factor of k xk-PPLn – unrolling by a factor ofkwith n pipeline stages

  49. 256-bit variants in Virtex 5

  50. 512-bit variants in Virtex 5

More Related