100 likes | 188 Views
New Block Cipher for Ultra-Compact Hardware. N BeeM みかか. A. Satoh K. Aoki. Rapid Growth of RFID market. Security for RFID. Security is very important for radio communication, but there is no room for cryptography in RFIDs. We need More room!. Bear (unpackaged) RFID chips.
E N D
New Block Cipher forUltra-Compact Hardware NBeeM みかか A. Satoh K. Aoki
Security for RFID Security is very important for radio communication, but there is no room for cryptography in RFIDs We need More room! Bear (unpackaged) RFID chips AES-16 for ultra-compact hardware is proposed
Architecture of AES-16 • AES-16 uses the design concept of AES • All the basic components are shrunk down to 1/8 AES-16 AES Data : 128 bits → 16bits Key : 128 bits → 16 bits
S-boxComparison AES AES-16 = S-box can be implemented as one inverter! 8-bit S-box defined over GF(28) is replaced by 1-bit S-box over GF(2)!
Performance comparison • Sizes and speeds were evaluated by using a 0.13-um ASIC library AES-16 achieved 1/5 gates with x5 throughput
Secure against Power Analysis A switching probability highly dependent on the input data pattern is the key for DPA success Very low power S-box with 100% switching probability gives no clue for DPA Innovative "Linear" Round Function
Secure against Cache Attack Cache attack measures the operating time depending on cache hit or miss to estimate the secret data MPU has enough cache memory for a 1-bit S-box table Cash Miss Cash Hit
Security Assessment of AES-16 Provably secure against Linear cryptanalysis, Higher-order differential attack, SQUARE attack, Boomerang attack, Truncated linear attack, etc. Provably secure against differential cryptanalysis All candidates show the same differential probability Because, it’s linear Why? Gotcha! It’s a liner
Conclusion 16-bit block cipher AES-16 • Ultra compact and high-speed H/W • Astonishing linear 1-bit S-box • Probably secure against all the side channel attacks and all the conventional cryptanalysis Tip-top cryptographers never speak about trivial brute force attack