Miroslav Knezevic

PRINCE: a low-latency block cipher for pervasive computing applications

This paper presents a block cipher that is optimized with respect to latency when implemented in hardware. Such ciphers are desirable for many future pervasive applications with real-time security needs. Our cipher, named PRINCE, allows encryption of data within one clock cycle with a very competitive chip area compared to known solutions. The fully unrolled fashion in which such algorithms need to be implemented calls for innovative design choices. The number of rounds must be moderate and rounds must have short delays in hardware. At the same time, the traditional need that a cipher has to be iterative with very similar round functions disappears, an observation that increases the design space for the algorithm. An important further requirement is that realizing decryption and encryption results in minimum additional costs. PRINCE is designed in such a way that the overhead for decryption on top of encryption is negligible. More precisely for our cipher it holds that decryption for one key corresponds to encryption with a related key. This property we refer to as α-reflection is of independent interest and we prove its soundness against generic attacks.

SPONGENT: The Design Space of Lightweight Cryptographic Hashing

The design of secure yet efficiently implementable cryptographic algorithms is a fundamental problem of cryptography. Lately, lightweight cryptography--optimizing the algorithms to fit the most constrained environments--has received a great deal of attention, the recent research being mainly focused on building block ciphers. As opposed to that, the design of lightweight hash functions is still far from being well investigated with only few proposals in the public domain. In this paper, we aim to address this gap by exploring the design space of lightweight hash functions based on the sponge construction instantiated with present-type permutations. The resulting family of hash functions is called spongent. We propose 13 spongent variants--or different levels of collision and (second) preimage resistance as well as for various implementation constraints. For each of them, we provide several ASIC hardware implementations--ranging from the lowest area to the highest throughput. We make efforts to address the fairness of comparison with other designs in the field by providing an exhaustive hardware evaluation on various technologies, including an open core library. We also prove essential differential properties of spongent permutations, give a security analysis in terms of collision and preimage resistance, as well as study in detail dedicated linear distinguishers.

Fair and Consistent Hardware Evaluation of Fourteen Round Two SHA-3 Candidates

The first contribution of our paper is that we propose a platform, a design strategy, and evaluation criteria for a fair and consistent hardware evaluation of the second-round SHA-3 candidates. Using a SASEBO-GII field-programmable gate array (FPGA) board as a common platform, combined with well defined hardware and software interfaces, we compare all 256-bit version candidates with respect to area, throughput, latency, power, and energy consumption. Our approach defines a standard testing harness for SHA-3 candidates, including the interface specification for the SHA-3 module on our testing platform. The second contribution is that we provide both FPGA and 90-nm CMOS application-specific integrated circuit (ASIC) synthesis results and thereby are able to compare the results. Our third contribution is that we release the source code of all the candidates and by using a common, fixed, publicly available platform, our claimed results become reproducible and open for a public verification.

Faster Interleaved Modular Multiplication Based on Barrett and Montgomery Reduction Methods

This paper proposes two improved interleaved modular multiplication algorithms based on Barrett and Montgomery modular reduction. The algorithms are simple and especially suitable for hardware implementations. Four large sets of moduli for which the proposed methods apply are given and analyzed from a security point of view. By considering state-of-the-art attacks on public-key cryptosystems, we show that the proposed sets are safe to use, in practice, for both elliptic curve cryptography and RSA cryptosystems. We propose a hardware architecture for the modular multiplier that is based on our methods. The results show that concerning the speed, our proposed architecture outperforms the modular multiplier based on standard modular multiplication by more than 50 percent. Additionally, our design consumes less area compared to the standard solutions.

Tripartite modular multiplication

This paper presents a new modular multiplication algorithm that allows one to implement modular multiplications efficiently. It proposes a systematic approach for maximizing a level of parallelism when performing a modular multiplication. The proposed algorithm effectively integrates three different existing algorithms, a classical modular multiplication based on Barrett reduction, the modular multiplication with Montgomery reduction and the Karatsuba multiplication algorithms in order to reduce the computational complexity and increase the potential of parallel processing. The algorithm is suitable for both hardware implementations and software implementations in a multiprocessor environment. To show the effectiveness of the proposed algorithm, we implement several hardware modular multipliers and compare the area and performance results. We show that a modular multiplier using the proposed algorithm achieves a higher speed comparing to the modular multipliers based on the previously proposed algorithms.

Prototyping platform for performance evaluation of SHA-3 candidates

The objective of the SHA-3 NIST competition is to select, from multiple competing candidates, a standard algorithm for cryptographic hashing. The selected winner must have adequate cryptographic properties and good implementation characteristics over a wide range of target platforms, including both software and hardware. Performance evaluation in hardware is particularly challenging because of the large design space, wide range of target technologies, and multitude of optimization criteria. We describe the efforts of three research groups to evaluate SHA-3 candidates using a common prototyping platform. Using a SASEBO-GII FPGA board as a starting point, we evaluate the performance of the 14 remaining SHA-3 candidates with respect to area, throughput, and power consumption. Our approach defines a standard testing harness for SHA-3 candidates, including the interface specifications for the SHA-3 module on the SASEBO testing board.

Modular reduction without precomputational phase

In this paper we show how modular reduction for integers with Barrett and Montgomery algorithms can be implemented efficiently without using a precomputational phase. We propose four distinct sets of moduli for which this method is applicable. The proposed modifications of existing algorithms are very suitable for fast software and hardware implementations of some public-key cryptosystems and in particular of Elliptic Curve Cryptography. Additionally, our results show substantial improvement when a small number of reductions with a single modulus is performed.

Low-Latency ECDSA Signature Verification—A Road Toward Safer Traffic

Car-to-car and car-to-infrastructure messages exchanged in intelligent transportation systems can reach reception rates over 1000 messages per second. As these messages contain elliptic curve digital signature algorithm (ECDSA) signatures, this puts a very heavy load onto the verification hardware. In fact, the load is so high that, currently, it can only be achieved by implementations running on high-end CPUs and field-programmable gate arrays. These implementations are far from cost-effective or energy efficient. In this paper, we present an application-specified integrated circuit implementation of a dedicated ECDSA verification engine that can reach verification rates of up to 27 000 verifications per second, which is by far the fastest implementation on a single core reported in the literature.

Signal Processing for Cryptography and Security Applications

Embedded devices need both an efficient and a secure implementation of cryptographic primitives. In this chapter we show how common signal processing techniques are used in order to achieve both objectives. Regarding efficiency, we first give an example of accelerating hash function primitives using the retiming transformation, a well known technique to improve signal processing applications. Second, we outline the use of some special features of DSP processors and techniques earlier developed for efficient implementations of public-key algorithms. Regarding the secure implementations we outline the concept of side channel attacks and show how a multitude of techniques for preprocessing the data are used in such scenarios. Finally, we talk about fuzzy secrets and point out the use of DSP techniques for an important role in cryptography — a key derivation.

FPGA-based testing strategy for cryptographic chips: A case study on Elliptic Curve Processor for RFID tags

Testing of cryptographic chips or components has one extra dimension: physical security. The chip designers should improve the design if it leaks too much information through side-channels, such as timing, power consumption, electric-magnetic radiation, and so on. This requires an evaluation of the security level of the chip under different side-channel attacks before it is manufactured. This paper presents an FPGA-based testing strategy for cryptographic chips. Using a block-based architecture, a testing bus and a shadow FPGA, we are able to check information leakage of each block. We describe this strategy with an Elliptic Curve Cryptosystem (ECC) for RFID tags.