Tolga Yalcin

PRINCE: a low-latency block cipher for pervasive computing applications

This paper presents a block cipher that is optimized with respect to latency when implemented in hardware. Such ciphers are desirable for many future pervasive applications with real-time security needs. Our cipher, named PRINCE, allows encryption of data within one clock cycle with a very competitive chip area compared to known solutions. The fully unrolled fashion in which such algorithms need to be implemented calls for innovative design choices. The number of rounds must be moderate and rounds must have short delays in hardware. At the same time, the traditional need that a cipher has to be iterative with very similar round functions disappears, an observation that increases the design space for the algorithm. An important further requirement is that realizing decryption and encryption results in minimum additional costs. PRINCE is designed in such a way that the overhead for decryption on top of encryption is negligible. More precisely for our cipher it holds that decryption for one key corresponds to encryption with a related key. This property we refer to as α-reflection is of independent interest and we prove its soundness against generic attacks.

Block Ciphers – Focus on the Linear Layer (feat. PRIDE )

The linear layer is a core component in any substitution-permutation network block cipher. Its design significantly influences both the security and the efficiency of the resulting block cipher. Surprisingly, not many general constructions are known that allow to choose trade-offs between security and efficiency. Especially, when compared to Sboxes, it seems that the linear layer is crucially understudied. In this paper, we propose a general methodology to construct good, sometimes optimal, linear layers allowing for a large variety of trade-offs. We give several instances of our construction and on top underline its value by presenting a new block cipher. PRIDE is optimized for 8-bit micro-controllers and significantly outperforms all academic solutions both in terms of code size and cycle count.

A lightweight implementation of Keccak hash function for radio-frequency identification applications

In this paper, we present a lightweight implementation of the permutation Keccak-f[200] and Keccak-f[400] of the SHA-3 candidate hash function Keccak. Our design is well suited for radio-frequency identification (RFID) applications that have limited resources and demand lightweight cryptographic hardware. Besides its low-area and low-power, our design gives a decent throughput. To the best of our knowledge, it is also the first lightweight implementation of a sponge function, which differentiates it from the previous works. By implementing the new hash algorithm Keccak, we have utilized unique advantages of the sponge construction. Although the implementation is targeted for Application Specific Integrated Circuit (ASIC) platforms, it is also suitable for Field Programmable Gate Arrays (FPGA). To obtain a compact design, serialized data processing principles are exploited together with algorithm-specific optimizations. The design requires only 2.52K gates with a throughput of 8 Kbps at 100 KHz system clock based on 0.13-µm CMOS standard cell library.

Dietary Recommendations for Lightweight Block Ciphers: Power, Energy and Area Analysis of Recently Developed Architectures

In this paper we perform a comprehensive area, power, and energy analysis of some of the most recently-developed lightweight block ciphers and we compare them to the standard AES algorithm. We do this for several different architectures of the considered block ciphers. Our evaluation method consists of estimating the pre-layout power consumption and the derived energy using Cadence Encounter RTL Compiler and ModelSIM simulations. We show that the area is not always correlated to the power and energy consumption, which is of importance for mobile battery-fed devices. As a result, this paper can be used to make a choice of architecture when the algorithm has already been fixed; or it can help deciding which algorithm to choose based on energy and key/block length requirements.

Evaluation of Standardized Password-Based Key Derivation against Parallel Processing Platforms

Passwords are still the preferred method of user authentication for a large number of applications. In order to derive cryptographic keys from (human-entered) passwords, key-derivation functions are used. One of the most well-known key-derivation functions is the standardized PBKDF2 (RFC2898), which is used in TrueCrypt, CCMP of WPA2, and many more. In this work, we evaluate the security of PBKDF2 against password guessing attacks using state-of-the-art parallel computing architectures, with the goal to find parameters for the PBKDF2 that protect against today’s attacks. In particular we developed fast implementations of the PBKDF2 on FPGA-clusters and GPU-clusters. These two families of platforms both have a better price-performance ratio than PC-clusters and pose, thus, a great threat when running large scale guessing attacks. To the best of our knowledge, we demonstrate the fastest attacks against PBKDF2, and show that we can guess more than 65% of typical passwords in about one week.

Single-chip detector for electron spin resonance spectroscopy

We have realized an innovative integrated detector for electron spin resonance spectroscopy. The microsystem, consisting of an LC oscillator, a mixer, and a frequency division module, is integrated onto a single silicon chip using a conventional complementary metal-oxide-semiconductor technology. The implemented detection method is based on the measurement of the variation of the frequency of the integrated LC oscillator as a function of the applied static magnetic field, caused by the presence of a resonating sample placed over the inductor of the LC-tank circuit. The achieved room temperature spin sensitivity is about 10(10) spinsGHz(12) with a sensitive volume of about (100 microm)(3).

RAM-Based Ultra-Lightweight FPGA Implementation of PRESENT

In this paper, two different FPGA implementations of the lightweight cipher PRESENT are proposed. The main design strategy for both designs is the utilization of existing RAM blocks in FPGAs for the storage of internal states, thereby reducing the slice count. In the first design, S-boxes are realized within the slices, while in the second design they are also integrated into the same RAM block used for state storage. Both designs are well suited for lightweight applications, which are implemented on low-cost FPGA/CPLD devices. Besides low-area, a reasonable throughput is also obtained even though it is not the first concern. In addition to a single block RAM, the two designs occupy only 83 and 85 slices and produce a throughput of 6.03 and 5.13 Kbps at 100 KHz system clock on a Xilinx Spartan XC3S50 device, respectively.

Low-power design of a digital FM demodulator based on zero-cross detection at IF

A digital FM receiver/demodulator system, utilizing the zero-cross detection technique, is designed and implemented on a single IC. Zero-cross detection is performed at an IF frequency of 455 kHz. The system is simulated for BT=0.3 GMSK input with an input data rate of 8000 bps and displayed a better BER performance than coherent detectors. The developed system is implemented in 0.5 /spl mu/m triple-metal standard digital CMOS technology. Power dissipation of the resultant IC is less than its analog counterparts while the occupied silicon area is very small making it low cost. The FM receiver/demodulator IC is suitable to be used in low-power and low-cost mobile communication applications providing better BER performance than conventional systems, especially in noisy channels.

Memory encryption for smart cards

With the latest advances in attack methods, it has become increasingly more difficult to secure data stored on smart cards, especially on non-volatile memories (NVMs), which may store sensitive information such as cryptographic keys or program code. Lightweight and low-latency cryptographic modules are a promising solution to this problem. In this study, memory encryption schemes using counter (CTR) and XOR-Encrypt-XOR (XEX) modes of operation are adapted for the target application, and utilized using various implementations of the block ciphers AES and PRESENT. Both schemes are implemented with a block cipher-based address scrambling scheme, as well as a special write counter scheme in order to extend the lifetime of the encryption key in CTR-mode. Using the lightweight cipher PRESENT, it is possible to implement a smart card NVM encryption scheme with less than 6K gate equivalents and zero additional latency.

Low-power design of a 64-tap, 4-bit digital matched filter using systolic array architecture and CVSL circuit techniques in CMOS

A 4-bit 64-chip pseudo noise (PN) coded digital matched filter (DMF) is designed in 0.7 /spl mu/m CMOS technology using a systolic array (SA) architecture. Full-custom and full-static cascode voltage switch logic (CVSL) circuit techniques have been employed in the implementation of the basic building blocks (systoles) of the SA DMF. Significant reduction in number of transistors and power consumption have been achieved. The resultant IC is to be used at the receiver side of a wireless direct sequence spread spectrum (DSSS) communication system.