The Experts below are selected from a list of 20229 Experts worldwide ranked by ideXlab platform
Bok-min Goi - One of the best experts on this subject based on the ideXlab platform.
-
Fast implementation of Block Ciphers and PRNGs in Maxwell GPU architecture
Cluster Computing, 2016Co-Authors: Wai-kong Lee, Hon-sang Cheong, Raphael C-w Phan, Bok-min GoiAbstract:GPU is widely used in various applications that require huge computational power. In this paper, we contribute to the cryptography and high performance computing research community by presenting techniques to accelerate symmetric Block Ciphers (AES-128, CAST-128, Camellia, SEED, IDEA, Blowfish and Threefish) in NVIDIA GTX 980 with Maxwell architecture. The proposed techniques consider various aspects of Block cipher implementation in GPU, including the placement of encryption keys and T-box in memory, thread Block size, cipher operating mode, parallel granularity and data copy between CPU and GPU. We proposed a new method to store the encryption keys in registers with high access speed and exchange it with other threads by using the warp shuffle operation in GPU. The Block Ciphers implemented in this paper operate in CTR mode, and able to achieve high encryption speed with 149 Gbps (AES-128), 143 Gbps (CAST-128), 124 Gbps (Camelia), 112 Gbps (SEED), 149 Gbps (IDEA), 111 Gbps (Blowfish) and 197 Gbps (Threefish). To the best of our knowledge, this is the first implementation of Block Ciphers that exploits warp shuffle, an advanced feature in NVIDIA GPU. On the other hand, Block Ciphers can be used as pseudorandom number generator (PRNG) when it is operating under counter mode (CTR), but the speed is usually slower compare to other PRNG using lighter operations. Hence, we attempt to modify IDEA and Blowfish in order to achieve faster PRNG generation. The modified IDEA and Blowfish manage to pass all NIST Statistical Test and TestU01 SmallCrush except the more stringent tests in TestU01 (Crush and BigCrush).
-
Fast implementation of Block Ciphers and PRNGs in Maxwell GPU architecture
Cluster Computing, 2016Co-Authors: Wai-kong Lee, Hon-sang Cheong, Raphael C-w Phan, Bok-min GoiAbstract:GPU is widely used in various applications that require huge computational power. In this paper, we contribute to the cryptography and high performance computing research community by presenting techniques to accelerate symmetric Block Ciphers (AES-128, CAST-128, Camellia, SEED, IDEA, Blowfish and Threefish) in NVIDIA GTX 980 with Maxwell architecture. The proposed techniques consider various aspects of Block cipher implementation in GPU, including the placement of encryption keys and T-box in memory, thread Block size, cipher operating mode, parallel granularity and data copy between CPU and GPU. We proposed a new method to store the encryption keys in registers with high access speed and exchange it with other threads by using the warp shuffle operation in GPU. The Block Ciphers implemented in this paper operate in CTR mode, and able to achieve high encryption speed with 149 Gbps (AES-128), 143 Gbps (CAST-128), 124 Gbps (Camelia), 112 Gbps (SEED), 149 Gbps (IDEA), 111 Gbps (Blowfish) and 197 Gbps (Threefish). To the best of our knowledge, this is the first implementation of Block Ciphers that exploits warp shuffle, an advanced feature in NVIDIA GPU. On the other hand, Block Ciphers can be used as pseudorandom number generator (PRNG) when it is operating under counter mode (CTR), but the speed is usually slower compare to other PRNG using lighter operations. Hence, we attempt to modify IDEA and Blowfish in order to achieve faster PRNG generation. The modified IDEA and Blowfish manage to pass all NIST Statistical Test and TestU01 SmallCrush except the more stringent tests in TestU01 (Crush and BigCrush).
Louis Wingers - One of the best experts on this subject based on the ideXlab platform.
-
the simon and speck lightweight Block Ciphers
Design Automation Conference, 2015Co-Authors: Ray Beaulieu, Douglas Shors, Jason Smith, Bryan Weeks, Stefan Treatmanclark, Louis WingersAbstract:The Simon and Speck families of Block Ciphers were designed specifically to offer security on constrained devices, where simplicity of design is crucial. However, the intended use cases are diverse and demand flexibility in implementation. Simplicity, security, and flexibility are ever-present yet conflicting goals in cryptographic design. This paper outlines how these goals were balanced in the design of Simon and Speck.
-
simon and speck Block Ciphers for the internet of things
IACR Cryptology ePrint Archive, 2015Co-Authors: Ray Beaulieu, Douglas Shors, Jason Smith, Bryan Weeks, Stefan Treatmanclark, Louis WingersAbstract:The U.S. National Security Agency (NSA) developed the Simon and Speck families of lightweight Block Ciphers as an aid for securing applications in very constrained environments where AES may not be suitable. This paper summarizes the algorithms, their design rationale, along with current cryptanalysis and implementation results.
-
LightSec - The Simon and Speck Block Ciphers on AVR 8-Bit Microcontrollers
Lecture Notes in Computer Science, 2014Co-Authors: Ray Beaulieu, Douglas Shors, Jason Smith, Stefan Treatman-clark, Bryan Weeks, Louis WingersAbstract:The last several years have witnessed a surge of activity in lightweight cryptographic design. Many lightweight Block Ciphers have been proposed, targeted mostly at hardware applications. Typically software performance has not been a priority, and consequently software performance for many of these algorithms is unexceptional. Simon and Speck are lightweight Block cipher families developed by the U.S. National Security Agency for high performance in constrained hardware and software environments. In this paper, we discuss software performance and demonstrate how to achieve high performance implementations of Simon and Speck on the AVR family of 8-bit microcontrollers. Both Ciphers compare favorably to other lightweight Block Ciphers on this platform. Indeed, Speck seems to have better overall performance than any existing Block cipher — lightweight or not.
-
The and Block Ciphers on AVR 8-bit Microcontrollers ?
2014Co-Authors: Ray Beaulieu, Douglas Shors, Jason Smith, Stefan Treatman-clark, Bryan Weeks, Louis WingersAbstract:The last several years have witnessed a surge of activity in lightweight cryptographic design. Many lightweight Block Ciphers have been proposed, targeted mostly at hardware applications. Typically soft- ware performance has not been a priority, and consequently software performance for many of these algorithms is unexceptional. Simon and Speck are lightweight Block cipher families developed by the U.S. Na- tional Security Agency for high performance in constrained hardware and software environments. In this paper, we discuss software performance and demonstrate how to achieve high performance implementations of Simon and Speck on the AVR family of 8-bit microcontrollers. Both ci- phers compare favorably to other lightweight Block Ciphers on this plat- form. Indeed, Speck seems to have better overall performance than any existing Block cipher | lightweight or not.
-
the simon and speck Block Ciphers on avr 8 bit microcontrollers
IACR Cryptology ePrint Archive, 2014Co-Authors: Ray Beaulieu, Douglas Shors, Jason Smith, Bryan Weeks, Stefan Treatmanclark, Louis WingersAbstract:The last several years have witnessed a surge of activity in lightweight cryptographic design. Many lightweight Block Ciphers have been proposed, targeted mostly at hardware applications. Typically software performance has not been a priority, and consequently software performance for many of these algorithms is unexceptional. Simon and Speck are lightweight Block cipher families developed by the U.S. National Security Agency for high performance in constrained hardware and software environments. In this paper, we discuss software performance and demonstrate how to achieve high performance implementations of Simon and Speck on the AVR family of 8-bit microcontrollers. Both Ciphers compare favorably to other lightweight Block Ciphers on this platform. Indeed, Speck seems to have better overall performance than any existing Block cipher — lightweight or not.
David Wagner - One of the best experts on this subject based on the ideXlab platform.
-
Tweakable Block Ciphers
Journal of Cryptology, 2010Co-Authors: Moses Liskov, Ronald L. Rivest, David WagnerAbstract:A common trend in applications of Block Ciphers over the past decades has been to employ Block Ciphers as one piece of a “mode of operation”—possibly, a way to make a secure symmetric-key cryptosystem, but more generally, any cryptographic application. Most of the time, these modes of operation use a wide variety of techniques to achieve a subgoal necessary for their main goal: instantiation of “essentially different” instances of the Block cipher. We formalize a cryptographic primitive, the “tweakable Block cipher.” Such a cipher has not only the usual inputs—message and cryptographic key—but also a third input, the “tweak.” The tweak serves much the same purpose that an initialization vector does for CBC mode or that a nonce does for OCB mode. Our abstraction brings this feature down to the primitive Block-cipher level, instead of incorporating it only at the higher modes-of-operation levels. We suggest that (1) tweakable Block Ciphers are easy to design, (2) the extra cost of making a Block cipher “tweakable” is small, and (3) it is easier to design and prove the security of applications of Block Ciphers that need this variability using tweakable Block Ciphers.
-
CRYPTO - Tweakable Block Ciphers
Advances in Cryptology — CRYPTO 2002, 2002Co-Authors: Moses Liskov, Ronald L. Rivest, David WagnerAbstract:We propose a new cryptographic primitive, the "tweakable Block cipher." Such a cipher has not only the usual inputs - message and cryptographic key - but also a third input, the "tweak." The tweak serves much the same purpose that an initialization vector does for CBC mode or that a nonce does for OCB mode. Our proposal thus brings this feature down to the primitive Block-cipher level, instead of incorporating it only at the higher modes-of-operation levels. We suggest that (1) tweakable Block Ciphers are easy to design, (2) the extra cost of making a Block cipher "tweakable" is small, and (3) it is easier to design and prove modes of operation based on tweakable Block Ciphers.
-
tweakable Block Ciphers
International Cryptology Conference, 2002Co-Authors: Moses Liskov, Ronald L. Rivest, David WagnerAbstract:We propose a new cryptographic primitive, the "tweakable Block cipher." Such a cipher has not only the usual inputs - message and cryptographic key - but also a third input, the "tweak." The tweak serves much the same purpose that an initialization vector does for CBC mode or that a nonce does for OCB mode. Our proposal thus brings this feature down to the primitive Block-cipher level, instead of incorporating it only at the higher modes-of-operation levels. We suggest that (1) tweakable Block Ciphers are easy to design, (2) the extra cost of making a Block cipher "tweakable" is small, and (3) it is easier to design and prove modes of operation based on tweakable Block Ciphers.
-
Tweakable Block Ciphers - eScholarship
2002Co-Authors: Moses Liskov, Ronald L. Rivest, David WagnerAbstract:We propose a new cryptographic primitive, the tweakable Block cipher. Such a cipher has not only the usual inputs - message and cryptographic key - but also a third input, the tweak. The tweak serves much the same purpose that an initialization vector does for CBC mode or that a nonce does for OCB mode. Our proposal thus brings this feature down to the primitive Block-cipher level, instead of incorporating it only at the higher modes-of-operation levels. We suggest that (1) tweakable Block Ciphers are easy to design, (2) the extra cost of making a Block cipher tweakable is small, and (3) it is easier to design and prove modes of operation based on tweakable Block Ciphers.
Wai-kong Lee - One of the best experts on this subject based on the ideXlab platform.
-
Fast implementation of Block Ciphers and PRNGs in Maxwell GPU architecture
Cluster Computing, 2016Co-Authors: Wai-kong Lee, Hon-sang Cheong, Raphael C-w Phan, Bok-min GoiAbstract:GPU is widely used in various applications that require huge computational power. In this paper, we contribute to the cryptography and high performance computing research community by presenting techniques to accelerate symmetric Block Ciphers (AES-128, CAST-128, Camellia, SEED, IDEA, Blowfish and Threefish) in NVIDIA GTX 980 with Maxwell architecture. The proposed techniques consider various aspects of Block cipher implementation in GPU, including the placement of encryption keys and T-box in memory, thread Block size, cipher operating mode, parallel granularity and data copy between CPU and GPU. We proposed a new method to store the encryption keys in registers with high access speed and exchange it with other threads by using the warp shuffle operation in GPU. The Block Ciphers implemented in this paper operate in CTR mode, and able to achieve high encryption speed with 149 Gbps (AES-128), 143 Gbps (CAST-128), 124 Gbps (Camelia), 112 Gbps (SEED), 149 Gbps (IDEA), 111 Gbps (Blowfish) and 197 Gbps (Threefish). To the best of our knowledge, this is the first implementation of Block Ciphers that exploits warp shuffle, an advanced feature in NVIDIA GPU. On the other hand, Block Ciphers can be used as pseudorandom number generator (PRNG) when it is operating under counter mode (CTR), but the speed is usually slower compare to other PRNG using lighter operations. Hence, we attempt to modify IDEA and Blowfish in order to achieve faster PRNG generation. The modified IDEA and Blowfish manage to pass all NIST Statistical Test and TestU01 SmallCrush except the more stringent tests in TestU01 (Crush and BigCrush).
-
Fast implementation of Block Ciphers and PRNGs in Maxwell GPU architecture
Cluster Computing, 2016Co-Authors: Wai-kong Lee, Hon-sang Cheong, Raphael C-w Phan, Bok-min GoiAbstract:GPU is widely used in various applications that require huge computational power. In this paper, we contribute to the cryptography and high performance computing research community by presenting techniques to accelerate symmetric Block Ciphers (AES-128, CAST-128, Camellia, SEED, IDEA, Blowfish and Threefish) in NVIDIA GTX 980 with Maxwell architecture. The proposed techniques consider various aspects of Block cipher implementation in GPU, including the placement of encryption keys and T-box in memory, thread Block size, cipher operating mode, parallel granularity and data copy between CPU and GPU. We proposed a new method to store the encryption keys in registers with high access speed and exchange it with other threads by using the warp shuffle operation in GPU. The Block Ciphers implemented in this paper operate in CTR mode, and able to achieve high encryption speed with 149 Gbps (AES-128), 143 Gbps (CAST-128), 124 Gbps (Camelia), 112 Gbps (SEED), 149 Gbps (IDEA), 111 Gbps (Blowfish) and 197 Gbps (Threefish). To the best of our knowledge, this is the first implementation of Block Ciphers that exploits warp shuffle, an advanced feature in NVIDIA GPU. On the other hand, Block Ciphers can be used as pseudorandom number generator (PRNG) when it is operating under counter mode (CTR), but the speed is usually slower compare to other PRNG using lighter operations. Hence, we attempt to modify IDEA and Blowfish in order to achieve faster PRNG generation. The modified IDEA and Blowfish manage to pass all NIST Statistical Test and TestU01 SmallCrush except the more stringent tests in TestU01 (Crush and BigCrush).
Angelos D. Keromytis - One of the best experts on this subject based on the ideXlab platform.
-
Elastic Block Ciphers: method, security and instantiations
International Journal of Information Security, 2009Co-Authors: Debra L. Cook, Moti Yung, Angelos D. KeromytisAbstract:We introduce the concept of an elastic Block cipher which refers to stretching the supported Block size of a Block cipher to any length up to twice the original Block size while incurring a computational workload that is proportional to the Block size. Our method uses the round function of an existing Block cipher as a black box and inserts it into a substitution- permutation network. Our method is designed to enable us to form a reduction between the elastic and the original versions of the cipher. Using this reduction, we prove that the elastic version of a cipher is secure against key-recovery attacks if the original cipher is secure against such attacks. We note that while reduction-based proofs of security are a cornerstone of cryptographic analysis, they are typical when complete components are used as sub-components in a larger design. We are not aware of the use of such techniques in the case of concrete Block cipher designs. We demonstrate the general applicability of the elastic Block cipher method by constructing examples from existing Block Ciphers: AES, Camellia, MISTY1, and RC6. We compare the performance of the elastic versions to that of the original versions and evaluate the elastic versions using statistical tests measuring the randomness of the ciphertext. We also use our examples to demonstrate the concept of a generic key schedule for Block Ciphers.
-
Elastic Block Ciphers: method, security and instantiations
International Journal of Information Security, 2009Co-Authors: Debra L. Cook, Moti Yung, Angelos D. KeromytisAbstract:We introduce the concept of an elastic Block cipher which refers to stretching the supported Block size of a Block cipher to any length up to twice the original Block size while incurring a computational workload that is proportional to the Block size. Our method uses the round function of an existing Block cipher as a black box and inserts it into a substitution- permutation network. Our method is designed to enable us to form a reduction between the elastic and the original versions of the cipher. Using this reduction, we prove that the elastic version of a cipher is secure against key-recovery attacks if the original cipher is secure against such attacks. We note that while reduction-based proofs of security are a cornerstone of cryptographic analysis, they are typical when complete components are used as sub-components in a larger design. We are not aware of the use of such techniques in the case of concrete Block cipher designs. We demonstrate the general applicability of the elastic Block cipher method by constructing examples from existing Block Ciphers: AES, Camellia, MISTY1, and RC6. We compare the performance of the elastic versions to that of the original versions and evaluate the elastic versions using statistical tests measuring the randomness of the ciphertext. We also use our examples to demonstrate the concept of a generic key schedule for Block Ciphers.
-
Elastic Block Ciphers in Practice: Constructions and Modes of Encryption
Proceedings of the 3rd European Conference on Computer Network Defense, 2009Co-Authors: Debra L. Cook, Moti Yung, Angelos D. KeromytisAbstract:We demonstrate the general applicability of the elastic Block cipher method by constructing examples from existing Block Ciphers: AES, Camellia, MISTY1 and RC6. An elastic Block cipher is a variable-length Block cipher created from an existing fixed-length Block cipher. The elastic version supports any Block size between one and two times that of the original Block size. We compare the performance of the elastic versions to that of the original versions and evaluate the elastic versions using statistical tests measuring the randomness of the ciphertext. The benefit, in terms of an increased rate of encryption, of using an elastic Block cipher varies based on the specific Block cipher and implementation. In most cases, there is an advantage to using an elastic Block cipher to encrypt Blocks that are a few bytes longer than the original Block length. The statistical test results indicate no obvious flaws in the method for constructing elastic Block Ciphers. We also use our examples to demonstrate the concept of a generic key schedule for Block Ciphers. In addition, we present ideas for new modes of encryption using the elastic Block cipher construction.
-
Elastic Block Ciphers
2006Co-Authors: Angelos D. Keromytis, Debra L. CookAbstract:Standard Block Ciphers are designed around one or a small number of Block sizes. From both a practical and a theoretical perspective, the question of how to efficiently support a range of Block sizes is of interest. In applications, the length of the data to be encrypted is often not a multiple of the supported Block size. This results in the use of plaintext-padding schemes that impose computational and space overheads. Furthermore, a variable-length Block cipher ideally provides a variable-length pseudorandom permutation and strong pseudorandom permutation, which are theoretical counterparts of practical Block Ciphers and correspond to ideal properties for a Block cipher. The focus of my research is the design and analysis of a method for creating variable-length Block Ciphers from existing fixed-length Block Ciphers. As the heart of the method, I introduce the concept of an elastic Block cipher, which refers to stretching the supported Block size of a Block cipher to any length up to twice the original Block size while incurring a computational workload that is proportional to the Block size. I create a structure, referred to as the elastic network, that uses the round function from any existing Block cipher in a manner that allows the properties of the round function to be maintained and results in the security of the elastic version of a Block cipher being directly related to that of the original version. By forming a reduction between the elastic and original versions, I prove that the elastic version of a cipher is secure against round-key recovery attacks if the original cipher is secure against such attacks. I illustrate the method by creating elastic versions of four existing Block Ciphers. In addition, the elastic network provides a new primitive structure for use in symmetric-key cipher design. It allows for the creation of variable-length pseudorandom permutations and strong pseudorandom permutations in the range of b to 2b bits from round functions that are independently chosen pseudorandom permutations on b bits.
