Ruhr-Universität Bochum zur Navigation zum Inhalt Startseite der RUB pix
 
 

pix
 
Das Siegel
pix
Topbild
Home
About
Contact

Conferences
Show (Calendar)

Implementations
Show

Papers
Show
Submit

Links
Show
pix www.lightweightcrypto.org
Your ressource for everything related to efficient cryptography
 
 
 
Home > Papers (Show)
pix Possible filter:  ASIC lightweight Assembly
Active filter:  crypto

A Survey of Lightweight-Cryptography Implementations
Author: T. Eisenbarth, S. Kumar, L. Uhsadel, C. Paar, A. Poschmann
Description:
The tight cost and implementation constraints of high-volume products, including secure RFID tags and smart cards, require specialized cryptographic implementations. The authors review recent developments in this area for symmetric and asymmetric ciphers, targeting embedded hardware and software. In this article, we present a selection of recently published lightweight-cryptography implementations and compare them to state-of-the-art results in their field.
Related Tags: ASIC, lightweight, crypto
go to paper open in new window/tab
Sidechannel Resistant Lightweight ASIC Implementations of DES and AES
Author: A. Poschmann
Description:
In this thesis, we investigate a new lightweight cipher based on DESX. We investigate the design criteria of DES presented in [Cop94] and derive stronger design criteria. We show that S-boxes, which satisfy our new design criteria are more resistant against both differential and linear cryptanalysis. Our new cipher DLX is similar to DES or DESX, respectively, except for the f-function. DES uses eight different S-boxes, whereas our cipher only repeatedly uses one improved S-box (eight times). The implementation results show that our new cipher DLX requires less chip size, less energy, and is more secure against both differential and linear cryptanalysis. We also show that DLX requires 40% less chip size, 85% less clock cycles, and consumes only about 10% of the energy than the best AES implementation with regard to RFIDs needs [FDW04]. In this thesis we also investigate side channel attacks on AES. We present a size- optimised VHDL design of the AES and its results for a standard cell implementation. We show, that this ASIC can easily be broken with a simple power analysis (SPA).
Related Tags: S-box, ASIC, VHDL, lightweight, crypto, embedded
go to paper open in new window/tab
Elliptic Curve Cryptography for Constrained Devices
Author: S. Kumar
Description:
There is a re-emerging demand for low-end devices such as 8-bit processors, driven by needs for pervasive applications like sensor networks and RF-ID tags. Security in pervasive applications, however, has been a major concern for their widespread acceptance. Public-key cryptosystems (PKC) like RSA and DSA generally involve computation-intensive arithmetic operations with operand sizes of 1024 - 2048 bits, making them impractical on such constrained devices. Elliptic Curve Cryptography (ECC) which has emerged as a viable alternative is a favored public-key cryptosystem for embedded systems due to its small key size, smaller operand length, and comparably low arithmetic requirements. However, implementing full-size, standardized ECC on 8-bit processors is still a major challenge and normally considered to be impracticable for small devices which are constrained in memory and computational power. The thesis at hand is a step towards showing the practicability of PKC and in particular ECC on constrained devices. We leverage the exibility that ECC provides with the different choices for parameters and algorithms at different hierarchies of the implementation. First a secure key exchange using PKC on a low-end wireless device with the computational power of a widely used 8-bit 8051 processor is presented. An Elliptic Curve Diffie-Hellman (ECDH) protocol is implemented over 131-bit Optimal Extension Field (OEF) purely in software. A secure end-to-end connection in an acceptable time of 3 seconds is shown to be possible on such constrained devices without requiring a cryptographic coprocessor. We also investigate the potential of software/hardware co-design for architectural enhancements including instruction set extensions for low-level arithmetic used in ECC, most notably to speed-up multiplication in the nite elds. We show that a standard compliant 163-bit point multiplication can be computed in 0.113 sec on an 8-bit AVR micro-controller running at 4 Mhz (a typical representative for a low-cost pervasive pro- cessor) with minimal additional hardware extensions. Our design not only accelerates the computation by a factor of more than 30 compared to a software-only solution, it also reduces the code-size and data-RAM. Two new custom instructions for the MIPS 32-bit processor architecture are also proposed to accelerate the reduction modulo a pseudo Mersenne prime. We also show that the efficiency of multiplication in an OEF can be improved by a modified multiply and accumulate unit with a wider accumula- tor. The proposed architectural enhancements achieve a speed-up factor of 1.8 on the MIPS processor. iii In addition, different architectural enhancements and optimal digit-size choices for the Least Signicant Digit (LSD) multiplier for binary elds are presented. The two different architectures, the Double Accumulator Multiplier (DAM) and N-Accumulator Multiplier (NAM) are both faster compared to traditional LSD multipliers. Later, an area/time efficient ECC processor architecture (for the OEFs of size 169, 289 and 361 bits) which performs all nite eld arithmetic operations in the discrete Fourier domain is described. We show that a small optimized implementation of ECC processor with 24k equivalent gates on a 0.35um CMOS process can be realized for 169-bit curve using the novel multiplier design. Finally we also present a highly area optimized ASIC implementation of the ECC processor for various standard compliant binary curves ranging from 133 ¡ 193 bits. An area between 10k and 18k gates on a 0.35um CMOS process is possible for the different curves which makes the design very attractive for enabling ECC in constrained devices.
Related Tags: crypto
go to paper open in new window/tab
Enabling Full-Size Public-Key Algorithms on 8-bit Sensor Nodes
Author: L. Uhsadel, A. Poschmann, C. Paar
Description:
In this article we present the fastest known implementation of a modular multiplication for a 160-bit standard compliant elliptic curve (secp160r1) for 8-bit micro controller which are typically used in WSNs. The major part (77%) of the processing time for an elliptic curve operation such as ECDSA or EC Diffie-Hellman is spent on modular multiplication. We present an optimized arithmetic algorithm which signicantly speed up ECC schemes. The reduced processing time also yields a signicantly lower energy consumption of ECC schemes. With our implementation results we can show that a 160-bit modular multiplication can be performed in 0.39 ms on an 8-bit AVR processor clocked at 7.37 MHz. This brings the vision of asymmetric cryptography in the eld of WSNs with all its benets for key-distribution and authentication a step closer to reality.
Related Tags: lightweight, Assembly, crypto, embedded
go to paper open in new window/tab
Are standards compliant elliptic curve cryptosystems feasible on RFID?
Author: S. Kumar, C. Paar
Description:
With elliptic curve cryptography emerging as a serious al- ternative, the desired level of security can be attained with signi¯cantly smaller key sizes. This makes ECC very attractive for small-footprint de- vices with limited computational capability, memory and low-bandwidth network connections. However ECC is still considered to be impracticable for very low-end constrained devices like sensor networks and RFID tags. We present a stand-alone highly area optimized ECC processor design for standards compliant binary field curves. We use the fast squarer implementation to construct an addition chain that allows inversion to be computed efficiently. Hence, we propose an affine co-ordinate ASIC im- plementation of the ECC processor using a modified Montgomery point multiplication method for binary curves ranging from 113-193 bits. An area between 10k and 18k gates on a 0.35um CMOS process is possi- ble for the different curves which makes the design very attractive for enabling ECC in constrained devices.
Related Tags: crypto
go to paper open in new window/tab
New Lightweight Crypto Algorithms for RFID
Author: G. Leander, C. Paar, A. Poschmann, K. Schramm
Description:
The authors propose a new block cipher, DESL (DES lightweight extension), which is strong, compact and efficient. Due to its low area constraints DESL is especially suited for RFID (radiofrequency identification) devices. DESL is based on the classical DES (data encryption standard) design, however, unlike DES it uses a single S-box repeated eight times. This approach makes it possible to considerably decrease chip size requirements. The S-box has been highly optimized in such a way that DESL resists common attacks, i.e., linear and differential cryptanalysis, and the Davies-Murphy-attack. Therefore DESL achieves a security level which is appropriate for many applications. Furthermore, we propose a light-weight implementation of DESL which requires 45% less chip size and 86% less clock cycles than the best AES implementations with regard to RFID applications. Compared to the smallest DES implementation published, our DESL design requires 38% less transistors. Our 0.18mum DESL implementation requires a chip size of 7392 transistors (1848 gate equivalences) and is capable to encrypt a 64-bit plaintext in 144 clock cycles. When clocked at 100 kHz, it draws an average current of only 0.89muA. These hardware figures are in the range of the best eSTREAM streamcipher candidates, comprising DESL as a new alternative for ultra low-cost encryption.
Related Tags: S-box, ASIC, VHDL, lightweight, crypto
go to paper open in new window/tab
Security for 1000 Gate Equivalents
Author: C. Rolfes, A. Poschmann, C. Paar
Description:
Product piracy and counterfeiting is a market with an annual turnover of hundreds of billions of US-Dollars. The application of RFID-tags is discussed widely to cope with this problem. A major obstacle for a mass deployment of RFID-tags, beside the harsh requirements on power consumption, are fabrication costs. In hardware fabrication costs are proportional to the required area. In this paper we present three different architectures of the present algorithm. Our implementation of the serialized architecture requires only 1000 GE. To the best of our knowledge this is the smallest hardware implementation of a cryptographic algorithm with a moderate security level.
Related Tags: crypto, Assembly
go to paper open in new window/tab
An Efficient General Purpose Elliptic Curve Cryptography Module for Ubiquitous Sensor Networks
Author: L. Uhsadel, A. Poschmann, and C. Paar
Description:
In this article we present the fastest known implementation of a modular multiplication for a 160-bit standard compliant elliptic curve (secp160r1) for 8-bit micro-controller which are typically used in ubiquitous sensor networks (USN). The major part (77%) of the processing time for an elliptic curve operation such as ECDSA or EC Diffie-Hellman is spent on modular multiplication. We present an optimized arithmetic algorithm which significantly speeds up ECC schemes. The reduced processing time also yields a significantly lower energy consumption of ECC schemes. We show that a 160-bit modular multiplication can be performed in 0.37 ms on an 8-bit AVR processor clocked at 8 MHz. This brings the vision of asymmetric cryptography in the field of USNs with all its benefits for key-distribution and authentication a step closer to reality.
Related Tags: ASIC, VHDL, Assembly, crypto
go to paper open in new window/tab
Comparison of Low-Power Public Key Cryptography on MICAz 8-Bit Micro Controller
Author: L. Uhsadel
Description:
The terms ubiquitous and pervasive computing designate the penetration of our ev- eryday life with intelligent devices. These tiny, constrained, and battery powered nodes are used to build WSNs that may process sensitive data. Therefore security as well as low energy consumption are crucial in this field. Since runtime scales with energy consumption efficient implementation is necessary at all costs. We will show by comparing of different implementations of asymmetric algorithms that ECC is a good choice in this case, as it allows shorter key length with adequate security level and furthermore can be efficiently implemented. We will provide mathematical background as well as algorithms for an efficient implementation. Subsequently we will present the fastest known implementation of a 160-bit multiplication, which is the core operation of the prime field of the standardized elliptic curve secp160r1. Even though the implementation is highly optimized for speed, the code-size of 5.4 KB and RAM requirements of 112 B are acceptable. The high efficient prime field is implemented in assembly and available on request. It is thought to be the base for high efficient curve implementations. A curve with basic optimizations is written in C and can also be reused. The 160-bit multiplication has a runtime of 0.39ms and requires with our C implementation of the curve 1.151s for a point multiplication. This could be optimized to approximately 0.76s for one point multiplication in combination with a highly efficient elliptic curve. Furthermore this would allow the execution of an ECDSA signature in less than one second without pre-calculation.
Related Tags: lightweight, crypto, embedded
go to paper open in new window/tab
New Lightweight DES Variants
Author: G. Leander, C. Paar, A. Poschmann, K. Schramm
Description:
In this paper we propose a new block cipher, DESL (DES Lightweight), which is based on the classical DES (Data Encryption Standard) design, but unlike DES it uses a single S-box rep eated eight times. On this account we adapt well-known DES S-box design criteria, such that they can be applied to the special case of a single S-box. Furthermore, we show that DESL is resistant against certain types of the most common attacks, i.e., linear and differential cryptanalyses, and the Davies-Murphy attack. Our hardware implementation results of DESL are very promising (1848 GE), therefore DESL is well suited for ultra-constrained devices such as RFID tags.
Related Tags: S-box, lightweight, crypto
go to paper open in new window/tab

 
 
Thursday, 28. March 2024 03:16:00 PM - www.lightweightcrypto.org