A Small GIFT-COFB: Lightweight Bit-Serial Architectures

Andrea Caforio⁹,
Daniel Collins⁹,
Subhadeep Banik¹⁰ &
…
Francesco Regazzoni^10,11

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13503))

Included in the following conference series:

International Conference on Cryptology in Africa

599 Accesses
1 Citations

Abstract

GIFT-COFB is a lightweight AEAD scheme and a submission to the ongoing NIST lightweight cryptography standardization process where it currently competes as a finalist. The construction processes 128-bit blocks with a key and nonce of the same size and has a small register footprint, only requiring a single additional 64-bit register. Besides the block cipher, the mode of operation uses a bit permutation and finite field multiplication with different constants. It is a well-known fact that implementing a hardware block cipher in a bit-serial manner, which advances only one bit in the computation pipeline in each clock cycle, results in the smallest circuits. Nevertheless, an efficient bit-serial circuit for a mode of operation that utilizes finite field arithmetic with multiple constants has yet to be demonstrated in the literature.

In this paper, we fill this gap regarding efficient field arithmetic in bit-serial circuits, and propose a lightweight circuit for GIFT-COFB that occupies less than 1500 GE, making it the to-date most area-efficient implementation of this construction. In a second step, we demonstrate how the additional operations in the mode can be executed concurrently with GIFT itself so that the total latency is significantly reduced whilst incurring only a modest area increase. Finally, we propose a first-order threshold implementation of GIFT-COFB, which we experimentally verify resists first-order side-channel analysis. (For the sake of reproducibility, the source code for all proposed designs is publicly available [14]).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic

£29.99 /Month

Get 10 units per month
Download Article/Chapter or eBook
1 Unit = 1 Article or 1 Chapter
Cancel anytime

Buy Now

Chapter: GBP 19.95; Price includes VAT (United Kingdom)

eBook: GBP 35.99; Price includes VAT (United Kingdom)

Softcover Book: GBP 44.99; Price includes VAT (United Kingdom)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

GIFT: A Small Present

Fides: Lightweight Authenticated Cipher with Side-Channel Resistance for Constrained Hardware

On the Design of Bit Permutation Based Ciphers

Notes

1.
A detailed description of the bit-sliced GIFT representation can be found in the GIFT-COFB white paper [9].
2.
Note that there is an equally efficient circuit for the key schedule pipeline. An exact breakdown of all the swaps in the state pipeline is given in Appendix A.
3.
The letters S and F in GIFT-COFB-SER-S and GIFT-COFB-SER-F stand for slow and fast respectively.
4.
https://satoh.cs.uec.ac.jp/SAKURA/hardware/SAKURA-G.html.

References

Nist lightweight cryptography project. https://csrc.nist.gov/projects/lightweight-cryptography
Balli, F., Banik, S.: Six shades of AES. In: Buchmann, J., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2019. LNCS, vol. 11627, pp. 311–329. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-23696-0_16
Chapter Google Scholar
Balli, F., Caforio, A., Banik, S.: The area-latency symbiosis: towards improved serial encryption circuits. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021(1), 239–278 (2021). https://doi.org/10.46586/tches.v2021.i1.239-278
Article Google Scholar
Banik, S., Balli, F., Regazzoni, F., Vaudenay, S.: Swap and rotate: lightweight linear layers for spn-based blockciphers. IACR Trans. Symmetric Cryptol. 2020(1), 185–232 (2020). https://doi.org/10.13154/tosc.v2020.i1.185-232
Article Google Scholar
Banik, S., et al.: Sundae-gift v1.0. NIST Lightweight Cryptography Project 1, 157–161 (2019). https://csrc.nist.gov/Projects/lightweight-cryptography/round-2-candidates
Banik, S., Bogdanov, A., Regazzoni, F.: Exploring energy efficiency of lightweight block ciphers. In: Dunkelman, O., Keliher, L. (eds.) SAC 2015. LNCS, vol. 9566, pp. 178–194. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31301-6_10
Chapter Google Scholar
Banik, S., Bogdanov, A., Regazzoni, F.: Atomic-AES: a compact implementation of the AES Encryption/Decryption core. In: Dunkelman, O., Sanadhya, S.K. (eds.) INDOCRYPT 2016. LNCS, vol. 10095, pp. 173–190. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49890-4_10
Chapter Google Scholar
Banik, S., Bogdanov, A., Regazzoni, F.: Compact circuits for combined AES Encryption/Decryption. J. Cryptogr. Eng. 9(1), 69–83 (2017). https://doi.org/10.1007/s13389-017-0176-3
Article Google Scholar
Banik, S., et al.: GIFT-COFB v1.0. NIST lightweight cryptography project (2019). https://csrc.nist.gov/Projects/lightweight-cryptography/round-2-candidates
Banik, S., Pandey, S.K., Peyrin, T., Sasaki, Y., Sim, S.M., Todo, Y.: GIFT: a small present - towards reaching the limit of lightweight encryption. In: Proceedings of Cryptographic Hardware and Embedded Systems - CHES 2017–19th International Conference, Taipei, Taiwan, 25–28 September 2017, pp. 321–345 (2017). https://doi.org/10.1007/978-3-319-66787-4_16
Beierle, C., et al.: The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part II. LNCS, vol. 9815, pp. 123–153. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53008-5_5
Chapter Google Scholar
Beierle, C., et al.: Skinny-aead and skinny-hash. NIST Lightweight Cryptography Project (2019). https://csrc.nist.gov/Projects/lightweight-cryptography/round-2-candidates
Bogdanov, A., et al.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74735-2_31
Chapter Google Scholar
Caforio, A., Collins, D., Banik, S., Regazzoni, F.: A small GIFT-COFB: lightweight Bit-Serial Architectures (Repository) (5). https://github.com/qantik/cofbserial
Chakraborti, A., Iwata, T., Minematsu, K., Nandi, M.: Blockcipher-based authenticated encryption: how small can we go? J. Cryptol. 33(3), 703–741 (2019). https://doi.org/10.1007/s00145-019-09325-z
Article MathSciNet MATH Google Scholar
Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography, Springer, Heidelberg (2002). https://doi.org/10.1007/978-3-662-04722-4
Book MATH Google Scholar
Dhooghe, S., Nikova, S., Rijmen, V.: Threshold implementations in the robust probing model. In: Proceedings of ACM Workshop on Theory of Implementation Security Workshop, pp. 30–37 (2019)
Google Scholar
Iwata, T., Khairallah, M., Minematsu, K., Peyrin, T.: Romulus v1.2. NIST lightweight cryptography project (2019). https://csrc.nist.gov/Projects/ lightweight-cryptography/round-2-candidates
Jati, A., Gupta, N., Chattopadhyay, A., Sanadhya, S.K., Chang, D.: Threshold implementations of GIFT: a trade-off analysis. IEEE Trans. Inf. Forensics Secur. 15, 2110–2120 (2020). https://doi.org/10.1109/TIFS.2019.2957974
Article Google Scholar
Jean, J., Moradi, A., Peyrin, T., Sasdrich, P.: Bit-sliding: a generic technique for bit-serial implementations of spn-based primitives. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 687–707. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66787-4_33
Chapter MATH Google Scholar
Moradi, A., Poschmann, A., Ling, S., Paar, C., Wang, H.: Pushing the limits: a very compact and a threshold implementation of AES. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 69–88. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_6
Chapter Google Scholar
Naito, Y., Matsui M., Sakai, Y., Suzuki, D., Sakiyama, K., Sugawara, T.: SAEAES. NIST Lightweight Cryptography Project (2019). https://csrc.nist.gov/Projects/lightweight-cryptography/round-2-candidates
Nikova, S., Rijmen, V., Schläffer, M.: Secure hardware implementation of nonlinear functions in the presence of glitches. J. Cryptol. 24(2), 292–321 (2010). https://doi.org/10.1007/s00145-010-9085-7
Article MathSciNet MATH Google Scholar
Schneider, T., Moradi, A.: Leakage assessment methodology. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 495–513. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48324-4_25
Chapter Google Scholar

Download references

Acknowledgements

This project is partially supported by the European Union Horizon 2020 research and innovation program under the CPSoSAware project (grant 871738).

Author information

Authors and Affiliations

LASEC, Ecole Polytechnique Fédérale de Lausanne, Lausanne, Switzerland
Andrea Caforio & Daniel Collins
Universita della Svizzera Italiana, Lugano, Switzerland
Subhadeep Banik & Francesco Regazzoni
University of Amsterdam, Amsterdam, The Netherlands
Francesco Regazzoni

Authors

Andrea Caforio
View author publications
You can also search for this author in PubMed Google Scholar
Daniel Collins
View author publications
You can also search for this author in PubMed Google Scholar
Subhadeep Banik
View author publications
You can also search for this author in PubMed Google Scholar
Francesco Regazzoni
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Andrea Caforio .

Editor information

Editors and Affiliations

Radboud University, Nijmegen, The Netherlands
Lejla Batina
Radboud University, Nijmegen, Gelderland, The Netherlands
Joan Daemen

Appendices

A Swap-and-Rotate GIFT-128 State Pipeline

In Table 3, we give the exact placement and activation periods of the nine swaps that implement the swap-and-rotate GIFT-128 permutation $\varPi $ as specified in the work by Banik et al. [3].

Table 3. Swap-and-rotate listing of all swaps and their activation cycles.

Full size table

B ANF Equations of the 3-Share GIFT-128 S-Box

Below we list the exact ANF equations for all component functions of the 3-share first-order threshold implementation of the GIFT S-box as proposed in [19].

$$\begin{aligned} \texttt {S}_{G_1}(a_2, b_2, c_2, d_2, a_3, b_3, c_3, d_3)&= a_3 + b_3 + b_2c_2 + b_2c_3 + b_3c_2, \\&\; c_3 + 1, \\&\; b_3 + a_2c_2 + a_2c_3 + a_3c_2, \\&\; a_3 + b_3 + c_3 + d_3 + a_2b_2 + a_2b_3 + a_3b_2; \\ \texttt {S}_{G_2}(a_1, b_1, c_1, d_1, a_3, b_3, c_3, d_3)&= a_1 + b_1 + b_1c_3 + b_3c_1 + b_3c_3, \\&\; c_1, \\&\; b_1 + a_1c_3 + a_3c_1 + a_3c_3, \\&\; a_1 + b_1 + c_1 + d_1 + a_1b_3 + a_3b_1 + a_3b_3; \\ \texttt {S}_{G_3}(a_1, b_1, c_1, d_1, a_2, b_2, c_2, d_2)&= a_2 + b_2 + b_1c_1 + b_1c_2 + b_2c_1 \\&\; c_2, \\&\; b_2 + a_1c_1 + a_1c_2 + a_2c_1, \\&\; a_2 + b_2 + c_2 + d_2 + a_1b_1 + a_1b_2 + a_2b_1; \\ \texttt {S}_{F_1}(a_2, b_2, c_2, d_2, a_3, b_3, c_3, d_3)&= d_3 + a_2b_2 + a_2b_3 + a_3b_2, \\&\; b_3 + c_3 + d_3 + a_2d_2 + a_2d_3 + a_3d_2 + 1, \\&\; a_3 + b_3, \\&\; a_3 + 1; \\ \texttt {S}_{F_2}(a_1, b_1, c_1, d_1, a_3, b_3, c_3, d_3)&= d_1 + a_1b_3 + a_3b_1 + a_3b_3, \\&\; b_1 + c_1 + d_1 + a_1d_3 + a_3d_1 + a_3d_3, \\&\; a_1 + b_1, \\&\; a_1; \\ \texttt {S}_{F_3}(a_1, b_1, c_1, d_1, a_2, b_2, c_2, d_2)&= d_2 + a_1b_1 + a_1b_2 + a_2b_1, \\&\; b_2 + c_2 + d_2 + a_1d_1 + a_1d_2 + a_2d_1, \\&\; a_2 + b_2, \\&\; a_2. \end{aligned}$$

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Caforio, A., Collins, D., Banik, S., Regazzoni, F. (2022). A Small GIFT-COFB: Lightweight Bit-Serial Architectures. In: Batina, L., Daemen, J. (eds) Progress in Cryptology - AFRICACRYPT 2022. AFRICACRYPT 2022. Lecture Notes in Computer Science, vol 13503. Springer, Cham. https://doi.org/10.1007/978-3-031-17433-9_3

Download citation

DOI: https://doi.org/10.1007/978-3-031-17433-9_3
Published: 06 October 2022
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-17432-2
Online ISBN: 978-3-031-17433-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

A Small GIFT-COFB: Lightweight Bit-Serial Architectures

Abstract

Access this chapter

Subscribe and save

Buy Now