Six Shades of AES
Pages 311 - 329
Abstract
Recently there have been various attempts to construct light weight implementations of the AES-128 encryption and combined encryption/ decryption circuits [2, 13]. However no known lightweight circuit exists for AES-192 and AES-256, the variants of AES that use longer keys. Investing in lightweight implementations of these ciphers is important as we enter the post quantum era in which security is, by a rule of the thumb, scaled down to the square-root of the size of the keyspace. In this paper, we propose a single circuit that is able to offer functionalities of both encryption and decryption for AES-128/192/256. Our circuit operates on an 8-bit datapath and occupies around 3672 GE of area in silicon. We outline the challenges that presented themselves while performing the combinatorial optimization of circuit area and the methods we used to solve them.
References
[1]
NIST Post-Quantum Cryptography Project. Available at https://csrc.nist.gov/Projects/Post-Quantum-Cryptography
[2]
Banik S, Bogdanov A, and Regazzoni F Dunkelman O and Sanadhya SK Atomic-AES: a compact implementation of the aes encryption/decryption core Progress in Cryptology – INDOCRYPT 2016 2016 Cham Springer 173-190
[3]
Banik, S., Bogdanov, A., Regazzoni, F.: Atomic-AES v 2.0. In IACR eprint archive. Available at https://eprint.iacr.org/2016/1005.pdf
[4]
Banik S et al. Iwata T, Cheon JH, et al. Midori: a block cipher for low energy Advances in Cryptology – ASIACRYPT 2015 2015 Heidelberg Springer 411-436
[5]
Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The simon and speck families of lightweight block ciphers. In IACR eprint Archive. Available at https://eprint.iacr.org/2013/404.pdf
[6]
Bogdanov A et al. Paillier P, Verbauwhede I, et al. PRESENT: an ultra-lightweight block cipher Cryptographic Hardware and Embedded Systems - CHES 2007 2007 Heidelberg Springer 450-466
[7]
Borghoff, J., et al.: PRINCE - a low-latency block cipher for pervasive computing applications - extended abstract. In Asiacrypt 2012, LNCS, vol. 7658, pp. 208–225 (2012)
[8]
Canright D Rao JR and Sunar B A very compact S-box for AES Cryptographic Hardware and Embedded Systems – CHES 2005 2005 Heidelberg Springer 441-455
[9]
Daemen J and Rijmen V The Design of Rijndael: AES - The Advanced Encryption Standard 2002 Berlin Springer-Verlag
[10]
Datta, N., Nandi, M.: ELmD v1.0. Submission to the Caesar compedition. Available at https://competitions.cr.yp.to/round1/elmdv10.pdf
[11]
Dworkin, M.: Recommendation for Block Cipher Modes of Operation. NIST Special Publication 800–38A. Available at http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
[12]
Feldhofer M, Wolkerstorfer J, and Rijmen V AES implementation on a grain of sand IEEE Proc. Inf. Secur. 2005 152 1 13-20
[13]
Jean J, Moradi A, Peyrin T, and Sasdrich P Fischer W and Homma N Bit-sliding: a generic technique for bit-serial implementations of spn-based primitives Cryptographic Hardware and Embedded Systems – CHES 2017 2017 Cham Springer 687-707
[14]
Mathew S et al. 340 mV-1.1V, 289 Gbps/W, 2090-gate nanoAES hardware accelerator with area-optimized encrypt/decrypt GF() polynomials in 22 nm tri-gate CMOS IEEE J. Solid-State Circ. 2015 50 1048-1058
[15]
Moradi A, Poschmann A, Ling S, Paar C, and Wang H Paterson KG Pushing the limits: a very compact and a threshold implementation of AES Advances in Cryptology – EUROCRYPT 2011 2011 Heidelberg Springer 69-88
[16]
Satoh A, Morioka S, Takano K, and Munetoh S Boyd C A compact rijndael hardware architecture with S-Box optimization Advances in Cryptology — ASIACRYPT 2001 2001 Heidelberg Springer 239-254
[17]
Shirai Taizo, Shibutani Kyoji, Akishita Toru, Moriai Shiho, and Iwata Tetsu The 128-Bit Blockcipher CLEFIA (Extended Abstract) Fast Software Encryption 2007 Berlin, Heidelberg Springer Berlin Heidelberg 181-195
Recommendations
Weak-Key Distinguishers for AES
Selected Areas in CryptographyAbstractIn this paper, we analyze the security of AES in the case in which the whitening key is a weak key.
After a systematization of the classes of weak-keys of AES, we perform an extensive analysis of weak-key distinguishers (in the single-key setting) ...
The Exchange Attack: How to Distinguish Six Rounds of AES with Chosen Plaintexts
Advances in Cryptology – ASIACRYPT 2019AbstractIn this paper we present exchange-equivalence attacks which is a new cryptanalytic attack technique suitable for SPN-like block cipher designs. Our new technique results in the first secret-key chosen plaintext distinguisher for 6-round AES. The ...
New Insights on AES-Like SPN Ciphers
Proceedings, Part I, of the 36th Annual International Cryptology Conference on Advances in Cryptology --- CRYPTO 2016 - Volume 9814It has been proved in Eurocryptï ź2016 by Sun et al. that if the details of the S-boxes are not exploited, an impossible differential and a zero-correlation linear hull can extend over at most 4 rounds of the AES. This paper concentrates on ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Jul 2019
450 pages
ISBN:978-3-030-23695-3
DOI:10.1007/978-3-030-23696-0
© Springer Nature Switzerland AG 2019.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 09 July 2019
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 14 Jan 2025