30 research outputs found

    Efficient AES implementations for ARM based platforms

    No full text
    The Advanced Encryption Standard (AES) contest, started by the U.S. National Institute of Standards and Technology (NIST), saw the Rijndael algorithm as its winner. Although the AES is fully defined in terms of functionality, it requires best exploitation of architectural parameters in order to reach the optimum performance on specific architectures. Our work concentrates on ARM cores widely used in the embedded industry. Most promising implementation choices for the common ARM Instruction Set Architecture (ISA) are identified, and a new implementation for the linear mixing layer is proposed. The performance improvement over current implementations is demonstrated by a case study on the Intel StrongARM SA-1110 Microprocessor. Further improvements based on exploitation of memory hierarchies are also described, and the corresponding performance figures are presented

    On the generalized linear equivalence of functions over finite fields

    No full text
    In this paper we introduce the concept of generalized linear equivalence between functions defined over finite fields; this can be seen as an extension of the classical criterion of linear equivalence, and it is obtained by means of a particular geometric representation of the functions. After giving the basic definitions, we prove that the known equivalence relations can be seen as particular cases of the proposed generalized relationship and that there exist functions that are generally linearly equivalent but are not such in the classical theory. We also prove that the distributions of values in the Difference Distribution Table (DDT) and in the Linear Approximation Table (LAT) are invariants of the new transformation; this gives us the possibility to find some Almost Perfect Nonlinear (APN) functions that are not linearly equivalent (in the classical sense) to power functions, and to treat them accordingly to the new formulation of the equivalence criterion

    About the performances of the advanced encryption standard in embedded systems with cache memory

    No full text
    Modem networked embedded systems represent a growing market segment in which security is becoming an essential requirement. The Advanced Encryption Standard (AES) specification is becoming the default choice for such type of systems; however, a proper software implementation of AES is of fundamental importance in order to achieve significant performance. Current implementations presented in the literature differ in terms of the amount of look-up tables used for precomputing the functions of the encryption/decryption phase. This raises some questions regarding which AES implementation is optimal for a specific system configuration that, up to now, has been only empirically solved. In this work, we present an analytical model to study and evaluate the performance of the possible AES implementations in the early phases of system development. We then show that the proposed high-level timing model captures, with significant accuracy, the actual performance of current AES applications and thus it can be used for the early evaluation of optimal AES implementations and to support the design space exploration phase. Validating experiments have been carried out on the Lx architecture, a scalable and customizable VLIW architecture developed by STMicroelectronics and HP Labs. Some final considerations are eventually reported about the relevant characteristics of the analyzed implementations and the role of the cache memory

    Efficient software implementation of AES on 32-bit platforms

    No full text
    Rijndael is the winner algorithm of the AES contest; therefore it should become the most used symmetric-key cryptographic algorithm. One important application of this new standard is cryptography on smart cards. In this paper we present an optimisation of the Rijndael algorithm to speed up execution on 32-bits processors with memory constraints, such as those used in smart cards. First a theoretical analysis of the Rijndael algorithm and of the proposed optimisation is discussed, and then simulation results of the optimised algorithm on different processors are presented and compared with other reference implementations, as known from the technical literature

    A complete formulation of generalized affine equivalence

    No full text
    In this paper we present an extension of the generalized linear equivalence relation, proposed in [7]. This mathematical tool can be helpful for the classification of non-linear functions f : F p m → F p n based on their cryptographic properties. It thus can have relevance in the design criteria for substitution boxes (S-boxes), the latter being commonly used to achieve non-linearity in most symmetric key algorithms. First, we introduce a simple but effective representation of the cryptographic properties of S-box functions when the characteristic of the underlying finite field is odd; following this line, we adapt the linear cryptanalysis technique, providing a generalization of Matsui’s lemma. This is done in order to complete the proof of Theorem 2 in [7], also by considering the broader class of generalized affine transformations. We believe that the present work can be a step towards the extension of known cryptanalytic techniques and concepts to finite fields with odd characteristic

    Addendum to “On the Generalized Linear Equivalence of Functions over Finite Fields”

    No full text
    the permutation given in [1] is indeed classically linearly equivalent to a power monomial. More in general, we show that no new class of APN functions can be discovered starting from permutation polynomials of the type used in [1] applied on the APN monomial x 3.

    Addendum to ``On the Generalized Linear Equivalence of Functions over Finite Fields\u27\u27

    No full text
    In this paper we discuss the example of APN permutation introduced in the paper ``On the Generalized Linear Equivalence of Functions over Finite Fields\u27\u27, presented at Asiacrypt 2004. We show that the permutation given there is indeed classically linearly equivalent to a power monomial. More in general, we show that no new class of APN functions can be discovered starting from permutation polynomials of the type used in the paper, and applied on the APN monomial x3x^3

    A Novel Related Nonce Attack for ECDSA

    No full text
    We describe a new related nonce attack able to extract the original signing key from a small collection of ECDSA signatures generated with weak PRNGs. Under suitable conditions on the modulo order of the PRNG, we are able to attack linear, quadratic, cubic as well as arbitrary degree recurrence relations (with unknown coefficients) with few signatures and in negligible time. We also show that for any collection of randomly generated ECDSA nonces, there is one more nonce that can be added following the implicit recurrence relation, and that would allow retrieval of the private key; we exploit this fact to present a novel rogue nonce attack against ECDSA. Up to our knowledge, this is the first known attack exploiting generic and unknown high-degree algebraic relations between nonces that do not require assumptions on the value of single bits or bit sequences (e.g. prefixes and suffixes)
    corecore