Swap and Rotate: Lightweight Linear Layers for SPN-based Blockciphers

Banik, Subhadeep; Balli, Fatih; Regazzoni, Francesco; Vaudenay, Serge

doi:10.46586/tosc.v2020.i1.185-232

Cited by 3 publications

(4 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Depending on the AES variant, let r denote the number of rounds, l denote the number of key derivation rounds, and b denote the number of bytes of the initial key. Thus, each AES variant (or member) is associated with a tuple (r, l, b) with values (10,10,16), (12,8,24) and (14,7,32) for AES-128, AES-192 and AES-256, respectively. We use d 0 , d 1 , .…”

Section: Notation and Aes Overviewmentioning

confidence: 99%

“…One can add many such swap operations to the pipeline. This idea was introduced by Banik et al [16], and we extend the use of Swaps particularly for all AES versions to perform ShiftRows operation and column rotation required during the key expansion. -Overwriting is an operation primitive that allows to load a different result to a set of registers during a particular cycle.…”

Section: Primal Pipeline Operationsmentioning

confidence: 99%

“…During clock cycles count key ∈ [0, 7], we use the swap-32 to temporarily relocate the byte k 96:103 into FF 248:255 so that S-box can get its input from FF 248:255 . This repositioning is reverted at clock cycle count key ∈ [16,23] using yet another swap-32. Both swaps are represented in Fig.…”

Section: Aes-128 Encryptionmentioning

confidence: 99%

See 2 more Smart Citations

Six shades lighter: a bit-serial implementation of the AES family

2021

Self Cite

View full text Add to dashboard Cite

Recently, cryptographic literature has seen new block cipher designs such as , or that aim to be more lightweight than the current standard, i.e., . Even though family of block ciphers were designed two decades ago, they still remain as the de facto encryption standard, with being the most widely deployed variant. In this work, we revisit the combined one-in-all implementation of the family, namely both encryption and decryption of each as a single ASIC circuit. A preliminary version appeared in Africacrypt 2019 by Balli and Banik, where the authors design a byte-serial circuit with such functionality. We improve on their work by reducing the size of the compact circuit to 2268 GE through 1-bit-serial implementation, which achieves 38% reduction in area. We also report stand-alone bit-serial versions of the circuit, targeting only a subset of modes and versions, e.g., and . Our results imply that, in terms of area, and can easily compete with the larger members of recently designed family, e.g., , . Thus, our implementations can be used interchangeably inside authenticated encryption candidates such as , or in place of .

show abstract

Section: Notation and Aes Overviewmentioning

confidence: 99%

Section: Primal Pipeline Operationsmentioning

confidence: 99%

See 1 more Smart Citation

Six shades lighter: a bit-serial implementation of the AES family

2021

Self Cite

View full text Add to dashboard Cite

show abstract

“…This justifies why the literature has seen a large number of new block ciphers such as PRESENT [BKL + 07], KATAN [CDK09], SIMON [BSS + 13], SKINNY [BJK + 16], and GIFT [BPP + 17], to name only a few. There are even some attempts to discover new techniques to improve lightweightness of these new block ciphers [JMPS17,BBRV19]. As block ciphers alone are not ready-to-use primitives but rather need to be wrapped in a mode of operation, a group of candidates in NIST LWC utilize these lightweight block ciphers to attain an authenticated encryption (AE) primitive, i.e.…”

Section: Introductionmentioning

confidence: 99%

Energy Analysis of Lightweight AEAD Circuits

Caforio

Balli

Banik

2020

Cryptology and Network Security

Self Cite

View full text Add to dashboard Cite

Optimized SM4 Hardware Implementations for Low Area Consumption

Zhang,

Xiang,

Zhang

et al. 2024

IET Information Security

View full text Add to dashboard Cite

The SM4 block cipher is standardized in ISO/IEC, and it is also the national standard of commercial cryptography in China. In this paper, we propose two new techniques called “split‐and‐join” and “off‐peak and stagger” to make SM4 more applicable to resource‐constrained environments. The area optimization method uses a 1‐bit data path while reducing the number of registers from 64 to 8 and the number of XOR gates from 194 to 8. As a result, we report a 1‐bit‐serial SM4 encryption circuit that occupies 1771 GE with a latency of 2,336 cycles. Additionally, the “off‐peak and stagger” technique compresses all the operations within the state update and key schedule into 32 clock cycles to reduce the latency. In other words, it takes 32 clock cycles to complete one round encryption. The new circuit occupies 1861 GE with a latency of 1,344 cycles. Moreover, we also discuss how to further reduce the latency by increasing the data path with a small area overhead to provide wider area‐latency tradeoffs for SM4. Our designs make SM4 competitive with many ciphers specifically designed for lightweight cryptography.

show abstract

Swap and Rotate: Lightweight Linear Layers for SPN-based Blockciphers

Cited by 3 publications

References 8 publications

Six shades lighter: a bit-serial implementation of the AES family

Six shades lighter: a bit-serial implementation of the AES family

Energy Analysis of Lightweight AEAD Circuits

Optimized SM4 Hardware Implementations for Low Area Consumption

Contact Info

Product

Resources

About