The Area-Latency Symbiosis: Towards Improved Serial Encryption Circuits

Balli, Fatih; Caforio, Andrea; Banik, Subhadeep

doi:10.46586/tches.v2021.i1.239-278

Cited by 3 publications

(8 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Swap-and-rotate is a natural progression of the bit-sliding technique with a particular focus on reducing the latency of an encryption round such that the number of required cycles is equal to the bit-length of the internal state. This technique was first successfully demonstrated on PRESENT and GIFT-64 by Banik et al [4] and refined for other block ciphers in a follow-up work [3]. The core idea behind the technique lies in the reliance on a small number of flip-flop pairs that swap two bits in-place at specific points in time during the round function computation while the state bits are rotating through the register pipeline one position per clock cycle.…”

Section: Swap-and-rotate Methodologymentioning

confidence: 99%

“…This fact was then exploited in [3] to compute each sub-permutation while the corresponding bits are advancing through FF i for 96 ≤ i ≤ 127. More specifically, the plaintext is loaded into FF 0 throughout cycles 0-127.…”

Section: Swap-and-rotate Methodologymentioning

confidence: 99%

“…Unlike the bit-serial AEAD implementations proposed in [3], GIFT-COFB involves finite field arithmetic for which there is no straightforward mapping into a bit-serial setting that is both circuit area and latency efficient. In this paper, we fill this gap by proposing three bit-serial circuits that stand as the to-date most area-efficient GIFT-COFB implementations known in the literature.…”

Section: Contributionsmentioning

confidence: 99%

“…The circuit for PRESENT was further compacted in [4] with a technique that made it possible to execute one round in exactly 64 clock cycles which is equal to the block size. This endeavour of computing a round function in the same number cycles as there are bits in the internal state was successfully extended to other ciphers including AES-128, SKINNY and GIFT-128 [3]. This was achieved by not treating the round as a monolithic entity by deferring some operations to the time allotted to operations of the next round.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

A Small GIFT-COFB: Lightweight Bit-Serial Architectures

Caforio

Collins

Banik

et al. 2022

Progress in Cryptology - AFRICACRYPT 2022

Self Cite

View full text Add to dashboard Cite

GIFT-COFB is a lightweight AEAD scheme and a submission to the ongoing NIST lightweight cryptography standardization process where it currently competes as a finalist. The construction processes 128-bit blocks with a key and nonce of the same size and has a small register footprint, only requiring a single additional 64-bit register. Besides the block cipher, the mode of operation uses a bit permutation and finite field multiplication with different constants. It is a well-known fact that implementing a hardware block cipher in a bit-serial manner, which advances only one bit in the computation pipeline in each clock cycle, results in the smallest circuits. Nevertheless, an efficient bit-serial circuit for a mode of operation that utilizes finite field arithmetic with multiple constants has yet to be demonstrated in the literature. In this paper, we fill this gap regarding efficient field arithmetic in bitserial circuits, and propose a lightweight circuit for GIFT-COFB that occupies less than 1500 GE, making it the to-date most area-efficient implementation of this construction. In a second step, we demonstrate how the additional operations in the mode can be executed concurrently with GIFT itself so that the total latency is significantly reduced whilst incurring only a modest area increase. Finally, we propose a first-order threshold implementation of GIFT-COFB, which we experimentally verify resists first-order side-channel analysis. (For the sake of reproducibility, the source code for all proposed designs is publicly available [14].

show abstract

Section: Swap-and-rotate Methodologymentioning

confidence: 99%

Section: Swap-and-rotate Methodologymentioning

confidence: 99%

Section: Contributionsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Small GIFT-COFB: Lightweight Bit-Serial Architectures

Caforio

Collins

Banik

et al. 2022

Progress in Cryptology - AFRICACRYPT 2022

Self Cite

View full text Add to dashboard Cite

show abstract

“…There are numerous hardware implementations of AES presented in literature: from fully unrolled which performs encryption in one clock cycle, to round based which takes 10 clock cycles per encryption to various serialized circuits which although smaller in hardware size, utilize much more clock cycles for the same purpose. We choose the byte-serial AES implementation presented in [BCB20] which takes around 176 clock cycles to encrypt one plaintext and so when used in counter mode, this circuit can encrypt 128 bits every 176 clock cycles (this is better than the 216/246 cycle implementations of [BBR16,BBR19]). This is close to the 1 bit/cycle implementations of the other stream ciphers we have listed in Table 3.…”

Section: Hardware Evaluationmentioning

confidence: 99%

Atom: A Stream Cipher with Double Key Filter

Banik

Caforio

Isobe

et al. 2021

ToSC

Self Cite

View full text Add to dashboard Cite

It has been common knowledge that for a stream cipher to be secure against generic TMD tradeoff attacks, the size of its internal state in bits needs to be at least twice the size of the length of its secret key. In FSE 2015, Armknecht and Mikhalev however proposed the stream cipher Sprout with a Grain-like architecture, whose internal state was equal in size with its secret key and yet resistant against TMD attacks. Although Sprout had other weaknesses, it germinated a sequence of stream cipher designs like Lizard and Plantlet with short internal states. Both these designs have had cryptanalytic results reported against them. In this paper, we propose the stream cipher Atom that has an internal state of 159 bits and offers a security of 128 bits. Atom uses two key filters simultaneously to thwart certain cryptanalytic attacks that have been recently reported against keystream generators. In addition, we found that our design is one of the smallest stream ciphers that offers this security level, and we prove in this paper that Atom resists all the attacks that have been proposed against stream ciphers so far in literature. On the face of it, Atom also builds on the basic structure of the Grain family of stream ciphers. However, we try to prove that by including the additional key filter in the architecture of Atom we can make it immune to all cryptanalytic advances proposed against stream ciphers in recent cryptographic literature.

show abstract

Optimized SM4 Hardware Implementations for Low Area Consumption

Zhang,

Xiang,

Zhang

et al. 2024

IET Information Security

View full text Add to dashboard Cite

The SM4 block cipher is standardized in ISO/IEC, and it is also the national standard of commercial cryptography in China. In this paper, we propose two new techniques called “split‐and‐join” and “off‐peak and stagger” to make SM4 more applicable to resource‐constrained environments. The area optimization method uses a 1‐bit data path while reducing the number of registers from 64 to 8 and the number of XOR gates from 194 to 8. As a result, we report a 1‐bit‐serial SM4 encryption circuit that occupies 1771 GE with a latency of 2,336 cycles. Additionally, the “off‐peak and stagger” technique compresses all the operations within the state update and key schedule into 32 clock cycles to reduce the latency. In other words, it takes 32 clock cycles to complete one round encryption. The new circuit occupies 1861 GE with a latency of 1,344 cycles. Moreover, we also discuss how to further reduce the latency by increasing the data path with a small area overhead to provide wider area‐latency tradeoffs for SM4. Our designs make SM4 competitive with many ciphers specifically designed for lightweight cryptography.

show abstract

The Area-Latency Symbiosis: Towards Improved Serial Encryption Circuits

Cited by 3 publications

References 5 publications

A Small GIFT-COFB: Lightweight Bit-Serial Architectures

A Small GIFT-COFB: Lightweight Bit-Serial Architectures

Atom: A Stream Cipher with Double Key Filter

Optimized SM4 Hardware Implementations for Low Area Consumption

Contact Info

Product

Resources

About