Fixslicing AES-like Ciphers

Adomnicai, Alexandre; Peyrin, Thomas

doi:10.46586/tches.v2021.i1.402-425

Cited by 20 publications

(17 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Expands the 16 byte public seed to the matrices P (1) = {P (1) i } i∈ [m] and P (2) = {P (2) i } i∈ [m] . We first sample the P (1) matrices, and then the P (2) matrices. The m matrices are expanded in an interleaved fashion, in column-major order.…”

Section: Symmetric Primitivesmentioning

confidence: 99%

See 1 more Smart Citation

Oil and Vinegar: Modern Parameters and Implementations

Beullens

Chen

Hung

et al. 2023

TCHES

View full text Add to dashboard Cite

Two multivariate digital signature schemes, Rainbow and GeMSS, made it into the third round of the NIST PQC competition. However, neither made its way to being a standard due to devastating attacks (in one case by Beullens, the other by Tao, Petzoldt, and Ding). How should multivariate cryptography recover from this blow? We propose that, rather than trying to fix Rainbow and HFEv- by introducing countermeasures, the better approach is to return to the classical Oil and Vinegar scheme. We show that, if parametrized appropriately, Oil and Vinegar still provides competitive performance compared to the new NIST standards by most measures (except for key size). At NIST security level 1, this results in either 128-byte signatures with 44 kB public keys or 96-byte signatures with 67 kB public keys. We revamp the state-of-the-art of Oil and Vinegar implementations for the Intel/AMD AVX2, the Arm Cortex-M4 microprocessor, the Xilinx Artix-7 FPGA, and the Armv8-A microarchitecture with the Neon vector instructions set.

show abstract

Section: Symmetric Primitivesmentioning

confidence: 99%

“…)O + P (2) i . The S i matrices are relatively expensive to compute, but they are independent of the message we are signing, so we choose to compute them only once during key generation, and store them as part of the secret key.…”

mentioning

confidence: 99%

Oil and Vinegar: Modern Parameters and Implementations

Beullens

Chen

Hung

et al. 2023

TCHES

View full text Add to dashboard Cite

show abstract

“…Remarks. The bitsliced implementations shown above can be significantly improved by, e.g., using the more advanced fixslicing method [AP21]. But, to the best of our knowledge, state-of-the-art higher-order masked implementations of AES are based on the above strategies, and thus we choose them as well for fair comparisons.…”

Section: Skinnymentioning

confidence: 99%

Efficient Private Circuits with Precomputation

Wang

Zhang

et al. 2023

TCHES

View full text Add to dashboard Cite

At CHES 2022, Wang et al. described a new paradigm for masked implementations using private circuits, where most intermediates can be precomputed before the input shares are accessed, significantly accelerating the online execution of masked functions. However, the masking scheme they proposed mainly featured (and was designed for) the cost amortization, leaving its (limited) suitability in the above precomputation-based paradigm just as a bonus. This paper aims to provide an efficient, reliable, easy-to-use, and precomputation-compatible masking scheme. We propose a new masked multiplication over the finite field Fq suitable for the precomputation, and prove its security in the composable notion called Probing-Isolating Non-Inference (PINI). Particularly, the operations (e.g., AND and XOR) in the binary field can be achieved by assigning q = 2, allowing the bitsliced implementation that has been shown to be quite efficient for the software implementations. The new masking scheme is applied to leverage the masking of AES and SKINNY block ciphers on ARM Cortex M architecture. The performance results show that the new scheme contributes to a significant speed-up compared with the state-of-the-art implementations. For SKINNY with block size 64, the speed and RAM requirement can be significantly improved (saving around 45% cycles in the online-computation and 60% RAM space for precomputed values) from AES-128, thanks to its smaller number of AND gates. Besides the security proof by hand, we provide formal verifications for the multiplication and T-test evaluations for the masked implementations of AES and SKINNY. Because of the structure of the new masked multiplication, our formal verification can be performed for security orders up to 16.

show abstract

“…We are able to use this representation because most AVX2 instructions are strict with the operations crossing lanes freely but can manipulate quadword (64-bit) or doubleword (32-bit) values as individual processing units. The arrangement of one bundle is similar to the barrel shifter design [22] enabling efficient circular rotations with SHUFFLE instruction instead of SHIFT instruction.…”

Section: 1mentioning

confidence: 99%

Bit-Sliced Implementation of SM4 and New Performance Records

Miao,

Li,

Guo

et al. 2023

IET Information Security

View full text Add to dashboard Cite

SM4 is a popular block cipher issued by the Office of State Commercial Cryptography Administration (OSCCA) of China. In this paper, we use the bit-slicing technique that has been shown as a powerful strategy to achieve very fast software implementations of SM4. We investigate optimizations on two frontiers. First, we present a more efficient bit-sliced representation for SM4, which enables running 64 blocks in parallel with 256-bit registers. Second, we describe an optimized algorithm for data form transformations, also allowing efficient implementations of SM4 under Counter (CTR) mode and Galois/Counter mode. The above optimizations contribute to a significant performance gain on one core compared with the state-of-the-art results. This work is an extension of the conference paper at Inscrypt 2022, awarded the best paper award.

show abstract

Fixslicing AES-like Ciphers

Cited by 20 publications

References 13 publications

Oil and Vinegar: Modern Parameters and Implementations

Oil and Vinegar: Modern Parameters and Implementations

Efficient Private Circuits with Precomputation

Bit-Sliced Implementation of SM4 and New Performance Records

Contact Info

Product

Resources

About