FOAM: Searching for Hardware-Optimal SPN Structures and Components with a Fair Comparison

Khoo, Khoongming; Peyrin, Thomas; Pöschmann, Axel; Yap, Huihui

doi:10.1007/978-3-662-44709-3_24

Cited by 55 publications

(55 citation statements)

References 22 publications

(34 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While area-optimized implementations are important for some very constrained applications, throughput or throughput-over-area optimized implementations are also very relevant. Actually, looking at recently introduced efficiency measurements (the FOAM value -Figure Of Adversarial Merit [KPPY14]), one can see that our design choices are good for many types of implementations, which is exactly what makes a good general-purpose lightweight encryption scheme.…”

Section: Featuresmentioning

confidence: 85%

SKINNY-AEAD and SKINNY-Hash

Beierle

Jean

Kölbl³

et al. 2020

ToSC

Self Cite

View full text Add to dashboard Cite

We present the family of authenticated encryption schemes SKINNY-AEAD and the family of hashing schemes SKINNY-Hash. All of the schemes employ a member of the SKINNY family of tweakable block ciphers, which was presented at CRYPTO 2016, as the underlying primitive. In particular, for authenticated encryption, we show how to instantiate members of SKINNY in the Deoxys-I-like ΘCB3 framework to fulfill the submission requirements of the NIST lightweight cryptography standardization process. For hashing, we use SKINNY to build a function with larger internal state and employ it in a sponge construction. To highlight the extensive amount of third-party analysis that SKINNY obtained since its publication, we briefly survey the existing cryptanalysis results for SKINNY-128-256 and SKINNY-128-384 as of February 2020. In the last part of the paper, we provide a variety of ASIC implementations of our schemes and propose new simple SKINNY-AEAD and SKINNY-Hash variants with a reduced number of rounds while maintaining a very comfortable security margin. https://csrc.nist.gov/Projects/Lightweight-Cryptography

show abstract

Section: Featuresmentioning

confidence: 85%

SKINNY-AEAD and SKINNY-Hash

Beierle

Jean

Kölbl³

et al. 2020

ToSC

Self Cite

View full text Add to dashboard Cite

show abstract

“…As an example, one can generate a 32 × 32 involutory binary matrix with a branch number of 12 by using the following 4 × 4 generator matrix

g = (\begin{array}{l} 0 & 0 & 0 & 1 \\ 0 & 0 & 1 & 1 \\ 0 & 1 & 1 & 0 \\ 1 & 1 & 0 & 1 \end{array})

and the MDS matrix

M_{5} = had ((), g, g^{12}, g^{6}, g^{8}, g^{9}, g^{2}, g^{3}, g^{4}) = M_{5}^{T}

over

{double-struckF}_{2^{4}}

defined by the primitive polynomial x 4 + x + 1. Remark M 5 is the same 8 × 8 involutory MDS matrix over

{double-struckF}_{2^{4}}

given in .…”

Section: Proposed Methods For Generating Binary Diffusion Layersmentioning

confidence: 99%

Generating binary diffusion layers with maximum/high branch numbers and low search complexity

Akleylek

Sakallı

Öztürk

et al. 2016

Security Comm. Networks

View full text Add to dashboard Cite

In this paper, we propose a new method to generate n × n binary matrices (for n = k·2t where k and t are positive integers) with a maximum/high of branch numbers and a minimum number of fixed points by using 2t×2t Hadamard (almost) maximum distance separable matrices and k × k cyclic binary matrix groups. By using the proposed method, we generate n × n (for n = 6, 8, 12, 16, and 32) binary matrices with a maximum of branch numbers, which are efficient in software implementations. The proposed method is also applicable with m × m circulant matrices to generate n × n(for n = k·m) binary matrices with a maximum/high of branch numbers. For this case, some examples for 16 × 16, 48 × 48, and 64 × 64 binary matrices with branch numbers of 8, 15, and 18, respectively, are presented. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

“…The delay is reduced to (N-1) multiple to (log 2 N) is significant improvement in performance over RCA. t ripple = tpg + ( N-1) t AO + txor (1) t ksa = tpg + ( log 2 N) t AO + txor (2) B. Proposed Architecture Application of above structure for Interleaved and Montgomery Multiplier is presented in this sub-section.…”

Section: A Kogge-stone Addermentioning

confidence: 99%

“…Modular multiplication is the most frequently used operation in these cryptographic applications which requires high area and power. Performance of cryptographic applications are decided by Area-Time complexity [1][2][3]. As a result, an efficient implementation becomes critical.…”

Section: Introductionmentioning

confidence: 99%

Fast modular multiplication using parallel prefix adder

Zode

Deshmukh

2014

2014 2nd International Conference on Emerging Technology Trends in Electronics, Communication and Networking

View full text Add to dashboard Cite

Public key cryptography applications involve use of large integer arithmetic operations which are compute intensive in term of power, delay and area. Modular multiplication, which is frequently used most resource hungry block. Generally, last stage of modular multiplication is implemented by using carry propagate adder whose long carry chain takes more time. In this paper, FPGA based Modulo multiplication architectures using Carry Save and Kogge-Stone parallel prefix adder are presented to reduce this problem. Proposed implementations are faster as compared to conventional carry save adder and carry propagate adder implementations.

show abstract

FOAM: Searching for Hardware-Optimal SPN Structures and Components with a Fair Comparison

Cited by 55 publications

References 22 publications

SKINNY-AEAD and SKINNY-Hash

SKINNY-AEAD and SKINNY-Hash

Generating binary diffusion layers with maximum/high branch numbers and low search complexity

Fast modular multiplication using parallel prefix adder

Contact Info

Product

Resources

About