Midori: A Block Cipher for Low Energy

ESTATE: A Lightweight and Low Energy Authenticated Encryption Mode

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2020.is1.350-389 ◽

2020 ◽

pp. 350-389

Author(s):

Avik Chakraborti ◽

Nilanjan Datta ◽

Ashwin Jha ◽

Cuauhtemoc Mancillas-López ◽

Mridul Nandi ◽

...

Keyword(s):

Block Cipher ◽

Primitive Element ◽

Low Energy ◽

Authenticated Encryption ◽

Area Efficiency ◽

Starting State ◽

Encryption Schemes ◽

Implementation Costs ◽

Additional Circuitry ◽

Short Messages

NIST has recently initiated a standardization project for efficient lightweight authenticated encryption schemes. SUNDAE, a candidate in this project, achieves optimal state size which results in low circuit overhead on top of the underlying block cipher. In addition, SUNDAE provides security in nonce-misuse scenario as well. However, in addition to the block cipher circuit, SUNDAE also requires some additional circuitry for multiplication by a primitive element. Further, it requires an additional block cipher invocation to create the starting state. In this paper, we propose a new lightweight and low energy authenticated encryption family, called ESTATE, that significantly improves the design of SUNDAE in terms of implementation costs (both hardware area and energy) and efficient processing of short messages. In particular, ESTATE does not require an additional multiplication circuit, and it reduces the number of block cipher calls by one. Moreover, it provides integrity security even under the release of unverified plaintext (or RUP) model. ESTATE is based on short-tweak tweakable block ciphers (or tBC, small ’t’ denotes short tweaks) and we instantiate it with two recently designed tBCs: TweAES and TweGIFT. We also propose a low latency variant of ESTATE, called sESTATE, that uses a round-reduced (6 rounds) variant of TweAES called TweAES-6. We provide comprehensive FPGA based hardware implementation for all the three instances. The implementation results depict that ESTATE_TweGIFT-128 (681 LUTs, 263 slices) consumes much lesser area as compared to SUNDAE_GIFT-128 (931 LUTs, 310 slices). When we moved to the AES variants, along with the area-efficiency (ESTATE_TweAES consumes 1901 LUTs, 602 slices while SUNDAE_AES-128 needs 1922 LUTs, 614 slices), we also achieve higher throughput for short messages (For 16-byte message, a throughput of 1251.10 and 945.36 Mbps for ESTATE_TweAES and SUNDAE_AES-128 respectively).

Download Full-text

Meet-in-the-Middle Attacks on Reduced-Round Midori64

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2017.i1.215-239 ◽

2017 ◽

pp. 215-239

Author(s):

Li Lin ◽

Wenling Wu

Keyword(s):

Energy Consumption ◽

Lower Bound ◽

Block Cipher ◽

The State ◽

Low Energy ◽

Key Recovery ◽

Low Energy Consumption ◽

Lightweight Block Cipher ◽

Key Recovery Attacks

Midori is a lightweight block cipher designed by Banik et al. at ASIACRYPT 2015 to achieve low energy consumption. One version of Midori uses a 64-bit state, another uses a 128-bit state and we denote these versions Midori64 and Midori128. Each of these versions uses a 128-bit key. In this paper, we focus on the key-recovery attacks on reduced-round Midori64 with meet-in-the-middle method. We use the differential enumeration, key-bridging and key-dependent sieve techniques which are popular to analyze AES to attack Midori64. Using key-bridging and key-dependent sieve techniques directly to achieve the complexity lower bound is almost impossible, we give the model on how to achieve the complexity lower bound using these techniques. We also propose the state-bridge technique to use some key relations that are quite complicated and divided by some rounds. With a 6-round distinguisher, we achieve a 10-round attack. After that, by adding one round at the end, we get an 11-round attack. Finally, with a 7-round distinguisher, we get an attack on 12-round Midori64. To the best of our knowledge, these are recently the best attacks on Midori64 in the single-key setting.

Download Full-text

Fault Diagnosis Schemes for Low-Energy Block Cipher Midori Benchmarked on FPGA

IEEE Transactions on Very Large Scale Integration (VLSI) Systems ◽

10.1109/tvlsi.2016.2633412 ◽

2017 ◽

Vol 25 (4) ◽

pp. 1528-1536 ◽

Cited By ~ 5

Author(s):

Anita Aghaie ◽

Mehran Mozaffari Kermani ◽

Reza Azarderakhsh

Keyword(s):

Fault Diagnosis ◽

Block Cipher ◽

Low Energy

Download Full-text

Dissociated Σ=27 boundaries in silicon

Proceedings, annual meeting, Electron Microscopy Society of America ◽

10.1017/s0424820100105187 ◽

1988 ◽

Vol 46 ◽

pp. 624-625

Author(s):

A. Garg ◽

W.A.T. Clark ◽

J.P. Hirth

Keyword(s):

Electron Diffraction ◽

Local Minimum ◽

Boundary Energy ◽

Coincidence Site Lattice ◽

Boundary Plane ◽

Low Energy ◽

Theoretical Understanding ◽

Site Lattice ◽

Kikuchi Pattern ◽

Analysis Techniques

In the last twenty years, a significant amount of work has been done in the theoretical understanding of grain boundaries. The various proposed grain boundary models suggest the existence of coincidence site lattice (CSL) boundaries at specific misorientations where a periodic structure representing a local minimum of energy exists between the two crystals. In general, the boundary energy depends not only upon the density of CSL sites but also upon the boundary plane, so that different facets of the same boundary have different energy. Here we describe TEM observations of the dissociation of a Σ=27 boundary in silicon in order to reduce its surface energy and attain a low energy configuration.The boundary was identified as near CSL Σ=27 {255} having a misorientation of (38.7±0.2)°/[011] by standard Kikuchi pattern, electron diffraction and trace analysis techniques. Although the boundary appeared planar, in the TEM it was found to be dissociated in some regions into a Σ=3 {111} and a Σ=9 {122} boundary, as shown in Fig. 1.

Download Full-text

Transfer optics for high spatial resolution electron spectroscopy

Proceedings, annual meeting, Electron Microscopy Society of America ◽

10.1017/s0424820100105394 ◽

1988 ◽

Vol 46 ◽

pp. 666-667

Author(s):

G. G. Hembree ◽

Luo Chuan Hong ◽

P.A. Bennett ◽

J.A. Venables

Keyword(s):

Magnetic Field ◽

Scanning Transmission Electron Microscope ◽

Low Energy ◽

Objective Lens ◽

State University ◽

Arizona State University ◽

Initial Field ◽

Resolution Electron ◽

Scanning Transmission ◽

Low Energy Electrons

A new field emission scanning transmission electron microscope has been constructed for the NSF HREM facility at Arizona State University. The microscope is to be used for studies of surfaces, and incorporates several surface-related features, including provision for analysis of secondary and Auger electrons; these electrons are collected through the objective lens from either side of the sample, using the parallelizing action of the magnetic field. This collimates all the low energy electrons, which spiral in the high magnetic field. Given an initial field Bi∼1T, and a final (parallelizing) field Bf∼0.01T, all electrons emerge into a cone of semi-angle θf≤6°. The main practical problem in the way of using this well collimated beam of low energy (0-2keV) electrons is that it is travelling along the path of the (100keV) probing electron beam. To collect and analyze them, they must be deflected off the beam path with minimal effect on the probe position.

Download Full-text

Performance Evaluation of a Novel Type of Low-Energy Electron Microscope

Proceedings, annual meeting, Electron Microscopy Society of America ◽

10.1017/s0424820100180525 ◽

1990 ◽

Vol 48 (1) ◽

pp. 354-355

Author(s):

Bertholdand Senftinger ◽

Helmut Liebl

Keyword(s):

Electron Microscope ◽

High Resolution ◽

Field Strength ◽

Numerical Aperture ◽

Low Energy ◽

Energy Electron ◽

High Resolution Imaging ◽

Lens System ◽

Resolution Imaging ◽

Low Energy Electron

During the last few years the investigation of clean and adsorbate-covered solid surfaces as well as thin-film growth and molecular dynamics have given rise to a constant demand for high-resolution imaging microscopy with reflected and diffracted low energy electrons as well as photo-electrons. A recent successful implementation of a UHV low-energy electron microscope by Bauer and Telieps encouraged us to construct such a low energy electron microscope (LEEM) for high-resolution imaging incorporating several novel design features, which is described more detailed elsewhere.The constraint of high field strength at the surface required to keep the aberrations caused by the accelerating field small and high UV photon intensity to get an improved signal-to-noise ratio for photoemission led to the design of a tetrode emission lens system capable of also focusing the UV light at the surface through an integrated Schwarzschild-type objective. Fig. 1 shows an axial section of the emission lens in the LEEM with sample (28) and part of the sample holder (29). The integrated mirror objective (50a, 50b) is used for visual in situ microscopic observation of the sample as well as for UV illumination. The electron optical components and the sample with accelerating field followed by an einzel lens form a tetrode system. In order to keep the field strength high, the sample is separated from the first element of the einzel lens by only 1.6 mm. With a numerical aperture of 0.5 for the Schwarzschild objective the orifice in the first element of the einzel lens has to be about 3.0 mm in diameter. Considering the much smaller distance to the sample one can expect intense distortions of the accelerating field in front of the sample. Because the achievable lateral resolution depends mainly on the quality of the first imaging step, careful investigation of the aberrations caused by the emission lens system had to be done in order to avoid sacrificing high lateral resolution for larger numerical aperture.

Download Full-text