Lightweight and Side-channel Secure 4 × 4 S-Boxes from Cellular Automata Rules

This work focuses on side-channel resilient design strategies for symmetrickey cryptographic primitives targeting lightweight applications. In light of NIST’s lightweight cryptography project, design choices for block ciphers must consider not only security against traditional cryptanalysis, but also side-channel security, while adhering to low area and power requirements. In this paper, we explore design strategies for substitution-permutation network (SPN)-based block ciphers that make them amenable to low-cost threshold implementations (TI) - a provably secure strategy against side-channel attacks. The core building blocks for our strategy are cryptographically optimal 4×4 S-Boxes, implemented via repeated iterations of simple cellular automata (CA) rules. We present highly optimized TI circuits for such S-Boxes, that consume nearly 40% less area and power as compared to popular lightweight S-Boxes such as PRESENT and GIFT. We validate our claims via implementation results on ASIC using 180nm technology. We also present a comparison of TI circuits for two popular lightweight linear diffusion layer choices - bit permutations and MixColumns using almost-maximum-distance-separable (almost-MDS) matrices. We finally illustrate design paradigms that combine the aforementioned TI circuits for S-Boxes and diffusion layers to obtain fully side-channel secure SPN block cipher implementations with low area and power requirements.

Download Full-text

Lightweight Iterative MDS Matrices: How Small Can We Go?

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2019.i4.147-170 ◽

2020 ◽

pp. 147-170

Author(s):

Shun Li ◽

Siwei Sun ◽

Danping Shi ◽

Chaoyun Li ◽

Lei Hu

Keyword(s):

Lower Bound ◽

Design Space ◽

Low Cost ◽

Optimal Solution ◽

Building Blocks ◽

Block Matrix ◽

Diffusion Layers ◽

Binary Matrices ◽

Symmetric Key ◽

Iterative Construction

As perfect building blocks for the diffusion layers of many symmetric-key primitives, the construction of MDS matrices with lightweight circuits has received much attention from the symmetric-key community. One promising way of realizing low-cost MDS matrices is based on the iterative construction: a low-cost matrix becomes MDS after rising it to a certain power. To be more specific, if At is MDS, then one can implement A instead of At to achieve the MDS property at the expense of an increased latency with t clock cycles. In this work, we identify the exact lower bound of the number of nonzero blocks for a 4 × 4 block matrix to be potentially iterative-MDS. Subsequently, we show that the theoretically lightest 4 × 4 iterative MDS block matrix (whose entries or blocks are 4 × 4 binary matrices) with minimal nonzero blocks costs at least 3 XOR gates, and a concrete example achieving the 3-XOR bound is provided. Moreover, we prove that there is no hope for previous constructions (GFS, LFS, DSI, and spares DSI) to beat this bound. Since the circuit latency is another important factor, we also consider the lower bound of the number of iterations for certain iterative MDS matrices. Guided by these bounds and based on the ideas employed to identify them, we explore the design space of lightweight iterative MDS matrices with other dimensions and report on improved results. Whenever we are unable to find better results, we try to determine the bound of the optimal solution. As a result, the optimality of some previous results is proved.

Download Full-text

Lightweight Diffusion Layer: Importance of Toeplitz Matrices

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2016.i1.95-113 ◽

2016 ◽

pp. 95-113 ◽

Cited By ~ 5

Author(s):

Sumanta Sarkar ◽

Habeeb Syed

Keyword(s):

Lower Bound ◽

Diffusion Layer ◽

Hardware Implementation ◽

Toeplitz Matrices ◽

Building Blocks ◽

Block Ciphers ◽

Implementation Cost ◽

Mds Matrix ◽

Minimum Value ◽

Diffusion Layers

MDS matrices are used as building blocks of diffusion layers in block ciphers, and XOR count is a metric that estimates the hardware implementation cost. In this paper we report the minimum value of XOR counts of 4 × 4 MDS matrices over F24 and F28 , respectively. We give theoretical constructions of Toeplitz MDS matrices and show that they achieve the minimum XOR count. We also prove that Toeplitz matrices cannot be both MDS and involutory. Further we give theoretical constructions of 4 × 4 involutory MDS matrices over F24 and F28 that have the best known XOR counts so far: for F24 our construction gives an involutory MDS matrix that actually improves the existing lower bound of XOR count, whereas for F28 , it meets the known lower bound.

Download Full-text

On the design strategies of diffusion layers and key schedule in lightweight block ciphers

2017 International Conference on Computer Science and Engineering (UBMK) ◽

10.1109/ubmk.2017.8093436 ◽

2017 ◽

Cited By ~ 1

Author(s):

Meltem Kurt Pehlivanoglu ◽

Sedat Akleylek ◽

M. Tolga Sakalli ◽

Nevcihan Duru

Keyword(s):

Block Ciphers ◽

Design Strategies ◽

Key Schedule ◽

Diffusion Layers

Download Full-text

You can detect but you cannot hide: Fault Assisted Side Channel Analysis on Protected Software-based Block Ciphers

2020 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT) ◽

10.1109/dft50435.2020.9250870 ◽

2020 ◽

Keyword(s):

Block Ciphers ◽

Side Channel ◽

Side Channel Analysis ◽

Channel Analysis

Download Full-text

Design of low cost latches based on reversible quantum dot cellular automata

2016 Sixth International Symposium on Embedded Computing and System Design (ISED) ◽

10.1109/ised.2016.7977078 ◽

2016 ◽

Cited By ~ 3

Author(s):

Debajyoty Banik

Keyword(s):

Cellular Automata ◽

Quantum Dot ◽

Low Cost ◽

Quantum Dot Cellular Automata

Download Full-text

Side Channel Attacks Cryptanalysis against Block Ciphers Based on FPGA Devices

2010 IEEE Computer Society Annual Symposium on VLSI ◽

10.1109/isvlsi.2010.104 ◽

2010 ◽

Cited By ~ 13

Author(s):

Anestis Bechtsoudis ◽

Nicolas Sklavos

Keyword(s):

Block Ciphers ◽

Side Channel ◽

Side Channel Attacks

Download Full-text

Optimization of Design Scheme for Toll Plaza Based on M/M/C Queuing Theory and Cellular Automata Simulation Algorithm

Modern Applied Science ◽

10.5539/mas.v11n7p1 ◽

2017 ◽

Vol 11 (7) ◽

pp. 1 ◽

Cited By ~ 3

Author(s):

Yi-Jian Liu ◽

Jian Cao ◽

Xiao-Yan Cao ◽

Yuan-Biao Zhang

Keyword(s):

Cellular Automata ◽

Traffic Control ◽

Queuing Theory ◽

Low Cost ◽

Evaluation Model ◽

Original Design ◽

Safety Coefficient ◽

Toll Plazas ◽

Important Field ◽

Toll Plaza

As an important field in traffic control science, the research in design of toll plazas has increasingly attracted attention of scholars and society. A good design of toll plaza needs to meet a lot of conditions, such as high safety coefficient, high throughput and low cost level. In this study, we established an evaluation model of toll plaza based on cellular automata and M/M/C queuing theory applying to three aspects: safety coefficient, throughput and cost. Then, we took the Asbury Park Toll Plaza in New Jersey as an example to analyze its performance and further optimized the design of the toll plaza. Compared with the original design, the optimized toll plaza we designed is proved to be safer and preferable. Last but not least, we further analyzed the robustness of the designed toll plaza, proving that the designed toll plaza had a preferable performance in reality.

Download Full-text