Table of Contents
Comparing candidates for the new Advanced Encryption Standard using reconfigurable hardware
Outline
Current American encryption standard
Controversies surrounding DES
Deep Crack
Why a new standard?
Why a contest?
Rules of the contest
AES contest - First Round
AES: Candidate algorithms
First round June 1998 - August 1999
Survey filled by 104 participants of the Second AES Conference in Rome, March 1999
AES Finalists (1)
AES Finalists (2)
Second round August 1999 - August 2000
AES Contest: Second Round
Primary ways of implementing cryptography in hardware
Advantages of using FPGAs for comparison of the AES cadidates
Why to use FPGAs in a final product ?
Capabilities of reconfiguration (1)
Capabilities of reconfiguration (2)
Target FPGA devices: High Performance
Target FPGA devices: Low Cost
Basic building blocks of FPGA devices
Methodology and Tools
Top level block diagram
Basic architecture
k-rounds Loop Unrolling
Loop Unrolling: Speed vs. Area
k-stage Outer-Round Pipelining
Pipelined operation of the encryption unit
Outer-Round Pipelining: Speed vs. Area
Non-feedback cipher modes - ECB
Feedback cipher modes - CBC
k-stage Inner-Round Pipelinig
Inner-Round Pipelining: Speed vs. Area
Resource Sharing
Examples of functions F that can be shared
Performance of alternative archtectures: in non-feedback cipher modes (ECB, counter)
Performance of alternative archtectures: in feedback cipher modes (CBC,CFB,OFB)
Basic architecture: Speed, XC 4000XL
Basic architecture: Area, XC 4000XL
Basic architecture: Speed, Virtex
Basic architecture: Area, Virtex
Basic architecture: Speed/Area, Virtex
Encryption in cipher feedback modes (CBC,CFB,OFB)
Comparison with results of other groups: Speed, Virtex FPGA
Comparison with results of other groups: Area, Virtex FPGA
Comparison with results of the NSA group (1)
Our basic architecture of Serpent
NSA's basic architecture of Serpent
Comparison with results of the NSA group (2)
Comparison with results of other groups (1)
Comparison with results of other groups (2)
Target FPGA devices: Medium Performace
Basic architecture: Speed, Altera 10K250A
Basic architecture: Area, Altera 10K250A
Conclusions (1)
Major operations of AES finalists
Critical path: Time
Inner-Round Pipelining
Choosing optimum architecture for non-feedback cipher modes
Full Mixed Inner and Outer-Round Pipelining
Encryption in non-feedback modes (ECB, counter) decryption in all modes [estimations]
NSA architecture for non-feedback cipher modes Full outer-round pipelining
Our architecture for non-feedback cipher modes Full mixed inner- and outer-round pipelining
NSA: Outer-round pipelining: Speed CMOS ASIC
Conclisions (2)
Need for interleaved operating modes
Survey filled by 167 prticipants of the Third AES Conference, April 2000
How NIST is going to make a final decision ?
Security: Theoretical attacks better than exhaustive key search
Security: Authors of attacks
Efficiency in software: NIST-specified platform
Efficiency in software: NIST tests
Efficiency in software: Ranking of encryption speeds for various platforms
Efficiency in software: Key setup
Efficiency in software
Efficiency in software: Conclusions
Flexibility: Criteria
Ranking by participants of the AES3 Conference
Most likely winner(s) (1)
Most likely winner(s) (2)
Most likely winner(s) (3)
|