New Block Cipher for UltraCompact Hardware NBee M
New Block Cipher for Ultra-Compact Hardware NBee. M みかか A. Satoh K. Aoki
Rapid Growth of RFID market SCIS 2006
Security for RFID Security is very important for radio communication, but there is no room for cryptography in RFIDs We need More room! Bear (unpackaged) RFID chips AES-16 for ultra-compact hardware is proposed SCIS 2006
Architecture of AES-16 § AES-16 uses the design concept of AES § All the basic components are shrunk down to 1/8 AES-16 Data : 128 bits → 16 bits Key : 128 bits → 16 bits SCIS 2006
S-box Comparison AES-16 = S-box can be implemented 8 -bit S-box defined over GF(28) is replaced 1 -bit inverter! S-box over GF(2)! asbyone SCIS 2006
Performance comparison § Sizes and speeds were evaluated by using a 0. 13 um ASIC library Algorithm Size AES-16 AES 1. 0 Kgates 5. 4 Kgates Frequency Throughput 1 GHz 131 MHz 1. 6 Gbps 311 Mbps AES-16 achieved 1/5 gates with x 5 throughput SCIS 2006
Secure against Power Analysis A switching probability highly dependent on the input data pattern is the key for DPA success Very low power S-box with 100% switching probability gives no clue for DPA SCIS 2006
Secure against Cache Attack Cache attack measures the operating time depending on cache hit or miss to estimate the secret data MPU has enough cache memory for a 1 -bit S-box table Cash Hit Cash Miss SCIS 2006
Security Assessment of AES-16 Provably secure against differential cryptanalysis Provably secure against Linear cryptanalysis, Higher-order differential attack, SQUARE attack, Boomerang Truncated linear attack, etc. All candidatesattack, show the same differential probability Why? Gotcha! Because, It’s a liner it’s linear SCIS 2006
Conclusion 16 -bit block cipher AES-16 § Ultra compact and high-speed H/W § Astonishing linear 1 -bit S-box § Probably secure against all the side channel attacks and all the conventional cryptanalysis Tip-top cryptographers never speak about trivial brute force attack SCIS 2006
- Slides: 10