nach oben

Erschienen in:

2015 | OriginalPaper | Buchkapitel

AES Smaller Than S-Box

Minimalism in Software Design on Low End Microcontrollers

verfasst von : Mitsuru Matsui, Yumiko Murakami

Erschienen in: Lightweight Cryptography for Security and Privacy

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

This paper explores state-of-the-art software implementations of “size-minimum” AES on low-end microcontrollers. In embedded environments, reducing memory size often has priority over achieving faster speed. Some recent lightweight block ciphers can be implemented in 200 to 300 ROM bytes, while the smallest software implementation of AES including key scheduling, encryption and decryption is, as far as we know, around 1 K ROM bytes.

The first purpose of this study is to see how small AES could be. To do this, we aggressively minimize code and data size of AES by introducing a ring multiplication for computing the S-box without any lookup table, a compact algorithm for embedding MixColumns into InvMixColumns, and a tiny loop for processing AddRoundKey, ShiftRows and SubBytes at the same time. As a result, we achieve a 192-byte AES encryption-only code and a 326-byte AES encryption-decryption code on the RL78 microcontroller. We also show that an AES-GCM core can be implemented in 429 bytes on the same microcontroller. These codes include on-the-fly key scheduling to minimize RAM size and their running time is independent of secret information, i.e. timing-attack resistant.

The second purpose of this research is to see what processor hardware architecture is suitable for implementing lightweight ciphers from a minimalist point of view. A simple-looking algorithm often results in very different size and speed figures on different low-end microcontrollers in practice, even if their instruction sets consist of similar primitive operations. We show concrete code examples implemented on four low-end microcontrollers, RL78, ATtiny, Cortex-M0 and MSP430 to demonstrate that slight differences of processor hardware, such as carry flag treatment and branch timing, significantly affect size and speed of AES.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel A Flexible and Compact Hardware Architecture for the SIMON Block Cipher

Nächstes Kapitel Differential Factors: Improved Attacks on SERPENT

Nur mit Berechtigung zugänglich

Eisenbarth, T., et al.: Compact implementation and performance evaluation of block ciphers in ATtiny devices. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 172–187. Springer, Heidelberg (2012) CrossRef

Balasch, J., et al.: Compact implementation and performance evaluation of hash functions in ATtiny devices. In: Mangard, S. (ed.) CARDIS 2012. LNCS, vol. 7771, pp. 158–172. Springer, Heidelberg (2013). http://eprint.iacr.org/2012/507.pdf CrossRef

Matsui, M., Murakami, Y.: Minimalism of software implementation-extensive performance analysis of symmetric primitives on the RL78 microcontroller. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 393–409. Springer, Heidelberg (2014) CrossRef

Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK Families of Lightweight Block Ciphers. http://eprint.iacr.org/2013/404.pdf

Papagiannopoulos, K., Verstegen, A.: Speed and size-optimized implementations of the PRESENT cipher for tiny AVR devices. In: Hutter, M., Schmidt, J.-M. (eds.) RFIDsec 2013. LNCS, vol. 8262, pp. 161–175. Springer, Heidelberg (2013) CrossRef

Fischer, V., Drutarovsky, M., Chodowiec, P., Gramain, F.: InvMixColumn decomposition and multilevel resource sharing in AES implementations. IEEE Trans. VLSI Syst. 13(8), 989–992 (2005)CrossRef

Advanced Encryption Standard (AES), Federal Information Processing Standards Publication 197, NIST (2001)

Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, Heidelberg (2002)CrossRefMATH

Renesas Electronics, RL78 Family. http://am.renesas.com/products/mpumcu/rl78/index.jsp?campaign=gn_prod

10.

Atmel, tinyAVR Microcontrollers. http://www.atmel.com/products/microcontrollers/avr/tinyavr.aspx

11.

Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, Special Publication 800–38D, NIST (2007)

12.

RL78 Family, User’s Manual. http://documentation.renesas.com/doc/products/mpumcu/doc/rl78/r01us0015ej0210_rl78.pdf

13.

8-bit AVR Instruction Set http://www.atmel.com/Images/doc0856.pdf

14.

AVR-Crypto-Lib Wiki. http://www.das-labor.org/wiki/AVR-Crypto-Lib/en

15.

Gauravaram, P., Knudsen, L.R., Matusiewicz, K., Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: Grøstl - a SHA-3 candidate. http://www.groestl.info/

16.

Mixing Assembly and C with AVRGCC. http://www.atmel.com/Images/doc42055.pdf

17.

Bos, J.W., Osvik, D.A., Stefan, D.: Fast Implementations of AES on Various Platforms. http://eprint.iacr.org/2009/501.pdf

18.

Poettering, B.: Rijndael Furious. http://perso.uclouvain.be/fstandae/lightweight_ciphers/source/AES_furious.asm

19.

ARM Cortex-M0 core MCUs. http://www.nxp.com/products/microcontrollers/cortex_m0_m0/

20.

Overview for MSP430 Ultra-Low Power 16-bit MCUs. http://www.ti.com/lsds/ti/microcontroller/16-bit_msp430/overview.page

Titel: AES Smaller Than S-Box
verfasst von: Mitsuru Matsui
Yumiko Murakami
Verlag: Springer International Publishing
Buch: Lightweight Cryptography for Security and Privacy
Print ISBN: 978-3-319-16362-8

Electronic ISBN: 978-3-319-16363-5

Copyright-Jahr: 2015
DOI: https://doi.org/10.1007/978-3-319-16363-5_4

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner