Легковесная криптография
-
Upload
positive-hack-days -
Category
Technology
-
view
1.390 -
download
5
description
Transcript of Легковесная криптография
![Page 1: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/1.jpg)
Легковесная
криптография
![Page 2: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/2.jpg)
Конференция РусКрипто 2012
Развитие средств коммуникации
![Page 3: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/3.jpg)
Internet of Things
— An action plan for Europe
Communication from the Commission to the
European Parliament, the Council, the
European economic and Social Committee and the Committee of the Regions
![Page 4: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/4.jpg)
От
Интернента РС
к
Интернету вещей
(IoT)
![Page 5: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/5.jpg)
В 2008 г. число устройств,
подключенных к Интернету
превысило число жителей
Земли.
К 2020 г. таких устройств
будет 50 миллиардов.
![Page 6: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/6.jpg)
“... by 2012 your fridge,
your heart monitor, your
bathroom scales and your
shoes might work together
to monitor (and nag you
about) your cardiovascular
health“
F. Stajano
«Security for Ubiquitous Computing»
Wiley, 1st ed., 2002
![Page 7: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/7.jpg)
Конференция РусКрипто 2012
Развитие технологий
![Page 8: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/8.jpg)
В ближайшие 5 лет 20 типичных
европейских домохозяйств будут
генерировать больше интернет-
трафика, чем весь Интернет в
2008 г.
Благодаря протоколу IPv6 у нас
появятся 340282366920938463463
374607431768211456 ( > 3·1038)
интернет-адресов.
Развитие технологий
![Page 9: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/9.jpg)
•A world where physical objects are
seamlessly integrated into the information
network, and where the physical
objects can become active participants in
information processes. Services are
available to interact with these 'smart
objects' over the Internet, query and
change their state and any information
associated with them, taking into
account security and privacy issues.
"SAP IoT Definition".
SAP Research. Retrieved 2011-03-18.
"SAP IoT Definition". SAP Research.
Retrieved 2011-03-18.
![Page 10: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/10.jpg)
•A world where physical objects are
seamlessly integrated into the information
network, and where the physical
objects can become active participants in
information processes. Services are
available to interact with these 'smart
objects' over the Internet, query and
change their state and any information
associated with them, taking into
account security and privacy issues
"SAP IoT Definition".
SAP Research. Retrieved 2011-03-18.
"SAP IoT Definition". SAP Research.
Retrieved 2011-03-18.
![Page 11: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/11.jpg)
Lightweight
Cryptography
for
the Internet of
Things
Легковесная криптография
![Page 12: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/12.jpg)
Легковесная криптография
Л е г к о в е с н а я
к р и п т о г р а ф и я
![Page 13: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/13.jpg)
Л е г к о в е с н а я
к р и п т о г р а ф и я
(н и з к о р е с у р с н а я к р и п т о г р а ф и я)
Легковесная криптография
![Page 14: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/14.jpg)
ECRYPT Workshop on Lightweight Cryptography
(Belgium) – November 28-29, 2011.
Workshop on Cryptographic Hardware and
Embedded Systems – CHES
Легковесная криптография
![Page 15: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/15.jpg)
Efficient Hardware Implementations of Finite
Field Arithmetic
International Workshop on the Arithmetic of
Finite Fields (WAIFI)
IEEE International Symposium on Circuits and
Systems (ISCAS )
IEEE International Conference on Application-
specific Systems, Architectures and
Processors SECSI – Secure Component and
Systems Identification
RFIDSec
escar – Embedded Security in Cars
Легковесная криптография
![Page 16: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/16.jpg)
CRYPTO
EUROCRYPT
FSE
SAC
ASIACRYPT
AFRICACRYPT
Легковесная криптография
![Page 17: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/17.jpg)
Конференция РусКрипто 2012
Легковесная криптография
![Page 18: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/18.jpg)
В соответствии с
[ISO/IEC 18000-1:2004, Information Technology
– Radio Frequency Identification for Item
Management. Part 3: Parameters for Air
Interface Communications at 13,56 MHz.]
пассивные радиочастотные метки должны
иметь уровень энергопотребления не более
15 μW для того, чтобы гарантировать работу
устройства в радиусе до 1 м.
Легковесная криптография
![Page 19: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/19.jpg)
Легковесная криптография
![Page 20: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/20.jpg)
Легковесная криптография
![Page 21: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/21.jpg)
Lightweight Cryptography –
A Battle for a Single Gate
low: less than 1 EUR (e.g. passive RFID label)
medium: 1 - 10 EUR (e.g. smart card)
high: more than 10 EUR (e.g. high-end smart
card)
Легковесная криптография
![Page 22: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/22.jpg)
Side channel attacks and their
countermeasures
National Institute of Standards and
Technology. FIPS 140-2: Security
Requirements for Cryptographic
Modules.
Легковесная криптография
![Page 23: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/23.jpg)
ISO/IEC FDIS 29192-1 -- 29192-4.
-- Information technology
-- Security techniques
-- Lightweight cryptography
o Part 1: General.
Стадия: 50.60 (2012-03-18)
o Part 3: Stream ciphers.
Стадия: 50.20 (2012-02-16)
o Part 4: Mechanisms using asymmetric
techniques. Стадия: 40.20 (2011-12-22)
Международные стандарты
![Page 24: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/24.jpg)
Реализация AES.
Блочные шифры
Аппаратная. Скорость до 70 Гбит/сек (2004)
[A. Hodjat and I. Verbauwhede. Minimum Area
Cost for a 30 to 70 Gbits/s AES Processor. In
IEEE Computer Society Annual Symposium on
VLSI (ISVLSI 2004), pp 498–502. IEEE, 2004].
Такая реализация использует конвейерную
архитектуру процессора и требует более
250,000 GE.
![Page 25: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/25.jpg)
Аппаратная. В то же время наиболее
компактная – 3100-3400 GE [P. Hamalainen,
T. Alho, M. Hannikainen, and T. D.Hamalainen.
Design and Implementation of Low-Area and
Low-Power AES Encryption Hardware Core. In
Euromicro Conference on Digital System
Design, pages 577–583. IEEE Computer
Society, 2006.].
Реализация AES.
Блочные шифры
![Page 26: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/26.jpg)
Программно-аппаратная. Intel: new AES
instruction in Westmere processors
– 0.75 cycles/byte [2009-2010].
Программная. 7.6 cycles/byte on Core 2 or
110 Mbyte/s bitsliced [2009].
Реализация AES.
Блочные шифры
![Page 27: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/27.jpg)
Конференция РусКрипто 2005
64-bit block 96-bit block 128-bit block
3-DES (112-168)
IDEA (128)
MISTY1 (128)
KASUMI (64-128)
HIGHT (128)
PRESENT (80-128)
TEA (128)
mCRYPTON (96)
GOST (256)
KATAN64 (80)
KTANTAN64 (80)
KLEIN (64-96-128)
DESXL (184)
SEA (96)
PRINTcipher-96
(160)
AES (128-192-256)
CAMELLIA
RC6
CLEFIA
Блочные шифры
![Page 28: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/28.jpg)
Конференция РусКрипто 2012
Блочные шифры
![Page 29: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/29.jpg)
Конференция РусКрипто 2012
Блочные шифры
![Page 30: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/30.jpg)
Piccolo: An Ultra-Lightweight
Blockcipher (CHES 2011)
Kyoji Shibutani, Takanori Isobe, Harunaga
Hiwatari, Atsushi Mitsuda, Toru Akishita, and
Taizo Shirai
64-bit blockcipher supporting 80 and 128-
bit keys. The hardware requirements for
the 80 and the 128-bit key mode are only
683 and 758 gate equivalents, respectively.
Блочные шифры
![Page 31: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/31.jpg)
Hummingbird: Ultra-Lightweight
Cryptography for Resource-
Constrained Devices
Daniel Engels, Xinxin Fan, Guang Gong,
Honggang Hu and Eric M. Smith (CANADA, USA)
Hummingbird is a combination of block
cipher and stream cipher structures with
16-bit block size, 256-bit key size, and 80-
bit internal state.
Блочные шифры
![Page 32: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/32.jpg)
Hummingbird
Блочные шифры
![Page 33: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/33.jpg)
Конференция РусКрипто 2012
Блочные шифры
![Page 34: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/34.jpg)
Конференция РусКрипто 2012
Faculty of Electrical Engineering and Information Technology
Ruhr-University Bochum, Germany
Division of Mathematical Sciences
School of Physical and Mathematical Sciences
Nanyang Technological University, Singapore
Axel Poschmann, San Ling, and
Huaxiong Wang:
256 Bit Standardized Crypto for 650
GE GOST Revisited, In CHES 2010,
LNCS 6225, pp. 219-233, 2010.
ГОСТ 28147-89
![Page 35: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/35.jpg)
Конференция РусКрипто 2012
ГОСТ 28147-89
![Page 36: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/36.jpg)
Конференция РусКрипто 2012
ГОСТ 28147-89
![Page 37: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/37.jpg)
FSE’2011 Takanori Isobe
A Single-Key Attack on the Full GOST Block Cipher
IACR 2011/211 Nicolas T. Courtois
Security Evaluation of GOST 28147-89 In View Of International Standardisation
IACR 2011/312 Nicolas T. Courtois and Michal Misztal
Differential Cryptanalysis of GOST
IACR 2011/489 A. N. Alekseychuk and L. V. Kovalchuk
Towards a Theory of Security Evaluation for GOST-like Ciphers against
Differential and Linear Cryptanalysis
IACR 2011/558 Itai Dinur and Orr Dunkelman and Adi Shamir
Improved Attacks on Full GOST
IACR 2011/619 Bo Zhu and Guang Gong
Multidimensional Meet-in-the-Middle Attack and Its Applications to GOST,
KTANTAN and Hummingbird-2
IACR 2011/626 Nicolas T. Courtois
Algebraic Complexity Reduction and Cryptanalysis of GOST
ГОСТ 28147-89
![Page 38: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/38.jpg)
Reference Data
(KP)
Mem. Time Self-Sim.
Property
T. Isobe. A Single-Key Attack on the Full GOST Block Cipher.
FSE 2011 232 264 2224 Reflection
N. Courtois. Security Evaluation of GOST 28147-89 in View of
International Standardisation.
Cryptology ePrint Archive, Report 2011/211 (2011)
264
264
2248
N. Courtois and M. Misztal. Differential Cryptanalysis of GOST.
Cryptology ePrint Archive, Report 2011/312 (2011) 264 264 2226 Differential
Itai Dinur, Orr Dunkelman and Adi Shamir
Improved Attacks on Full GOST Cryptology ePrint Archive, Report 2011/558 (2011)
264 236 2192 fixed point
Itai Dinur, Orr Dunkelman and Adi Shamir
Improved Attacks on Full GOST Cryptology ePrint Archive, Report 2011/558 (2011)
264 219 2204 fixed point
Itai Dinur, Orr Dunkelman and Adi Shamir
Improved Attacks on Full GOST Cryptology ePrint Archive, Report 2011/558 (2011)
232 236 2224 Reflection
Itai Dinur, Orr Dunkelman and Adi Shamir
Improved Attacks on Full GOST
Cryptology ePrint Archive, Report 2011/558 (2011)
232 219 2236 Reflection
Single-key Attacks on the Full GOST
ГОСТ 28147-89
![Page 39: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/39.jpg)
ГОСТ 28147-89
![Page 40: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/40.jpg)
ГОСТ 28147-89
![Page 41: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/41.jpg)
Markku-Juhani O. Saarinen (Revere Security, USA)
Cryptographic Analysis of All 4×4-Bit S-Boxes
SAC 2011
Nicolas T. Courtois, Daniel Hulme and Theodosis
Mourouzis Solving Circuit Optimisation Problems
in Cryptography and Cryptanalysis
Cryptology ePrint Archive, Report 2011/475 (2011)
Markus Ullrich, Christophe De Canniere, Sebastiaan
Indesteege, Ozgul Kucuk, Nicky Mouha, Bart Preneel Finding Optimal Bitsliced Implementations of
4×4-bit S-boxes
Свойства S-блоков размера 44
![Page 42: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/42.jpg)
Конференция РусКрипто 2005
Lightweight stream ciphers
eSTREAM (2004-2008)
GE
Grain v.1 1,294
Trivium 2,599
Поточные шифры
![Page 43: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/43.jpg)
Конференция РусКрипто 2012
Поточные шифры
![Page 44: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/44.jpg)
Конференция РусКрипто 2012
Поточные шифры
![Page 45: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/45.jpg)
Конференция РусКрипто 2012
Хэш-функции
![Page 46: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/46.jpg)
Конференция РусКрипто 2012
Хэш-функции
![Page 47: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/47.jpg)
Конференция РусКрипто 2012
Хэш-функции
![Page 48: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/48.jpg)
Криптография с открытым ключом
Размер
поля
Arithmetic
(gates)
Memory
(gates)
Total
(gates)
Time
(ms)
113 1,625 6,686 10,112 47
131 2,071 7,747 11,969 61
163 2,572 9,632 15,094 108
193 2,776 11,400 17,723 139
Вычисления в конечном поле
![Page 49: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/49.jpg)
Конференция РусКрипто 2012
Криптография с открытым ключом
![Page 50: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/50.jpg)
Барт Пренель о развитии легковесной
криптографии
![Page 51: Легковесная криптография](https://reader033.fdocument.pub/reader033/viewer/2022052222/547ff3e1b4af9f98098b4663/html5/thumbnails/51.jpg)
Отечественная легковесная криптография