Ruolin Zhang,Zejun Xiang,Shasha Zhang,Xiangyong Zeng,Min Song

DOI: https://doi.org/10.1049/2024/7047055

2024-06-25

IET Information Security

Abstract:The SM4 block cipher is standardized in ISO/IEC, and it is also the national standard of commercial cryptography in China. In this paper, we propose two new techniques called "split‐and‐join" and "off‐peak and stagger" to make SM4 more applicable to resource‐constrained environments. The area optimization method uses a 1‐bit data path while reducing the number of registers from 64 to 8 and the number of XOR gates from 194 to 8. As a result, we report a 1‐bit‐serial SM4 encryption circuit that occupies 1771 GE with a latency of 2,336 cycles. Additionally, the "off‐peak and stagger" technique compresses all the operations within the state update and key schedule into 32 clock cycles to reduce the latency. In other words, it takes 32 clock cycles to complete one round encryption. The new circuit occupies 1861 GE with a latency of 1,344 cycles. Moreover, we also discuss how to further reduce the latency by increasing the data path with a small area overhead to provide wider area‐latency tradeoffs for SM4. Our designs make SM4 competitive with many ciphers specifically designed for lightweight cryptography.

computer science, information systems, theory & methods

Hyeokdong Kwon,Hyunjun Kim,Siwoo Eum,Minjoo Sim,Hyunji Kim,Wai-Kong Lee,Zhi Hu,Hwajeong Seo

DOI: https://doi.org/10.1109/access.2022.3195217

IF: 3.9

2022-08-10

IEEE Access

Abstract:At 2003, the SM4 block cipher was introduced that is a Chinese domestic cryptographic. It is mandated in the Chinese National Standard for Wireless LAN Wired Authentication and Privacy Infrastructure (WAPI), because the algorithm was developed for use in wireless sensor networks to provide safety network environment. The SM4 block cipher uses a 128-bit block size and a 32-bit round key. It consists of 32 rounds and one reverse translation R. In this paper, we present the optimized implementation of the SM4 block cipher on 8-bit AVR microcontrollers, which are widely used in wireless sensor devices; the optimized implementation of the SM4 block cipher on 32-bit RISC-V processors, which are open-source-based computer architectures, and the optimized implementation of SM4 on 64-bit ARM processors with parallel computation, which are widely used in smartphones and tablets. In the AVR microcontroller, three versions are implemented for various purposes, including speed-optimization, memory-optimization, and code size-optimization. As a result, the speed-optimization, memory-optimization, and code size-optimization versions achieved 205.2 cycles per byte, 213.3 cycles per byte, and 207.4 cycles per byte, respectively. This is faster than the reference implementation written in C language (1670.7 cycles per byte). The implementation on 32-bit RISC-V processors achieved 128.8 cycles per byte. This is faster than the reference implementation written in C language (345.7 cycles per byte). The implementation on 64-bit ARM processors achieved 8.62 cycles per byte. This is faster than the reference implementation written in C language (120.07 cycles per byte).

computer science, information systems,telecommunications,engineering, electrical & electronic

Hailiang Fu,Guoqiang Bai,Xingjun Wu

DOI: https://doi.org/10.1109/ITNEC.2016.7560361

2016-01-01

Abstract:This paper presents an iterative encryption architecture of SM4 arithmetic in combinational logic. Previous works using Lookup Tables to implement the Sbox function have relied on circuits with a large area. Using the Normal Basis in the Composite Field, the proposed design reduces the circuits' area. We test all feasible sets of Normal Basis and finally find 8 sets for correct encryption of SM4. Through the simulation in Modelsim, the proposed architecture achieves the right result within 32 rounds. Compared with the other designs, our design uses less hardware and has a big advantage in resource constrained applications.

Paul Scheffler,Florian Zaruba,Fabian Schuiki,Torsten Hoefler,Luca Benini

DOI: https://doi.org/10.1109/tpds.2023.3322029

IF: 5.3

2023-12-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Sparse linear algebra is crucial in many application domains, but challenging to handle efficiently in both software and hardware, with one- and two-sided operand sparsity handled with distinct approaches. In this work, we enhance an existing memory-streaming RISC-V ISA extension to accelerate both one- and two-sided operand sparsity on widespread sparse tensor formats like compressed sparse row (CSR) and compressed sparse fiber (CSF) by accelerating the underlying operations of streaming indirection, intersection, and union. Our extensions enable single-core speedups over an optimized RISC-V baseline of up to 7.0x, 7.7x, and 9.8x on sparse-dense multiply, sparse-sparse multiply, and sparse-sparse addition, respectively, and peak FPU utilizations of up to 80% on sparse-dense problems. On an eight-core cluster, sparse-dense and sparse-sparse matrix-vector multiply using real-world matrices are up to 4.9x and 5.9x faster and up to 2.9x and 3.0x more energy efficient. We explore further applications for our extensions, such as stencil codes and graph pattern matching. Compared to recent CPU, GPU, and accelerator approaches, our extensions enable higher flexibility on data representation, degree of sparsity, and dataflow at a minimal hardware footprint, adding only 1.8% in area to a compute cluster. A cluster with our extensions running CSR matrix-vector multiplication achieves 9.9x and 1.7x higher peak floating-point utilizations than recent highly optimized sparse data structures and libraries for CPU and GPU, respectively, even when accounting for off-chip main memory (HBM) and on-chip interconnect latency and bandwidth effects.

computer science, theory & methods,engineering, electrical & electronic

Hailiang Fu,Guoqiang Bai,Xingjun Wu

DOI: https://doi.org/10.1007/978-3-319-59608-2_39

2016-01-01

Abstract:Implementations of the SM4 algorithm, including different hardware applications with limited resources, are vulnerable to Side-Channel Attacks. This paper presents a countermeasure against such attacks by adding a random “mask” to the input plaintext and protect all variables through the whole encryption process. As is known to all, the unique nonlinear step in each round of SM4 algorithm is the “S-Box” and the previous works using lookup-table method to implement the S-Box always incur large area and high power. Here we give the compact design of masked S-Box using the normal basis in the composite field (consisting of a Galois inversion and several affine transformations). Then we compute the different masks diffused to all the steps in the SM4 algorithm process. The proposed design results in ultra-low cost of hardware and capability to resist first-order differential power analysis (DPA), which is suitable for the resource constrained devices. The synthesis result of masked S-Box shows that the area under the SMIC 0.13 (upmu )m is only about 978-gates, 46.8% fewer than the other works. Further, we apply the pipeline technique to our proposed “masked S-Box”, thereby to the whole masked SM4 algorithm. The results of FPGA implementation present that our works have achieved an ultra-high speed with frequency nearly 551 MHz and the throughput over 70 Gbps.

LU Shi-ting,WANG Shuai,RAN Jun,ZENG Xiao-yang

DOI: https://doi.org/10.3969/j.issn.1000-3428.2011.06.042

2011-01-01

Abstract:This paper presents a method which extends instruction set for Advanced Encryption Standard(AES) on MIPS32 4k series using SIMD technology.Taking advantage of the align stage of processor pipeline and the dedicated AES data access engine,it realizes the parallel processing with 64 bit data width.It compares the performance of different implementation and the results show that the ISE boosts the performance of cryptographic algorithm,and the hardware cost is relatively low.It also has the programming flexibility.

Yongkang Xu,Feng Deng,Weihan Xu,Guanting Huo,Yang,Yufeng Jin,Xiaole Cui

DOI: https://doi.org/10.1109/iaeac54830.2022.9929737

2022-01-01

Abstract:In modern systems-on-chip, cryptographic coprocessors bring more flexibility to design, not only accelerating the encryption process but also compressing design resources by sharing algorithm units. A high- performance unified coprocessor for AES-128 and SM4 encryption is proposed in this paper. On the one hand, based on the similarities between the two types of algorithms, the multiplicative inverse (MI) unit of the Sbox is realized in the composite field, and by sharing the reconfigurable Sbox logic (RCSL), the hardware resource consumption of circuits compatible with both algorithms is reduced. On the other hand, global pipeline technology based on shared-RCSL is used to improve the throughput of the coprocessor. In TSMC 65nm 1.08V CMOS technology, compared to the synthesized results of independently AES-128 and SM4, the area and power at 500MHz of the unified coprocessor are reduced by 42% and 43%, respectively.

Chao Jin,Zhejing Bao,Weiwei Miao,Zeng,Xiaogang Wei,Rui Zhang

DOI: https://doi.org/10.1109/access.2023.3290211

2021-01-01

Abstract:The white-box implementation of cryptography algorithm can hide key information even in the white-box attack context owing to the means of obfuscation. However, under the deliberately designed attack, there is still a risk of the information being recovered within a certain time complexity. In this paper, a lightweight nonlinear white-box SM4 implementation is proposed to prevent several typical attacks from extracting the secret key, which hides the encryption and decryption process in obfuscated lookup tables. Aiming to improve the diversity and ambiguity of the lookup tables as well as resist the different types of white-box attacks, the random bijective nonlinear mappings are applied as scrambling encodings of the lookup tables. Moreover, the memory occupation of the implementation doesn't increase significantly by simplifying the structure and using concatenation code. Through several quantitative indicators, including memory size, diversity, ambiguity, the time complexity required to extract the key, and the value space of the key and external encodings, it is proved that the security of the proposed implementation could been enhanced significantly, while no sacrificing the practicality, compared with the existing schemes.

LIANG Hao,WU Li-ji,ZHANG Xiang-min

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2015.05.004

2015-01-01

Abstract:In this paper, a new method based on composite field is proposed. Through isomorphism bit matrices, the calculation by changing finite field inversion from GF(28) to GF(((22)2)2) is simplified to reduce the computational difficulty and a more compact S-box is realized. The area decreases by 27% than Look-up Table. On the basis of that, the SM4 algorithm is implemented. The area of this IP core is only 7 612 gates synthesized under the smic0.13 μmCMOS process. Therefore this improved design is very helpful for area-limited condition such as IC cards.

Weijun Shan,Chi Zhang,Qing Li,Jun Yu

DOI: https://doi.org/10.1109/icnisc57059.2022.00103

2022-01-01

Abstract:This paper presents a lightweight countermeasure scheme of SM4 cryptographic algorithm against side channel analysis attacks. SM4 is one of the widely used block ciphers in information computing and data communication. However, as it is usually implemented in cryptographic devices, it is definitely under the threat of side channel analysis attacks. Some schemes of implementations have been provided as the countermeasures against the side channel analysis attacks, which leads to a relatively complicated realization on both cost and performance. This paper proposes a new mask scheme for SM4 implementation with lightweight cost and low performance loss. Experiment results show the effectiveness of the method against the side channel analysis attacks.

Philippos Papaphilippou,Paul H. J. Kelly,Wayne Luk

DOI: https://doi.org/10.48550/arXiv.2106.07456

2021-06-14

Abstract:This paper presents a novel, non-standard set of vector instruction types for exploring custom SIMD instructions in a softcore. The new types allow simultaneous access to a relatively high number of operands, reducing the instruction count where applicable. Additionally, a high-performance open-source RISC-V (RV32 IM) softcore is introduced, optimised for exploring custom SIMD instructions and streaming performance. By providing instruction templates for instruction development in HDL/Verilog, efficient FPGA-based instructions can be developed with few low-level lines of code. In order to improve custom SIMD instruction performance, the softcore's cache hierarchy is optimised for bandwidth, such as with very wide blocks for the last-level cache. The approach is demonstrated on example memory-intensive applications on an FPGA. Although the exploration is based on the softcore, the goal is to provide a means to experiment with advanced SIMD instructions which could be loaded in future CPUs that feature reconfigurable regions as custom instructions. Finally, we provide some insights on the challenges and effectiveness of such future micro-architectures.

Hardware Architecture

Dan Zhang,Guoqiang Bai

DOI: https://doi.org/10.1007/978-3-319-29814-6_17

2015-01-01

Abstract:To ensure secure information exchange, demand for hardware implementation of elliptic curve cryptography (ECC) is increasing rapidly in recent years. In this paper, we propose an ASIC design for ECC over SCA-256 prime field, delivering both high performance and great SPA resistance. For algorithm selection, we integrate calculation simplification into the classic algorithm, Montgomery Powering Ladder (MPL). Based on the deduction of Fast NIST Reduction, we innovatively achieve the configurable modular multiplication module and then the isochronous point addition and double units. Pipeline architecture, execution order optimization and modular design are all applied to improved performance. Evaluated by CMOS standard cell library of 0.13 (upmu )m, this ECC processor costs only 208 (upmu )s and 6.8 (upmu )J for one scalar multiplication and runs at high frequency of 228 MHz with area of 156 k gates. Compared to related works, it is much more advantageous in not only area-time product but also SPA resistant protection.

Eunjin Choi,Jina Park,Kyuseung Han,Woojoo Lee

DOI: https://doi.org/10.1016/j.jestch.2024.101894

IF: 5.155

2024-11-22

Engineering Science and Technology an International Journal

Abstract:As open-source RISC-V cores continue to be released, the development of low-power multicore processors utilizing these cores is invigorating the edge/IoT device market. Nevertheless, comprehensive research on developing low-power multicore processors with integrated security features using existing open RISC-V cores remains limited. This study addresses this gap by introducing AESware , a dedicated lightweight hardware designed for energy-efficient AES (Advanced Encryption Standard) task execution, contributing to the development of AES-specific low-power RISC-V multicore processors. AESware supports variable key lengths and ensures minimal power consumption with a compact design. This standalone IP (Intellectual Property) is compatible with various open RISC-V cores, offering scalability and convenience. And importantly, we propose the most energy-efficient architecture for multicore processors equipped with AESware. Instead of assigning dedicated AESware to each core, we introduce a shared AESware architecture to maximize energy efficiency. We develop an operational algorithm for task scheduling in AESware, achieving maximum utilization and minimal latency while maintaining its lightweight nature. To evaluate our solution, we developed 24 processors into three groups: AESware-equipped, baseline, and those with an external AES accelerator per core. After FPGA (Field-Programmable Gate Array) prototyping for functional verification and power consumption analysis via 45 nm process technology synthesis, our findings revealed significant energy savings. AESware-equipped processors achieved up to 76%, 47%, and 33% energy savings at dual-, quad-, and octa-core configurations compared to baseline, respectively, and were more energy-efficient in running AES applications than those with individual accelerators.

engineering, multidisciplinary

Shuai Wang,Yang Li,JunBao Liu,Jun Han,Xiaoyang Zeng

DOI: https://doi.org/10.1109/ASICON.2011.6157314

2011-01-01

Abstract:This paper presents a security processor based on MIPS 4KE architecture which extends security functions of AES and ECC. Due to the different features of AES and ECC encryptions, two dedicated hardware units are employed. One is the AES function unit which is integrated into the pipeline of this MIPS-like processor, and the other is the ECC unit which works as a coprocessor to implement asymmetric cryptographic algorithms. Moreover, the instruction set extensions(ISE) of MIPS for these security functions are developed. Therefore, our security processor is not only able to handle high-intensity encryption tasks, but also compatible to the leading software development tools of industry. At last, its functionality and high performance are verified by our experimental chip. © 2011 IEEE.

Stefano Rinaldi,Kavitha Arunachalam,Thanikodi Kumar,Kasarla Reddy,Bidare Parameshachari

DOI: https://doi.org/10.3390/electronics10162023

IF: 2.9

2021-08-21

Electronics

Abstract:Nowadays, a huge amount of digital data is frequently changed among different embedded devices over wireless communication technologies. Data security is considered an important parameter for avoiding information loss and preventing cyber-crimes. This research article details the low power high-speed hardware architectures for the efficient field programmable gate array (FPGA) implementation of the advanced encryption standard (AES) algorithm to provide data security. This work does not depend on the Look-Up Table (LUTs) for the implementation the SubBytes and InvSubBytes stages of transformations of the AES encryption and decryption; this new architecture uses combinational logical circuits for implementing SubBytes and InvSubBytes transformation. Due to the elimination of LUTs, unwanted delays are eliminated in this architecture and a subpipelining structure is introduced for improving the speed of the AES algorithm. Here, modified positive polarity reed muller (MPPRM) architecture is inserted to reduce the total hardware requirements, and comparisons are made with different implementations. With MPPRM architecture introduced in SubBytes stages, an efficient mixcolumn and invmixcolumn architecture that is suited to subpipelined round units is added. The performances of the proposed AES-MPPRM architecture is analyzed in terms of number of slice registers, flip flops, number of slice LUTs, number of logical elements, slices, bonded IOB, operating frequency and delay. There are five different AES architectures including LAES, AES-CTR, AES-CFA, AES-BSRD, and AES-EMCBE. The LUT of the AES-MPPRM architecture designed in the Spartan 6 is reduced up to 15.45% when compared to the AES-BSRD.

engineering, electrical & electronic,computer science, information systems,physics, applied

Youqi Li,Xingjun Wu,Guoqiang Bai

DOI: https://doi.org/10.1109/icsict.2018.8564874

2018-01-01

Abstract:Chips in Internet of Things devices require extremely low power consumption and excellent security. In this paper, we present the first implementation of the SM4 algorithm literally. Taking advantage of asynchronous dual-rail domino logic pipeline, which can naturally avoid abundant request signals and register flips, the power consumption of SM4 can be largely reduced. Prototyped on SMIC 0.18um technology, we designed an asynchronous pipeline architecture of SM4 encryption algorithm. Compared with synchronous designs [2], our design has smaller area and lower power consumption while possess strong resistance to side channel attack spontaneously. The circuit simulation results show that the full pipeline SM4 algorithm can achieve 21.26Gbps throughput, while a single round of encryption costs just 6.07mW on average with the delay 2.8ns. For comparison, we normalized the throughput to [2] and get a 20x improvement on power consumption.

Tian-shu FU,Shu-guo LI

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2016.10.003

2016-01-01

Abstract:In CBC mode,pipeline technique does not work on SM4 algorithm to increase throughput,as there is a feedback path from output to input.Over this problem,a logic simplifying method is proposed,which can reduce delay of one stage of XOR gates in each round function of encryption algorithm of SM4.Based on this method,SM4 with a 4-round-in-1 structure is designed,in which,delay of 4 stages of XOR gates can be reduced in the critical path,and this design has a higher throughput per unit area than the other schemes in this paper.Synthesis results show that the ASIC implementation of SM4 with a 4-round-in-1 structure can achieve 5.24 Gb/s in throughput, which is higher than that of reported designs.

Juhua Liu,Wei Lie,Guoqiang Bai

DOI: https://doi.org/10.1109/cstic.2018.8369335

2018-01-01

Abstract:Recently, the need for designing block ciphers targeting on resource constrained device has been repeatedly expressed by professionals. Currently, Roadrunner is one of the most software efficient lightweight ciphers. Its security is provable against linear and differential attacks. In this paper, we design a novel S-Box layer, in order to improve the performance for hardware implementation. Furthermore, the new S-Box layer has eight different 4-bit S-Boxes, which are decomposable. We decompose each 4-bit S-Box by exploiting affine transformations and a single shared quadratic permutation. After being decomposed, these eight 4-bit S-boxes can be merged into one component, sharing the same quadratic permutation. In this way, we can save the area consumption by 51%, compared to the traditional implementation of old S-box layer by using look up tables (LUTs).

Bowen Hu,Yun Chen,Xiaoyang Zeng

DOI: https://doi.org/10.1109/icet51757.2021.9450911

2021-01-01

Abstract:The slowdown in Moore's Law scaling has triggered a growing awareness of domain-specific processors. One of the very promising techniques is the instruction set extension. RISC-V, as an open and simple instruction set architecture, is ideally suited as a basis for building domain-specific instruction-set processors. In this paper, we construct a framework based on the RISC-V processor that can receive data flow graph-based descriptions and automatically perform instruction set extensions. The framework is based on open-source software dependencies and is able to better interact with application codes, thus bridging the barrier between the application and the underlying microarchitecture of the processor. To evaluate the framework, a quantitative analysis of the Fast Fourier Transform algorithm is performed and the instruction set extension is applied with the framework proposed in this paper. By applying the methods in this paper to accelerate this commonly used digital signal processing algorithm, the runtime was reduced by 62%.

Wei Li,Guoqiang Bai,Xingjun Wu

DOI: https://doi.org/10.1109/EDSSC.2018.8487087

2018-01-01

Abstract:In this paper, we implemented the SM4 block cipher algorithm based on both composite filed S-box and look up tables (LUTs) S-box. We also explored the performance of SM4 against machine learning attack, including conventional classifiers, SVM for example, and convolutional neural network (CNN). Implementation of SM4 based on composite filed S-box has a great advantage on area consumption compared with conventional implementation based on LUTs, which can be widely used in resource constrained applications. On the other hand, power attack based on CNN poses a serious threat to the security of block cipher using S-box in LUTs, while experiment show that SM4 using composite filed S-box has a better security against linear classifiers and CNN attack.