Ascon hardware implementations and side-channel evaluation

Hannes Groß; Erich Wenger; Christoph Dobraunig; Christoph Ehrenhöfer

doi:10.1016/j.micpro.2016.10.006

Ascon hardware implementations and side-channel evaluation

Hannes Groß, Erich Wenger, Christoph Dobraunig, Christoph Ehrenhöfer

Institut für Angewandte Informationsverarbeitung und Kommunikationstechnologie (7050)

Publikation: Beitrag in einer Fachzeitschrift › Artikel › Begutachtung

Abstract

Having ciphers that provide confidentiality and authenticity, that are fast in software and efficient in hardware, these are the goals of CAESAR, the Competition for Authenticated Encryption: Security, Applicability, and Robustness. In this paper, the CAESAR candidate Ascon is implemented in hardware and optimized for different typical applications to fully explore Ascon’s design space. Thus, we are able to present hardware implementations of Ascon suitable for RFID tags, Wireless Sensor Nodes, Embedded Systems, and applications that need maximum performance. For instance, we show that an Ascon implementation with a single unrolled round transformation is only 7 kGE large, but can process up to 5.5Gbit/sec of data (0.75 cycles/byte), which is already enough to encrypt a Gigabit Ethernet connection. Besides, Ascon is not only fast and small, it can also be easily protected against DPA attacks. A threshold implementation of Ascon just requires about 8 kGE of chip area, which is only 3.1 times larger than the unprotected low-area optimized implementation.

Originalsprache	englisch
Seiten (von - bis)	470-479
Seitenumfang	10
Fachzeitschrift	Microprocessors and Microsystems - Embedded Hardware Design
Jahrgang	52
DOIs	https://doi.org/10.1016/j.micpro.2016.10.006
Publikationsstatus	Veröffentlicht - 2017

Zugriff auf Dokument

10.1016/j.micpro.2016.10.006

Matthew - [Original in Englisch: Multi-entity-security using active Transmission Technology for improved Handling of Exportable security credentials Without privacy restrictions (MATTHEW Project)]
Hanser, C., Wenger, E., Korak, T., Groß, H., Mangard, S. & Unterluggauer, T.
1/11/13 → 31/10/16
Projekt: Forschungsprojekt
SeCoS - Verbundene Welt [Original in Englisch: Secure Contactless Sphere Smart RFID-Technologies for a Connected World]
Bösch, W., Wenger, E., Khan, H. N., Schmidt, J., Gadringer, M. E., Spreitzer, R. C., Mendel, F., Gruss, D., Hutter, M., Freidl, P. F., Görtschacher, L. J., Mangard, S. & Grosinger, J.
1/01/13 → 31/12/15
Projekt: Forschungsprojekt
FWF -ReSIT - Umsetzung eines sicheren Internets der Dinge
Hutter, M., Wenger, E., Schmidt, J., Mendel, F., Mangard, S. & Posch, R.
1/07/12 → 31/05/16
Projekt: Forschungsprojekt

Dieses zitieren

@article{a17babd3215c463ab8a374e2c1136eaa,

title = "Ascon hardware implementations and side-channel evaluation",

abstract = "Having ciphers that provide confidentiality and authenticity, that are fast in software and efficient in hardware, these are the goals of CAESAR, the Competition for Authenticated Encryption: Security, Applicability, and Robustness. In this paper, the CAESAR candidate Ascon is implemented in hardware and optimized for different typical applications to fully explore Ascon{\textquoteright}s design space. Thus, we are able to present hardware implementations of Ascon suitable for RFID tags, Wireless Sensor Nodes, Embedded Systems, and applications that need maximum performance. For instance, we show that an Ascon implementation with a single unrolled round transformation is only 7 kGE large, but can process up to 5.5Gbit/sec of data (0.75 cycles/byte), which is already enough to encrypt a Gigabit Ethernet connection. Besides, Ascon is not only fast and small, it can also be easily protected against DPA attacks. A threshold implementation of Ascon just requires about 8 kGE of chip area, which is only 3.1 times larger than the unprotected low-area optimized implementation.",

keywords = "Authenticated encryption, CAESAR competition, Hardware design, Threshold implementation, Ascon",

author = "Hannes Gro{\ss} and Erich Wenger and Christoph Dobraunig and Christoph Ehrenh{\"o}fer",

year = "2017",

doi = "10.1016/j.micpro.2016.10.006",

language = "English",

volume = "52",

pages = "470--479",

journal = "Microprocessors and Microsystems - Embedded Hardware Design",

issn = "1872-9436",

publisher = "Elsevier B.V.",

}

TY - JOUR

T1 - Ascon hardware implementations and side-channel evaluation

AU - Groß, Hannes

AU - Wenger, Erich

AU - Dobraunig, Christoph

AU - Ehrenhöfer, Christoph

PY - 2017

Y1 - 2017

N2 - Having ciphers that provide confidentiality and authenticity, that are fast in software and efficient in hardware, these are the goals of CAESAR, the Competition for Authenticated Encryption: Security, Applicability, and Robustness. In this paper, the CAESAR candidate Ascon is implemented in hardware and optimized for different typical applications to fully explore Ascon’s design space. Thus, we are able to present hardware implementations of Ascon suitable for RFID tags, Wireless Sensor Nodes, Embedded Systems, and applications that need maximum performance. For instance, we show that an Ascon implementation with a single unrolled round transformation is only 7 kGE large, but can process up to 5.5Gbit/sec of data (0.75 cycles/byte), which is already enough to encrypt a Gigabit Ethernet connection. Besides, Ascon is not only fast and small, it can also be easily protected against DPA attacks. A threshold implementation of Ascon just requires about 8 kGE of chip area, which is only 3.1 times larger than the unprotected low-area optimized implementation.

AB - Having ciphers that provide confidentiality and authenticity, that are fast in software and efficient in hardware, these are the goals of CAESAR, the Competition for Authenticated Encryption: Security, Applicability, and Robustness. In this paper, the CAESAR candidate Ascon is implemented in hardware and optimized for different typical applications to fully explore Ascon’s design space. Thus, we are able to present hardware implementations of Ascon suitable for RFID tags, Wireless Sensor Nodes, Embedded Systems, and applications that need maximum performance. For instance, we show that an Ascon implementation with a single unrolled round transformation is only 7 kGE large, but can process up to 5.5Gbit/sec of data (0.75 cycles/byte), which is already enough to encrypt a Gigabit Ethernet connection. Besides, Ascon is not only fast and small, it can also be easily protected against DPA attacks. A threshold implementation of Ascon just requires about 8 kGE of chip area, which is only 3.1 times larger than the unprotected low-area optimized implementation.

KW - Authenticated encryption

KW - CAESAR competition

KW - Hardware design

KW - Threshold implementation

KW - Ascon

U2 - 10.1016/j.micpro.2016.10.006

DO - 10.1016/j.micpro.2016.10.006

M3 - Article

SN - 1872-9436

VL - 52

SP - 470

EP - 479

JO - Microprocessors and Microsystems - Embedded Hardware Design

JF - Microprocessors and Microsystems - Embedded Hardware Design

ER -

Ascon hardware implementations and side-channel evaluation

Abstract

Zugriff auf Dokument

Fingerprint

Projekte

Matthew - [Original in Englisch: Multi-entity-security using active Transmission Technology for improved Handling of Exportable security credentials Without privacy restrictions (MATTHEW Project)]

SeCoS - Verbundene Welt [Original in Englisch: Secure Contactless Sphere Smart RFID-Technologies for a Connected World]

FWF -ReSIT - Umsetzung eines sicheren Internets der Dinge

Dieses zitieren