Optimal Rectangle Packing: New Results
First we consider the problem of given a fixed enclosing rectangle can we pack a given set of oriented rectangles into it? The enclosing rectangle must be at
RECTANGLE: A Bit-slice Lightweight Block Cipher Suitable for
permutation layer RECTANGLE achieves a very good security-performance tradeoff. Our extensive and deep security analysis shows that the highest number of
Crochet Ideal Rectangle
This represents how many single crochet stitches will make up the longest side of your finished rectangle. Do the same thing with your desired width. Call this
Ideal PatternSheet2019singlepages_Layout 1
Ideal Concrete Block Co. PATTERNS WITH STYLE 33 sf Squares • 17 sf Sm. Rectangles ... of the patterns are suitable for walkways patios
Optimal Rectangle Packing: An Absolute Placement Approach
Our rectangle packer chooses the x- coordinates of all the rectangles before any of the y-coordinates. We then transform the problem into a perfect-packing
NOTION DIMPEDANCE
La tension instantanée uL(t) aux bornes d'une bobine idéale est On obtient un triangle rectangle dont les longueurs de deux des cotés sont connues :.
Limites dinflammabilité
12 déc. 2016 Image 4 Illustration graphique de la combustion idéale du méthane dans l'air. Les rectangles verts représentent l'azote qui ne participe pas ...
Le nombre dor et la divine proportion
Le célèbre dessin de Léonard de Vinci l'homme de Vitruve
Four Approximations for Finding the Golden Section of a Circles
Square Root Two Rectangle ever be exactly one over the other which is generally the ideal condition. ... of the Ideal Angle in the ¥2 rectangle.
A Guide to Good Design
good proportions in furniture design is the golden ratio (also re- The golden rectangle—The golden ratio relates to furniture de-.
Multiple Platforms
Wentao Zhang
1, Zhenzhen Bao1, Dongdai Lin1, Vincent Rijmen2, Bohan Yang2,
Ingrid Verbauwhede
21.State Key Laboratory of Information Security, Institute of Information
Engineering, Chinese Academy of Sciences, Beijing 100093, China2.KU Leuven, Dept. of Electrical Engineering ESAT/COSIC and iMinds, Security Dept.
fzhangwentao, baozhenzhen, ddling@iie.ac.cn fvincent.rijmen, bohan.yang, ingrid.verbauwhedeg@esat.kuleuven.be Abstract.In this paper, we propose a new lightweight block cipher named RECTANGLE. The main idea of the design of RECTANGLE is to allow lightweight and fast implementations using bit-slice techniques. RECTANGLE uses an SP-network. The substitution layer consists of 16 44 S-boxes in parallel. The permutation layer is composed of 3 rotations. As shown in this paper, RECTAN- GLE offers great performance in both hardware and software environment, which provides enough flexibility for different application scenario. The following are 3 main advantages of RECTANGLE. First, RECTANGLE is extremely hardware-friendly. For the 80-bit key version, a one-cycle-per-round parallel implementation only needs 1600 gates for a throughput of 246 Kbits/sec at 100 KHz clock and an energy efficiency of 3.0 pJ/bit. Second, RECTANGLE achieves a very competitive softwarespeed among the existing lightweight block ciphers due to its bit-slice style. Using 128-bit SSE instruc-
tions, a bit-slice implementation of RECTANGLE reaches an average encryption speed of about 3.9 cycles/byte for messages around 3000 bytes. Last, but not least, we propose new design criteria for the RECTANGLE S-box. Due to our careful selection of the S-box and the asymmetric design of the permutation layer, RECTANGLE achieves a very good security-performance tradeoff. Our extensive and deep security analysis shows that the highest number of rounds that we can attack, is 18 (out of 25).Key words:lightweight cryptography, block cipher, design, bit-slice, hardware efficiency, software efficiency
1 Introduction
Small embedded devices (including RFIDs, sensor nodes, smart cards) are now widely used in many appli-
cations. They are usually characterized by strong cost constraints, such as area, power, energy consumption
for hardware aspect, and low memory, small code size for software aspect. Meanwhile, they also require
cryptographic protection. As a result, many new lightweight ciphers have been proposed to provide strong
security at a lower cost than standard solutions. Since symmetric-key ciphers, especially block ciphers, play
an important role in the security of small embedded devices, the design of lightweight block ciphers has
been a very active research topic over the last few years.In the literature, quite a few lightweight block ciphers with various design strategies have been proposed,
such as DESL/DESX/DESXL [35], Hummingbird [25], KATAN/ KTANTAN [22], KLEIN [28], LBlock [52], LED[30], Piccolo [48], PRESENT [14], SIMON and SPECK [3], TWINE [49] and so on. PRESENT wasproposed at CHES'2007, and has attracted a lot of attention from cryptographic researchers due to its
simplicity, impressive hardware performance and strong security. The design of PRESENT is extremelyhardware-efficient, since it uses a bit permutation as its diffusion layer, which is a simple wiring in hardware
This paper is the full version. Please cite the following journal version: Wentao Zhang, Zhenzhen Bao, Dongdai
Lin, Vincent Rijmen, Bohan Yang, Ingrid Verbauwhede. RECTANGLE: A Bit-slice Lightweight Block CipherSuitable for Multiple Platforms. SCIENCE CHINA Information Sciences, December, 2015, Vol. 58: 122103(15),
doi: 10.1007/s11432-015-5459-7 implementation. In 2012, PRESENT was adopted as ISO/IEC lightweight cryptography standard. Many lightweight ciphers, including PRESENT, KATAN/KTANTAN and Hummingbird, succeed in achieving a low area in hardware but the software performance is not good. For example, the permutation layer ofPRESENT is extremely low-cost in hardware, but it is the true performance bottleneck for many software
implementations. However, high software performance is also needed from the same algorithm for manyclassical lightweight applications, as pointed out in [3,4,28,30,36]. LED is proposed at CHES'2011, the
designers claim that LED is not only very compact in hardware but also maintains a reasonable performance
profile for software implementation. Among the new proposals, some present weaknesses, including ARMODILLO-2, Hummingbird-1 andKTANTAN [15,41,46]. Furthermore, as pointed out in [30], designers of "second generation" lightweight
ciphers can learn from the progress and the omissions of the"first generation" proposals. The S-box of
PRESENT is mainly selected according to its hardware area instead of security of the underlying cipher.
Hence, the S-box of PRESENT is "weak" with respect to cipher security. As pointed out in [33], thePRESENT S-box is among the 8 percent worst S-boxes with respect to clustering of one bit linear trails.
Along with the strong symmetry of the PRESENT permutation layer, there are very serious clusteringproblems both for linear trails and differential trails [12,16,33,42,50]. We give more details in Section 3. As
a result, for PRESENT, the best distinguisher so far can reach 24 rounds [16], which can be used to mount
a shortcut attack on 26-round PRESENT (out of 31).The bit-slice technique was introduced for speeding up the software speed of DES [6], and was used in
the design of the Serpent block cipher [2]. In a bit-slice implementation, one software logical instruction
corresponds to simultaneous execution ofnhardware logical gates, wherenis the length of a subblock.Take Serpent for example. Serpent is a 128-bit SP-network block cipher. The substitution layer is composed
of 32 4×4 S-boxes, thus the subblock length isn= 128/4 = 32 for a bit-slice implementation. JH [51],
Keccak(SHA-3) [5], Noekeon [19] and Trivium [23] are 4 other primitives that can benefit from the bit-slice
technique for their software performance. It is worth noticing that JH, Keccak, Noekeon, Serpent and Triv-
ium not only perform well in hardware but also in software. Furthermore, a bit-slice implementation is safe
against implementation attacks such as cache and timing attacks compared with a table-based implemen-
tation [39]. However, the main design goal of all the mentioned bit-sliced ciphers is not "lightweight", and
there is plenty of room for improvement when it comes to a dedicated lightweight block cipher with bit-slice
style.1.1 Contributions
In this paper, we present a new lightweight block cipher RECTANGLE. The design of RECTANGLE makesuse of the bit-slice technique in a lightweight manner, hence to achieve not only a very low cost in hardware
but also a very competitive performance in software. As a result, RECTANGLE adopts the SP-networkstructure. The substitution layer (S-layer) consists of 16 4×4 S-boxes in parallel. The permutation layer
(P-layer) is composed of 3 rotations. The following are 3 main advantages of RECTANGLE:1. RECTANGLE is extremely hardware-friendly. The bit-sliced design principle of RECTANGLE allows
for very efficient and flexible hardware implementations. For the 80-bit key version, using UMC 0.13µm
standard cell library at 100 KHz , our round-based implementation could obtain a throughput of 246Kbits/sec and an energy efficiency of 3.0 pJ/bit with only 1600 gates, and our serialized implementation
could obtain a throughput of 14.0 Kbits/sec and an energy efficiency of 32.05 pJ/bit with only 1111 gates. The round-based implementation can also be easily extended to parallel implementation. More details are given in Section 5.1.2. Due to its bit-slice style, RECTANGLE achieves a very competitive software speed among the existing
lightweight block ciphers. The S-box of RECTANGLE can be implemented using a sequence of 12 basic logical instructions. The P-layer of RECTANGLE is composed of 3 rotations, which makes it very friendly for both hardware and software implementations. On a 2.5GHz Intel(R) Core i5-2520M CPU,for one block data, our bit-slice implementation gives a speed of about 30.5 cycles/byte for encryption
and 32.2 cycles/byte for decryption; with a parallel mode of operation, a bit-slice implementation of
RECTANGLE reaches an average encryption speed of about 3.9 cycles/byte for messages around 3000 bytes, using Intel 128-bit SSE instructions. In addition, our implementations of RECTANGLE on Atmel studio show that RECTANGLE also has a very impressive performance on 8-bit microcontrollers. More details are given in Section 5.2. We expect that RECTANGLE also has very good performance on 16- and 32-bit microcontrollers.3. Last but not least. We propose new design criteria for the RECTANGLE S-box. Due to our careful
selection of the RECTANGLE S-box, together with the asymmetric design of the P-layer, RECTANGLEachieves a very good security-performance tradeoff. After our extensive and deep security analysis, we
can mount a shortcut attack on 18-round RECTANGLE (out of 25), which is the highest number of rounds that we can attack.This paper is organized as follows. Section 2 presents a specification of RECTANGLE; Section 3 discusses
the security of RECTANGLE against known attacks; Section 4 motivates the design choices of RECTAN-GLE; Section 5 presents the hardware and software implementation results of the cipher; Section 6 presents
the relation of RECTANGLE to several early designs. Section 7 concludes the paper.2 The RECTANGLE Block Cipher
RECTANGLE is an iterated block cipher. The block length is 64 bits, and the key length is 80 or 128 bits.
2.1 The Cipher State and the Subkey State
A 64-bit plaintext, or a 64-bit intermediate result, or a 64-bit ciphertext is collectively called as a cipher
state. A cipher state can be pictured as a 4×16 rectangular array of bits, which is the origin of the cipher
nameRECTANGLE. LetW=w63||···||w1||w0denote a cipher state, the first 16 bitsw15||···||w1||w0
are arranged in row 0, the next 16 bitsw31||···||w17||w16are arranged in row 1, and so on, as illustrated in
Fig. 1. A 64-bit subkey is similarly pictured as a 4×16 rectangular array. In the following, for convenience
of description, a cipher state is described in a two-dimensional way, as illustrated in Fig. 2. w15w2w1w0
w31w18w17w16
w47w34w33w32
w63w50w49w48
a0;15a0;2a0;1a0;0
a1;15a1;2a1;1a1;0
a2;15a2;2a2;1a2;0
a3;15a3;2a3;1a3;0
Fig. 1. A Cipher StateFig. 2. Two-dimensional Way
2.2 The Round Transformation
RECTANGLE is a 25-round SP-network cipher. Each of the 25 rounds consists of the following 3 steps: AddRoundkey, SubColumn, ShiftRow. After the last round, there is a final AddRoundKey. AddRoundkey: A simple bitwise XOR of the round subkey to the intermediate state.SubColumn: Parallel application of S-boxes to the 4 bits in the same column. The operation of SubColumn
isS(Col(j)) =b3,j||b2,j||b1,j||b0,j. a 0;15 a 1;15 a 2;15 a a 0;2 a 1;2 a 2;2 a a 0;1 a 1;1 a 2;1 a a 0;0 a 1;0 a 2;0 a b 0,15 b 1,15 b 2,15 b b 0,2 b 1,2 b 2,2 b b 0,1 b 1,1 b 2,1 b b 0,0 b 1,0 b 2,0 b Fig. 3. SubColumn Operates on the Columns of the State The S-box used in RECTANGLE is a 4-bit to 4-bit S-boxS:F42→F42. The action of this S-box in hexadecimal notation is given by the following table. x 0 1 2 3 4 5 6 7 8 9 A B C D E F S(x) 6 5 C A 1 E 7 9 B 0 3 D 8 F 4 2ShiftRow: A left rotation to each row over different offsets. Row 0 is not rotated, row 1 is left rotated over
1 bit, row 2 is left rotated over 12 bits, and row 3 is left rotated over 13 bits. Let≪xdenote left rotation
overxbits, the operation ShiftRow is illustrated in Fig. 4. Fig. 4. ShiftRow Operates on the Rows of the State2.3 Key Schedule
RECTANGLE can accept keys of either 80 or 128 bits.80-bit keyFor an 80-bit seed key (user-supplied key)V=v79||···||v1||v0, the key is firstly stored in an
80-bit key register and arranged as a 5×16 array of bits, see Fig. 5.
v15v2v1v0
v31v18v17v16
v47v34v33v32
v63v50v49v48
v79v66v65v64
0;150;20;10;0
1;151;21;11;0
2;152;22;12;0
3;153;23;13;0
4;154;24;14;0
Fig. 5. An 80-bit Key State and its Two-dimensional Representationas a 16-bit word. At roundi(i= 0,1,···,24), the 64-bit round subkeyKiconsists of the first 4 rows of
the current contents of the key register, i.e.,Ki=Row3||Row2||Row1||Row0. After extractingKi, the key
register is updated as follows:1. Applying the S-boxSto the bits intersected at the 4 uppermost rows and the 4 rightmost columns,
i.e.,′3,j||κ′2,j||κ′1,j||κ′0,j:=S(κ3,j||κ2,j||κ1,j||κ0,j), j= 0,1,2,3
2. Applying a 1-round generalized Feistel transformation, i.e.,
Row ′0:= (Row0≪8)⊕Row1, Row ′1:=Row2, Row ′2:=Row3, Row ′3:= (Row3≪12)⊕Row4, Row ′4:=Row03. A 5-bit round constant RC[i] is XORed with the 5-bit key state (κ0,4||κ0,3||κ0,2||κ0,1||κ0,0), i.e.,
′0,4||κ′0,3||κ′0,2||κ′0,1||κ′0,0:= (κ0,4||κ0,3||κ0,2||κ0,1||κ0,0)⊕RC[i]
Finally,K25is extracted from the updated key state. The round constants RC[i] (i= 0,1,···,24) are
generated by a 5-bit LFSR. At each round, the 5 bits (rc4,rc3,rc2,rc1,rc0) are left shifted over 1 bit, with
the new value torc0being computed asrc4⊕rc2. The initial value is defined as RC[0] := 0x1. We list all
the round constants in Appendix A.128-bit keyFor a 128-bit seed key, the key is firstly stored in a 128-bit key register and arranged as
a 4×32 array of bits. The corresponding two-dimensional representation of the 128-bit key state is as
follows:0,31···κ0,2κ0,1κ0,0
1,31···κ1,2κ1,1κ1,0
2,31···κ2,2κ2,1κ2,0
a 32-bit word. At roundi(i= 0,1,···,24), the 64-bit round subkeyKiconsists of the 16 rightmost columns
of the current contents of the key. After extracting the round subkeyKi, the key register is updated as
follows:1. Applying the S-boxSto the 8 rightmost columns, i.e.,
2. Applying a 1-round generalized Feistel transformation, i.e.,
Row ′0:= (Row0≪8)⊕Row1, Row ′1:=Row2, Row ′2:= (Row2≪16)⊕Row3, Row ′3:=Row03. A 5-bit round constant RC[i] is XORed with the 5-bit key state (κ0,4||κ0,3||κ0,2||κ0,1||κ0,0), where
quotesdbs_dbs46.pdfusesText_46[PDF] le recyclage de la matière organique dans le sol
[PDF] Le recyclage en Art appliqué
[PDF] Le redressement de la France sous la IV République
[PDF] Le référendum dans la Ve république ECJS
[PDF] le reflet
[PDF] Le reflet ( Didier Daeninckx ) ecriture
[PDF] Le reflet de didier daeninckx expression ecrite
[PDF] Le reflet de didier Deninckx
[PDF] le reflet didier daeninckx histoire des arts
[PDF] le reflet didier daeninckx lecture analytique
[PDF] le reflet didier daeninckx personnage principal
[PDF] le reflet didier daeninckx question reponse
[PDF] le reflet didier daeninckx wikipedia
[PDF] le reflet nouvelle ? chute