The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.11 - November (2010 vol.59)
pp: 1547-1561
Cuauhtemoc Mancillas-López , Centro de Investigación y Estudios Avanzados del IPN, Instituto Politécnico Nacional No. 2508, México
Debrup Chakraborty , Centro de Investigación y Estudios Avanzados del IPN, Instituto Politécnico Nacional No. 2508, México
Francisco Rodríguez-Henríquez , Centro de Investigación y Estudios Avanzados del IPN, Instituto Politécnico Nacional No. 2508, México
ABSTRACT
Tweakable enciphering schemes are length-preserving block cipher modes of operation that provide a strong pseudorandom permutation. It has been suggested that these schemes can be used as the main building blocks for achieving in-place disk encryption. In the past few years, there has been an intense research activity toward constructing secure and efficient tweakable enciphering schemes. But actual experimental performance data of these newly proposed schemes are yet to be reported. In this paper, we present optimized FPGA implementations of six tweakable enciphering schemes, namely, HCH, HCTR, XCB, EME, HEH, and TET, using a 128-bit AES core as the underlying block cipher. We report the performance timings of these modes when using both pipelined and sequential AES structures. The universal polynomial hash function included in the specification of HCH, HCHfp (a variant of HCH), HCTR, XCB, TET, and HEH was implemented using a Karatsuba multiplier as the main building block. We provide detailed algorithm analysis of each of the schemes trying to exploit their inherent parallelism as much as possible. Our experiments show that a sequential AES core is not an attractive option for the design of these modes as it leads to rather poor throughput. In contrast, according to our place-and-route results on a Xilinx Virtex 4 FPGA, our designs achieve a throughput of 3.95 Gbps for HEH when using an encryption/decryption pipelined AES core, and a throughput of 5.71 Gbps for EME when using a encryption-only pipeline AES core. The performance results reported in this paper provide experimental evidence that hardware implementations of tweakable enciphering schemes can actually match and even outperform the data rates achieved by state-of-the-art disk controllers, thus showing that they might be used for achieving provably secure in-place hard disk encryption.
INDEX TERMS
Disk encryption, tweakable enciphering schemes, block cipher modes of operation, Karatsuba multiplier, hardware accelerator, FPGA.
CITATION
Cuauhtemoc Mancillas-López, Debrup Chakraborty, Francisco Rodríguez-Henríquez, "Reconfigurable Hardware Implementations of Tweakable Enciphering Schemes", IEEE Transactions on Computers, vol.59, no. 11, pp. 1547-1561, November 2010, doi:10.1109/TC.2010.64
REFERENCES
[1] D.J. Bernstein, "A State of the Art Message Authentication Code," http://cr.yp.tomac.html, Feb. 2005.
[2] D.J. Bernstein and P. Schwabe, "New AES Software Speed Records," Proc. Progress in Cryptology—Int'l Conf. Cryptology in India (INDOCRYPT '08), D.R. Chowdhury, V. Rijmen, and A. Das, eds., pp. 322-336, 2008.
[3] P. Bulens, F.-X. Standaert, J.-J. Quisquater, P. Pellegrin, and G. Rouvroy, "Implementation of the AES-128 on Virtex-5 FPGAs," Proc. Progress in Cryptology—Int'l Conf. Cryptology in Africa (AFRICACRYPT '08), S. Vaudenay, ed., pp. 16-26, 2008.
[4] D. Canright, "A Very Compact S-Box for AES," Proc. Int'l Conf. Cryptographic Hardware and Embedded Systems—(CHES '05), J.R. Rao and B. Sunar, eds., pp. 441-455, 2005.
[5] D. Chakraborty and M. Nandi, "An Improved Security Bound for HCTR," Proc. Int'l Workshop Fast Software Encryption—(FSE '08), K. Nyberg, ed., pp. 289-302, 2008.
[6] D. Chakraborty and F. Rodríguez-Henríquez, "Block Cipher Modes of Operation from a Hardware Implementation Perspective," Cryptographic Engineering, Ç.K. Koç, ed., pp. 321-363, Springer, 2009.
[7] D. Chakraborty and P. Sarkar, "A New Mode of Encryption Providing a Tweakable Strong Pseudo Random Permutation," Proc. Int'l Workshop Fast Software Encryption—(FSE '06), M.J.B. Robshaw, ed., pp. 293-309, 2006.
[8] D. Chakraborty and P. Sarkar, "HCH: A New Tweakable Enciphering Scheme Using the Hash-Counter-Hash Approach," IEEE Trans. Information Theory, vol. 54, no. 4, pp. 1683-1699, Apr. 2008.
[9] F. Charot, E. Yahya, and C. Wagner, "Efficient Modular-Pipelined AES Implementation in Counter Mode on ALTERA FPGA," Proc. Int'l Conf. Field Programmable Logic and Application—(FPL '03), pp. 282-291, 2003.
[10] P. Chodowiec and K. Gaj, "Very Compact FPGA Implementation of the AES Algorithm," Proc. Int'l Conf. Cryptographic Hardware and Embedded Systems—(CHES '03), C.D. Walter, Ç.K. Koç, and C. Paar, eds., pp. 319-333, 2003.
[11] N. Ferguson, "AES-CBC + Elephant Diffuser: A Disk Encryption Algorithm for Windows Vista," Microsoft White Paper, http://download.microsoft.com/download/0/ 2/3/0238acaf-d3bf-4a6d- b3d6-0a 0be4bbb36e BitLockerCipher200608.pdf, 2006.
[12] Y. Fu, L. Hao, and X. Zhang, "Design of an Extremely High Performance Counter Mode AES Reconfigurable Processor," Proc. Second Int'l Conf. Embedded Software and Systems (ICESS '05), pp. 262-268, 2005.
[13] T. Good and M. Benaissa, "AES on FPGA from the Fastest to the Smallest," Proc. Int'l Conf. Cryptographic Hardware and Embedded Systems—(CHES '05), J.R. Rao and B. Sunar, eds., pp. 427-440, 2005.
[14] S. Halevi, "EME$^{\ast}$ : Extending EME to Handle Arbitrary-Length Messages with Associated Data," Proc. Progress in Cryptology— Int'l Conf. Cryptology in India (INDOCRYPT '04), A. Canteaut and K. Viswanathan, eds., pp. 315-327, 2004.
[15] S. Halevi, "Invertible Universal Hashing and the TET Encryption Mode," Proc. Advances in Cryptology—Ann. Int'l Cryptology Conf. (CRYPTO '07), A. Menezes, ed., pp. 412-429, 2007.
[16] S. Halevi and P. Rogaway, "A Tweakable Enciphering Mode," Proc. Advances in Cryptology—Ann. Int'l Cryptology Conf. (CRYPTO '03), pp. 482-499, 2003.
[17] S. Halevi and P. Rogaway, "A Parallelizable Enciphering Mode," Proc. Topics in Cryptology—The Cryptographers' Track at RSA Conf. (CT-RSA '04), T. Okamoto, ed., pp. 292-304, 2004.
[18] S.F. Hsiao and M.C. Chen, "Efficient Substructure Sharing Methods for Optimising the Inner-Product Operations in Rijndael Advanced Encryption Standard," IEE Proc. Computer and Digital Technology, vol. 152, no. 5, pp. 653-665, Sept. 2005.
[19] IEEE Security in Storage Working Group (SISWG), PRP Modes Comparison IEEE p1619.2, IEEE Computer Society, http:/siswg.org/, Nov. 2008.
[20] Y. Inoguchi, "Outline of the Ultra Fine Grained Parallel Processing by FPGA," Proc. Seventh Int'l Conf. High Performance Computing and Grid in Asia Pacific Region (HPCAsia '04), pp. 434-441, July 2004.
[21] K. Järvinen, M. Tommiska, and J. Skyttä, "Comparative Survey of High-Performance Cryptographic Algorithm Implementations on FPGAs," IEE Proc. Information Security, vol. 152, no. 1, pp. 3-12, Oct. 2005.
[22] E. Käsper and P. Schwabe, "Faster and Timing-Attack Resistant AES-GCM," Proc. Int'l Conf. Cryptographic Hardware and Embedded Systems—(CHES '09), C. Clavier and K. Gaj, eds., pp. 1-17, 2009.
[23] H. Lipmaa, Fast Implementations: Complete AES (Rijndael) Library, http://home.cyber.ee/helgerimplementations /, Oct. 2006.
[24] M. Liskov, R.L. Rivest, and D. Wagner, "Tweakable Block Ciphers," Proc. Advances in Cryptology—Ann. Int'l Cryptology Conf. (CRYPTO '02), pp. 31-46, 2002.
[25] E. López-Trejo, F. Rodríguez-Henríquez, and A. Díaz-Pérez, "An Efficient FPGA Implementation of CCM Mode Using AES," Proc. Int'l Conf. Information Security and Cryptology—(ICISC '05), pp. 208-215, Dec. 2005.
[26] C. Mancillas-López, D. Chakraborty, and F. Rodríguez-Henríquez, "Efficient Implementations of Some Tweakable Enciphering Schemes in Reconfigurable Hardware," Proc. Progress in Cryptology—Int'l Conf. Cryptology in India (INDOCRYPT '07), pp. 414-424, 2007.
[27] C. Mancillas-Lopez, D. Chakraborty, and F. Rodriguez-Henriquez, "Reconfigurable Hardware Implementations of Tweakable Enciphering Schemes," Report 2007/437, Cryptology ePrint Archive, http:/eprint.iacr.org/, 2007.
[28] M. Matsui, "How Far Can We Go on the x64 Processors?" Proc. Int'l Workshop Fast Software Encryption—(FSE '06), M.J.B. Robshaw, ed., pp. 341-358, 2006.
[29] M. Matsui and J. Nakajima, "On the Power of Bitslice Implementation on Intel Core2 Processor," Proc. Int'l Conf. Cryptographic Hardware and Embedded Systems—(CHES '07), P. Paillier and I. Verbauwhede, eds., pp. 121-134, 2007.
[30] D. McGrew and J. Viega, "The Galois/Counter Mode of Operation (GCM), Submission to NIST Modes of Operation Process," http://csrc.nist.gov/CryptoToolkit/modes/ proposedmodes/gcmgcm-revised-spec. pdf , Jan. 2004.
[31] D.A. McGrew and S.R. Fluhrer, "The Extended Codebook (XCB) Mode of Operation," Report 2004/278, Cryptology ePrint Archive, http:/eprint.iacr.org/, 2004.
[32] D.A. McGrew and S.R. Fluhrer, "The Security of the Extended Codebook (XCB) Mode of Operation," Proc. Ann. Workshop Selected Areas in Cryptography, C.M. Adams, A. Miri, and M.J. Wiener, eds., pp. 311-327, 2007.
[33] D.A. McGrew and J. Viega, "Arbitrary Block Length Mode," http://grouper.ieee.org/groups/1619/email pdf00005.pdf, 2004.
[34] D.A. McGrew and J. Viega, "The Security and Performance of the Galois/Counter Mode (GCM) of Operation," Proc. Progress in Cryptology—Int'l Conf. Cryptology in India (INDOCRYPT '04), A. Canteaut and K. Viswanathan, eds., pp. 343-355, 2004.
[35] P. Rogaway, M. Bellare, and J. Black, "OCB: A Block-Cipher Mode of Operation for Efficient Authenticated Encryption," ACM Trans. Information and System Security, vol. 6, pp. 365-403, 2003.
[36] F. Rodríguez-Henríquez and Ç. K. Koç, "On Fully Parallel Karatsuba Multipliers for GF($2^m$ )," Proc. Int'l Conf. Computer Science and Technology (CST '03), pp. 405-410, May 2003.
[37] G.P. Saggese, A. Mazzeo, N. Mazzocca, and A.G.M. Strollo, "An FPGA-Based Performance Analysis of the Unrolling, Tiling, and Pipelining of the AES Algorithm," Proc. Int'l Conf. Field Programmable Logic and Application—(FPL '03), P.Y.K. Cheung, G.A. Constantinides, and J.T. de Sousa, eds., pp. 292-302, 2003.
[38] P. Sarkar, "Improving upon the TET Mode of Operation," Proc. Int'l Conf. Information Security and Cryptology—(ICISC '07), K.-H. Nam and G. Rhee, eds., pp. 180-192, 2007.
[39] A. Satoh, T. Sugawara, and T. Aoki, "High-Performance Hardware Architectures for Galois Counter Mode," IEEE Trans. Computers, vol. 54, no. 7, pp. 917-930, July 2009.
[40] Seagate Technology, "Internal 3.5-Inch (SATA) Data Sheet," http://www.seagate.com/www/en-usproducts , 2010.
[41] V. Shoup, "On Fast and Provably Secure Message Authentication Based on Universal Hashing," Proc. Advances in Cryptology—Ann. Int'l Cryptology Conf. (CRYPTO '96), N. Koblitz, ed., pp. 313-328, 1996.
[42] K. Siozios, G. Koutroumpezis, K. Tatas, D. Soudris, and A. Thanailakis, "DAGGER: A Novel Generic Methodology for FPGA Bitstream Generation and Its Software Tool Implementation," Proc. 19th Int'l Parallel and Distributed Processing Symp. (IPDPS '05), 2005.
[43] F.-X. Standaert, G. Rouvroy, J.-J. Quisquater, and J.-D. Legat, "Efficient Implementation of Rijndael Encryption in Reconfigurable Hardware: Improvements and Design Tradeoffs," Proc. Int'l Conf. Cryptographic Hardware and Embedded Systems—(CHES '03), C.D. Walter, Ç.K. Koç, and C. Paar, eds., pp. 334-350, 2003.
[44] T. Tuan, S. Kao, A. Rahman, S. Das, and S. Trimberger, "A 90nm Low-Power FPGA for Battery-Powered Applications," Proc. Int'l Symp. Field Programmable Gate Arrays—(FPGA '06), pp. 3-11, 2006.
[45] P. Wang, D. Feng, and W. Wu, "HCTR: A Variable Input-Length Enciphering Mode," Proc. Int'l Conf. Information Security and Cryptology—(CISC '05), D. Feng, D. Lin, and M. Yung, eds., pp. 175-188, 2005.
[46] B. Yang, S. Mishra, and R. Karri, "A High Speed Architecture for Galois/Counter Mode of Operation (GCM)," Report 2005/146, Cryptology ePrint Archive, http:/eprint.iacr.org/, 2010.
23 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool