4. The Advanced Encryption Standard (AES)Sam Bowne
A lecture for a college course -- CNIT 140: Cryptography for Computer Networks at City College San Francisco
Based on "Understanding Cryptography: A Textbook for Students and Practitioners" by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_F17.shtml
4. The Advanced Encryption Standard (AES)Sam Bowne
A lecture for a college course -- CNIT 140: Cryptography for Computer Networks at City College San Francisco
Based on "Understanding Cryptography: A Textbook for Students and Practitioners" by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_F17.shtml
Project consists of individual modules of encryption and decryption units. Standard T-DES algorithm is implemented. Presently working on to integrate DES with AES to develop stronger crypto algorithm and test the same against Side Channel Attacks and compare different algorithms.
An open, unencrypted wireless network can 'sniff' or capture and record the traffic, gain unauthorized access to internal network resources as well as to the internet, and then use the information and resources to perform disruptive or illegal acts.Many laptop computers have wireless cards pre-installed. The ability to enter a network while mobile has great benefits. However, wireless networking is prone to some security. Wireless networks relatively easy to break into, and even use wireless technology to hack into wired networks.The risks to users of wireless technology have increased as the service has become more popular.As a result, it is very important that enterprises define effective wireless security policies that guard against unauthorized access to important resources.
An introduction to Kerberos technology. Find out how the negotiation process works and why it is considered secure. Learn what are Kerberos realms, how Kerberos authentication works and how authorization process looks like. Look through all the use cases. See how Kerberos is being used in a classical setting and in the HTTP world with SPNEGO protocol.
A short introduction to cryptography. What is public and private key cryptography? What is a Caesar Cipher and how do we decrypt it? How does RSA work?
Security Hash Algorithm (SHA) was developed in 1993 by the National Institute of Standards and Technology (NIST) and National Security Agency (NSA).
It was designed as the algorithm to be used for secure hashing in the US Digital Signature Standard.
• Hashing function is one of the most commonly used encryption methods. A hash is a special mathematical function that performs one-way encryption.
• SHA-l is a revised version of SHA designed by NIST and was published as a Federal Information Processing Standard (FIPS).
• Like MD5, SHA-l processes input data in 512-bit blocks.
• SHA-l generates a 160-bit message digest. Whereas MD5 generated message digest of 128 bits.
• The procedure is used to send a non secret but signed message from sender to receiver. In such a case following steps are followed:
1. Sender feeds a plaintext message into SHA-l algorithm and obtains a 160-bit SHA-l hash.
2. Sender then signs the hash with his RSA private key and sends both the plaintext message and the signed hash to the receiver.
3. After receiving the message, the receiver computes the SHA-l hash himself and also applies the sender's public key to the signed hash to obtain the original hash H.
This is a Presentation On use of AES Algorithm To Encrypt Or Decrypt a Text File. This Algorithm is the latest and better than DES. It is a Networking Presentation. Thank You.
Project consists of individual modules of encryption and decryption units. Standard T-DES algorithm is implemented. Presently working on to integrate DES with AES to develop stronger crypto algorithm and test the same against Side Channel Attacks and compare different algorithms.
An open, unencrypted wireless network can 'sniff' or capture and record the traffic, gain unauthorized access to internal network resources as well as to the internet, and then use the information and resources to perform disruptive or illegal acts.Many laptop computers have wireless cards pre-installed. The ability to enter a network while mobile has great benefits. However, wireless networking is prone to some security. Wireless networks relatively easy to break into, and even use wireless technology to hack into wired networks.The risks to users of wireless technology have increased as the service has become more popular.As a result, it is very important that enterprises define effective wireless security policies that guard against unauthorized access to important resources.
An introduction to Kerberos technology. Find out how the negotiation process works and why it is considered secure. Learn what are Kerberos realms, how Kerberos authentication works and how authorization process looks like. Look through all the use cases. See how Kerberos is being used in a classical setting and in the HTTP world with SPNEGO protocol.
A short introduction to cryptography. What is public and private key cryptography? What is a Caesar Cipher and how do we decrypt it? How does RSA work?
Security Hash Algorithm (SHA) was developed in 1993 by the National Institute of Standards and Technology (NIST) and National Security Agency (NSA).
It was designed as the algorithm to be used for secure hashing in the US Digital Signature Standard.
• Hashing function is one of the most commonly used encryption methods. A hash is a special mathematical function that performs one-way encryption.
• SHA-l is a revised version of SHA designed by NIST and was published as a Federal Information Processing Standard (FIPS).
• Like MD5, SHA-l processes input data in 512-bit blocks.
• SHA-l generates a 160-bit message digest. Whereas MD5 generated message digest of 128 bits.
• The procedure is used to send a non secret but signed message from sender to receiver. In such a case following steps are followed:
1. Sender feeds a plaintext message into SHA-l algorithm and obtains a 160-bit SHA-l hash.
2. Sender then signs the hash with his RSA private key and sends both the plaintext message and the signed hash to the receiver.
3. After receiving the message, the receiver computes the SHA-l hash himself and also applies the sender's public key to the signed hash to obtain the original hash H.
This is a Presentation On use of AES Algorithm To Encrypt Or Decrypt a Text File. This Algorithm is the latest and better than DES. It is a Networking Presentation. Thank You.
Cryptocurrency with central bank regulations: the RSCoin frameworkRoman Oliynykov
An overview of the RSCoin cryptocurrency framework developed for central bank applications, its implementation in Haskell and proposals for further development.
Slides of my lecture on block ciphers providing high level security. Lecture was given at Finse Winter School in Information Security (Norway), on May 2014.
Slides for my lecture "Software security: vulnerabilities, exploits and
possible countermeasures" I had been giving for Samsung Electronics in Suwon, Korea (South).
As organizations assess the security of their information systems, the need for automation has become more and more apparent. Not only are organizations attempting to automate their assessments, the need is becoming more pressing to perform assessments centrally against large numbers of enterprise systems. Penetration testers can use this automation to make their post-exploitation efforts more thorough, repeatable, and efficient. Defenders need to understand the techniques attackers are using once an initial compromise has occurred so they can build defenses to stop the attacks. Microsoft's PowerShell scripting language has become the defacto standard for many organizations looking to perform this level of distributed automation. In this presentation James Tarala, of Enclave Security, will describe to students the enterprise capabilities PowerShell offers and show practical examples of how PowerShell can be used to perform large scale penetration tests of Microsoft Windows systems.
10 Event Technology Trends to Watch in 2016Eventbrite UK
We’ve picked 10 exciting, innovative technologies that are gathering pace and adoption, and are likely to start appearing on your radar in 2016. Get ahead of the curve by learning more about them.
Simple AEAD Hardware Interface SAEHI in a SoC: Implementing an On-Chip Keyak/...mjos
Presenter: Markku-Juhani O. Saarinen
Talk: Design and implementation of the WhirlBob and Keyak/WhirlBob embedded FPGA System-on-Chip co-processor for the second round of the CAESAR competition
Conference: TrustED 2014 - Arizona, USA, 03 November 2014,
http://th.informatik.uni-mannheim.de/trusted-workshop/2014/
Mixed Scanning and DFT Techniques for Arithmetic CoreIJERA Editor
Elliptic curve Cryptosystem used in cryptography chips undergoes side channel threats, where the attackers deciphered the secret key from the scan path. The usage of extra electronic components in scan path architecture will protect the secret key from threats. This work presents a new scan based flip flop for secure cryptographic application. By adding more sensitive internal nets along with the scan enable the testing team can find out the bugs in chip after post-silicon and even after chip fabrication. Also present a new mixed technique by adding DFT(design for testing or Dfx unit) unit and scan unit in same chip unit without affecting the normal critical path ,i.e. without affecting speed of operation of chip, latency in normal mode. Both Scan unit and DFT unit are used for testing the sequential and combinational circuits present in 32 Bit Arithmetic core. Here a proposed PN code generation unit as scan in port to increase the code coverage and scan out port efficiency. The proposed system will written in verilog code and simulated using Xilinx Tool. The hardware module core is synthesized using Xilinx Vertex 5 Field Programmable Gated Array (FPGA) kit. The performance utilization is reported with the help of generated synthesis result
High throughput FPGA Implementation of Advanced Encryption Standard AlgorithmTELKOMNIKA JOURNAL
The growth of computer systems and electronic communications and transactions has meant that the need for effective security and reliability of data communication, processing and storage is more important than ever. In this context, cryptography is a high priority research area in engineering. The Advanced Encryption Standard (AES) is a symmetric-key criptographic algorithm for protecting sensitive information and is one of the most widely secure and used algorithm today. High-throughput, low power and compactness have always been topic of interest for implementing this type of algorithm. In this paper, we are interested on the development of high throughput architecture and implementation of AES algorithm, using the least amount of hardware possible. We have adopted a pipeline approach in order to reduce the critical path and achieve competitive performances in terms of throughput and efficiency. This approach is effectively tested on the AES S-Box substitution. The latter is a complex transformation and the key point to improve architecture performances. Considering the high delay and hardware required for this transformation, we proposed 7-stage pipelined S-box by using composite field in order to deal with the critical path and the occupied area resources. In addition, efficient AES key expansion architecture suitable for our proposed pipelined AES is presented. The implementation had been successfully done on Virtex-5 XC5VLX85 and Virtex-6 XC6VLX75T Field Programmable Gate Array (FPGA) devices using Xilinx ISE v14.7. Our AES design achieved a data encryption rate of 108.69 Gbps and used only 6361 slices ressource. Compared to the best previous work, this implementation improves data throughput by 5.6% and reduces the used slices to 77.69%.
MICRO ROTOR ENHANCED BLOCK CIPHER DESIGNED FOR EIGHT BITS MICRO-CONTROLLERS (...IJNSA Journal
The sensor network is a wireless network environment that consists of the many sensors of lightweight and
low-power. Authentication between nodes is very vital for network reliability and the integrity of
information collected by these nodes. Therefore, encryption algorithm for the implementation of reliable
sensor network environments is required to the applicable sensor network. This paper gives a new
proposed cryptosystem (MREBC) that is designed for 8 bits microcontroller systems. MREBC uses the
concept of rotor enhanced block cipher which was initially proposed by the author in [NRSC 2002] on the
first version of REBC. MREBC uses rotors to achieve two basic cryptographic operations; permutation,
and substitution. Round key is generated using rotor too, which is used to achieve ciphertext key
dependency. Rotors implemented using 8 bits successive affine transformation, which achieves memoryless,
normalized ciphertext statistics, and small processing speed trend. The strength of this system is
compared with the RIJNDAEL (AES) cipher. MREBC cipher gives excellent results from security
characteristics and statistical point of view of. communication efficiency of MREBC is compared with AES
through measuring performance by plaintext size, and cost of operation per hop according to the network
scale. Arduino microcontroller board is used to implement both MREBC, and AES in order to compare the
performance of algorithms. Authors suggests to use MREBC to implement a reliable sensor network
environments.
MICRO ROTOR ENHANCED BLOCK CIPHER DESIGNED FOR EIGHT BITS MICRO-CONTROLLERS (...IJNSA Journal
The sensor network is a wireless network environment that consists of the many sensors of lightweight and low-power. Authentication between nodes is very vital for network reliability and the integrity of information collected by these nodes. Therefore, encryption algorithm for the implementation of reliable sensor network environments is required to the applicable sensor network. This paper gives a new proposed cryptosystem (MREBC) that is designed for 8 bits microcontroller systems. MREBC uses the concept of rotor enhanced block cipher which was initially proposed by the author in [NRSC 2002] on the first version of REBC. MREBC uses rotors to achieve two basic cryptographic operations; permutation, and substitution. Round key is generated using rotor too, which is used to achieve ciphertext key dependency. Rotors implemented using 8 bits successive affine transformation, which achieves memoryless, normalized ciphertext statistics, and small processing speed trend. The strength of this system is compared with the RIJNDAEL (AES) cipher. MREBC cipher gives excellent results from security characteristics and statistical point of view of. communication efficiency of MREBC is compared with AES through measuring performance by plaintext size, and cost of operation per hop according to the network scale. Arduino microcontroller board is used to implement both MREBC, and AES in order to compare the performance of algorithms. Authors suggests to use MREBC to implement a reliable sensor network environments.
Fault Detection Scheme for AES Using Composite FieldAJAL A J
The cipher Rijndael is one of the five finalists of the Advanced Encryption Standard (AES)
The algorithm has been designed by Joan Daemen and Vincent Rijmen
It is a Block cipher.
The hardware implementation with 128-bit blocks and 128-bit keys is presented.
VLSI optimizations of the Rijndael algorithm are discussed and several hardware design modifications and techniques are used, such as memory sharing and parallelism.
Design and Implementation of Area Efficiency AES Algoritham with FPGA and ASICpaperpublications3
Abstract: A public domain encryption standard is subject to continuous, vigilant, expert cryptanalysis. AES is a symmetric encryption algorithm processing data in block of 128 bits. Under the influence of a key, a 128-bit block is encrypted by transforming it in a unique way into a new block of the same size. To implement AES Rijndael algorithm on FPGA using Verilog and synthesis using Xilinx, Plain text of 128 bit data is considered for encryption using Rijndael algorithm utilizing key. This encryption method is versatile used for military applications. The same key is used for decryption to recover the original 128 bit plain text. For high speed applications, the Non LUT based implementation of AES S-box and inverse S-box is preferred. Development of physical design of AES-128 bit is done using cadence SoC encounter. Performance evaluation of the physical design with respect to area, power, and time has been done. The core consumes 10.11 mW of power for the core area of 330100.742 μm2.
Российская криптография: блочные шифры и их режимы шифрования (Russian crypto...Advanced monitoring
Небольшой рассказ об истории блочных шифров, ГОСТ 28147-89 и новом шифре Кузнечик.
Russian cryptography: block ciphers and modes of operation for them.
Design and Implementation of Area Efficiency AES Algoritham with FPGA and ASIC,paperpublications3
Abstract: A public domain encryption standard is subject to continuous, vigilant, expert cryptanalysis. AES is a symmetric encryption algorithm processing data in block of 128 bits. Under the influence of a key, a 128-bit block is encrypted by transforming it in a unique way into a new block of the same size. To implement AES Rijndael algorithm on FPGA using Verilog and synthesis using Xilinx, Plain text of 128 bit data is considered for encryption using Rijndael algorithm utilizing key. This encryption method is versatile used for military applications. The same key is used for decryption to recover the original 128 bit plain text. For high speed applications, the Non LUT based implementation of AES S-box and inverse S-box is preferred. Development of physical design of AES-128 bit is done using cadence SoC encounter. Performance evaluation of the physical design with respect to area, power, and time has been done. The core consumes 10.11 mW of power for the core area of 330100.742 μm2.
Keywords: Encryption, Decryption Rijndael algorithm, FPGA implementation, Physical Design.
Presentation slides of "Gaihre, Anil, et al. "Xbfs: exploring runtime optimizations for breadth-first search on gpus." Proceedings of the 28th International Symposium on High-Performance Parallel and Distributed Computing. 2019."
An Efficient FPGA Implementation of the Advanced Encryption Standard Algorithmijsrd.com
A proposed FPGA-based implementation of the Advanced Encryption Standard (AES) algorithm is presented in this paper. This implementation is compared with other works to show the efficiency. The design uses an iterative looping approach with block and key size of 128 bits, lookup table implementation of S -box. This gives low complexity architecture and easily achieves low latency as well as high throughput. Simulation results, performance results are presented and compared with previous reported designs.
Advanced Encryption System & Block Cipher Modes of OperationsAdri Jovin
This presentation contains the contents pertaining to the undergraduate course on Cryptography and Network Security (UITC203) at Sri Ramakrishna Institute of Technology. This covers the Advanced Encryption Standard and the various block cipher moder of operations.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Italy Agriculture Equipment Market Outlook to 2027harveenkaur52
Agriculture and Animal Care
Ken Research has an expertise in Agriculture and Animal Care sector and offer vast collection of information related to all major aspects such as Agriculture equipment, Crop Protection, Seed, Agriculture Chemical, Fertilizers, Protected Cultivators, Palm Oil, Hybrid Seed, Animal Feed additives and many more.
Our continuous study and findings in agriculture sector provide better insights to companies dealing with related product and services, government and agriculture associations, researchers and students to well understand the present and expected scenario.
Our Animal care category provides solutions on Animal Healthcare and related products and services, including, animal feed additives, vaccination
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
1. A New Encryption Standard of Ukraine:
The Block Cipher ”Kalyna”
(DSTU 7624:2014)
Roman Oliynykov,
Ivan Gorbenko, Oleksandr Kazymyrov, Victor Ruzhentsev,
Yurii Gorbenko and Viktor Dolgov
JSC Institute of Information Technologies,
V.N.Karazin Kharkiv National University,
Kharkiv National University of Radio Electronics
Ukraine
roliynykov@gmail.com
July 8th, 2015
Central European Conference on Cryptology
Klagenfurt, Austria
R. Oliynykov, I. Gorbenko, O. Kazymyrov, et al. A New Standard of Ukraine: The Block Cipher ”Kalyna” 1 / 20
2. Outline
The block cipher GOST 28147-89 and its replacements in
post-Soviet countries
The new Ukrainian block cipher ”Kalyna”
General structure
Component properties
Key schedule
Cryptographic strength
Performance comparison with other ciphers
Other components of the Ukrainian national standard
DSTU 7624:2014
Conclusions
R. Oliynykov, I. Gorbenko, O. Kazymyrov, et al. A New Standard of Ukraine: The Block Cipher ”Kalyna” 2 / 20
3. Block cipher GOST 28147-89
Advantages
a well known and researched cipher, adopted as national
standard in 1990
acceptable encryption speed (cf.TripleDES)
appropriate for lightweight cryptography
good S-boxes provide practical strength
Disadvantages
theoretically broken
huge classes of weak keys
special S-boxes (non-bijective) allows practical
ciphertext-only attacks
encryption speed significantly slower in comparison to
modern block ciphers like AES
GOST 28147-89 is withdrawn in Belarussia (legacy-only application) and will be replaced in Russia (will remain as
additional 64-bit algorithm); GOST 28147-89 was refused to be included to ISO/IEC 18033-3
R. Oliynykov, I. Gorbenko, O. Kazymyrov, et al. A New Standard of Ukraine: The Block Cipher ”Kalyna” 3 / 20
4. Replacements for GOST 28147-89 in Belarussia
Belarussia: STB 34.101.31-2011 (BelT)
block length is 128 bits; key length is 128, 192 or 256 bits
8-rounds Feistel network with Lai-Massey scheme
a single byte S-box with good cryptographic properties
no key schedule like in GOST (encryption key shorter
than 256 bits is padded by zeros)
no cryptanalytical attacks better than exhaustive search
are known
faster than GOST, slower than AES
R. Oliynykov, I. Gorbenko, O. Kazymyrov, et al. A New Standard of Ukraine: The Block Cipher ”Kalyna” 4 / 20
5. Replacements for GOST 28147-89 in Russia
Russia: draft standard ”Kuznyechik” (”Grasshopper”)
block length is 128 bits; key length is 256 bits
9 rounds of Rijndael-like transformation
single byte S-box (common with the new Russian hash
GOST 34.11-2012 ”Stribog”)
non-circulant MDS matrix of 16x16 size over GF(28
)
(different from that in ”Stribog”)
key schedule based on a Feistel network and involves
round transformation (like in CS-cipher)
no cryptanalytical attacks faster than exhaustive search
are known
faster than GOST, slower than AES
GOST 28147-89 will be used as an additional legacy cipher in the new Russian standard
R. Oliynykov, I. Gorbenko, O. Kazymyrov, et al. A New Standard of Ukraine: The Block Cipher ”Kalyna” 5 / 20
6. Block cipher ”Kalyna”
normal, high and ultra high security level (block and key
length 128, 256 and 512 bits)
transparent construction and conservative design
Rijndael-like SPN structure
four different S-boxes (not CCZ-equivalent) with
optimized cryptographic properties
8x8 MDS matrix over GF(28
)
one set of look-up tables for ECB encryption in software
implementation (better performance of encryption and
decryption for CTR, CFB, CMAC, OFB, GCM, GMAC,
CCM modes of operation)
a new construction of key schedule based on the round
function
effective in software and software-hardware
implementations, common look-up tables with the hash
function ”Kupyna” (DSTU 7564:2014)
R. Oliynykov, I. Gorbenko, O. Kazymyrov, et al. A New Standard of Ukraine: The Block Cipher ”Kalyna” 6 / 20
7. ”Kalyna”: supported block and key length
# Block size (l) Key length (k) Rounds (t)
1
128
128 10
2 256 14
3
256
256 14
4 512 18
5 512 512 18
R. Oliynykov, I. Gorbenko, O. Kazymyrov, et al. A New Standard of Ukraine: The Block Cipher ”Kalyna” 7 / 20
8. Block cipher ”Kalyna”: structure
T
(K)
l,k = η
(Kt)
l ◦ ψl ◦ τl ◦ πl ◦
t−1
ν=1
(κ
(Kν )
l ◦ ψl ◦ τl ◦ πl) ◦ η
(K0)
l
R. Oliynykov, I. Gorbenko, O. Kazymyrov, et al. A New Standard of Ukraine: The Block Cipher ”Kalyna” 8 / 20
9. ”Kalyna”: characteristics of S-boxes
Characteristic
S-box
1 2 3 4
Non-linearity of Boolean functions 104
Min. algebraic degree of Boolean functions 7
Max. value of difference distribution table 8
Max. value of linear approximation table 24
Overdefined system degree 3
Number of cycles 4 4 6 4
Minimal cycle length 6 8 4 4
Non-linearity is the best known for S-boxes with 3rd degree of overdefined system (the
highest among S-boxes of Crypton, Safer+, Skipjack, SNOW, Twofish, Whirlpool, S,
Anubis, Stribog/Kuznyechik, STB)
R. Oliynykov, I. Gorbenko, O. Kazymyrov, et al. A New Standard of Ukraine: The Block Cipher ”Kalyna” 9 / 20
10. ”Kalyna” ShiftRows: 128,256 and 512-bit block
R. Oliynykov, I. Gorbenko, O. Kazymyrov, et al. A New Standard of Ukraine: The Block Cipher ”Kalyna” 10 / 20
11. Linear transformation of ”Kalyna”: MDS matrix
R. Oliynykov, I. Gorbenko, O. Kazymyrov, et al. A New Standard of Ukraine: The Block Cipher ”Kalyna” 11 / 20
12. Requirements to ”Kalyna” key schedule
each round key depends non-linear on each encryption key
bit non-linear dependence of each round key bit on each
encryption key bit
protection from cryptanalytic attacks aimed to key
schedule
high computation complexity of obtaining encryption key
having one or several round keys (one-way transformation,
additional protection from side-channel attacks)
key agility is less than three
possibility to generate round keys in direct and reverse
order
implementation simplicity (application of transformations
from the round function only)
R. Oliynykov, I. Gorbenko, O. Kazymyrov, et al. A New Standard of Ukraine: The Block Cipher ”Kalyna” 12 / 20
13. ”Kalyna” key schedule
tmv0 = 0x01000100..0100
tmvi+2 = tmvi << 1
Θ(K)
= ψl ◦ τl ◦ πl ◦ η
(Kα)
l ◦ ψl ◦ τl ◦ πl ◦ κ
(Kω)
l ◦ ψl ◦ τl ◦ πl ◦ η
(Kα)
l
Ξ(K,Kσ,i)
= η
(ϕi(Kσ))
l ◦ ψl ◦ τl ◦ πl ◦ κ
(ϕi(Kσ))
l ◦ ψl ◦ τl ◦ πl ◦ η
(ϕi(Kσ))
l
R. Oliynykov, I. Gorbenko, O. Kazymyrov, et al. A New Standard of Ukraine: The Block Cipher ”Kalyna” 13 / 20
14. Cryptographic strength of ”Kalyna”
Block cipher provides strength to considered methods of
cryptanalysis:
for 128-bit block: after 5th
round (out of 10 or 14,
depending on the key length)
for 256-bit block: after 6th
round (out of 14 or 18)
for 512-bit block: after 8th
round (out of 18)
R. Oliynykov, I. Gorbenko, O. Kazymyrov, et al. A New Standard of Ukraine: The Block Cipher ”Kalyna” 14 / 20
15. ”Kalyna” performance comparison with other
block ciphers
(Intel Core i5, 64-bit Linux, gcc v4.9.2, best compiler optimization)
https://github.com/Roman-Oliynykov/ciphers-speed/
R. Oliynykov, I. Gorbenko, O. Kazymyrov, et al. A New Standard of Ukraine: The Block Cipher ”Kalyna” 15 / 20
16. ”Kalyna” performance comparison with other
block ciphers
(Intel Core i5, 64-bit Linux, gcc v4.9.2, best compiler optimization)
# Block cipher Performance, Mbit/s
1 Kalyna-128/128 2611.77
2 Kalyna-128/256 1809.70
3 Kalyna-256/256 2017.97
4 Kalyna-256/512 1560.89
5 Kalyna-512/512 1386.46
6 AES-128 2525.89
7 AES-256 1993.53
8 GOST 28147-89 639.18
9 STB 34.101.31-2011 (BelT) 1188.83
10 Kuznyechik 1081.08
R. Oliynykov, I. Gorbenko, O. Kazymyrov, et al. A New Standard of Ukraine: The Block Cipher ”Kalyna” 16 / 20
17. ”Kalyna” performance comparison with other
block ciphers
(iMac 13.2, Intel Core i7, best compiler optimization)
https://github.com/Roman-Oliynykov/ciphers-speed/
R. Oliynykov, I. Gorbenko, O. Kazymyrov, et al. A New Standard of Ukraine: The Block Cipher ”Kalyna” 17 / 20
18. ”Kalyna” performance comparison with other
block ciphers
(iMac 13.2, Intel Core i7, best compiler optimization)
# Block cipher Performance, Mbit/s
1 Kalyna-128/128 1874.39
2 Kalyna-128/256 1295.55
3 Kalyna-256/256 1392.48
4 Kalyna-256/512 1088.88
5 Kalyna-512/512 1243.49
6 AES-128 1747.09
7 AES-256 1257.43
8 GOST 28147-89 576.10
9 STB 34.101.31-2011 (BelT) 1080.02
10 Kuznyechik 1146.31
R. Oliynykov, I. Gorbenko, O. Kazymyrov, et al. A New Standard of Ukraine: The Block Cipher ”Kalyna” 18 / 20
19. DSTU 7624:2014 also includes
Ten modes of operation for the new block cipher
ISO 10116: ECB, CBC, CFB, OFB, CTR
additional modes, simplified/improved comparing to
NIST SP 800-38: GCM/GMAC (securing IP-traffic),
CCM (confidentiality & integrity), XTS (on-the-fly
encryption of information storage), KW (key data
protection)
Test vectors (including not aligned to the block length
and, for some modes, byte length)
Requirements to implementation:
general concepts paying developer’s attention to take
steps for prevention of side-channel attacks, timing
attacks, CRIME/BREACH specific vulnerabilities, etc.
limits on the total number of invocation of the block
cipher during the encryption key lifetime
message replay prevention
etc.
R. Oliynykov, I. Gorbenko, O. Kazymyrov, et al. A New Standard of Ukraine: The Block Cipher ”Kalyna” 19 / 20
20. Conclusions
The new block cipher ”Kalyna” provides
normal, high and ultra high security level
transparent construction and conservative design
fast and effective software and software-hardware
implementations on modern 64-bit platforms
optimized construction for better performance on
encryption and decryption for CTR, CFB, CMAC, OFB,
GCM, GMAC, CCM modes of operation
new construction of key schedule based on the round
transformation
common look-up tables with the hash function ”Kupyna”
(the new Ukrainian standard DSTU 7564:2014)
Besides the block cipher, the new Ukrainian standard DSTU 7624:2014 defines ten
modes of operation, test vectors, requirements for implementation, limits on protected
information amount for a single key application, etc.
R. Oliynykov, I. Gorbenko, O. Kazymyrov, et al. A New Standard of Ukraine: The Block Cipher ”Kalyna” 20 / 20