@article {18569, title = {Compact Circuits for Combined AES}, journal = {Journal of Cryptographic Engineering}, year = {In Press}, author = {Banik, Subhadeep and Bogdanov, Andrey and Regazzoni, Francesco} } @article {18568, title = {Towards Low Energy Stream Ciphers}, journal = {IACR Transactions on Symmetric Cryptology}, year = {In Press}, author = {Banik, Subhadeep and Mikhalev, Vasily and Armknecht, Frederik and Isobe, Takanori and Meier, Willi and Bogdanov, Andrey and Watanabe, Yuhei and Regazzoni, Francesco} } @conference {18577, title = {Efficient Configurations for Block Ciphers with Unified ENC/DEC Paths}, booktitle = {Proceedings of the IEEE International Symposium on Hardware Oriented Security and Trust (HOST) 2017}, year = {2018}, author = {Banik, Subhadeep and Bogdanov, Andrey and Regazzoni, Francesco} } @conference {18574, title = {Inverse Gating for Low Energy Block Ciphers}, booktitle = {Proceedings of the IEEE International Symposium on Hardware Oriented Security and Trust (HOST)}, year = {2018}, author = {Banik, Subhadeep and Bogdanov, Andrey and Isobe, Takanori and Hiwatari, Harunaga and Akishita, Toru and Regazzoni, Francesco} } @conference {18488, title = {Adaptable AES implementation with power-gating support}, booktitle = {International Conference on Computing Frontiers CF{\textquoteright}16}, series = {Proceedings of the ACM International Conference on Computing Frontiers}, year = {2016}, month = {05/2016}, pages = {331-334}, publisher = {ACM Ney York, NY, USA}, organization = {ACM Ney York, NY, USA}, address = {Como, Italy}, abstract = {In this paper, we propose a reconfigurable design of the Advanced Encryption Standard capable of adapting at runtime to the requirements of the target application. Reconfiguration is achieved by activating only a specific subset of all the instantiated processing elements. Further, we explore the effectiveness of power gating and clock gating methodologies to minimize the energy consumption of the processing elements not involved in computation.}, keywords = {AES implementation, power analysis attacks, power modeling}, isbn = {978-1-4503-4128-8}, doi = {10.1145/2903150.2903488}, url = {http://doi.acm.org/10.1145/2903150.2903488}, author = {Banik, Subhadeep and Bogdanov, Andrey and Fanni, Tiziana and Sau, Carlo and Raffo, Luigi and Palumbo, Francesca and Regazzoni, Francesco} } @conference {18578, title = {Atomic-AES: A Compact Implementation of the AES Encryption/Decryption Core}, booktitle = {Proceedings of 17th International Conference on Cryptology in India (INDOCRYPT) 2016}, year = {2016}, author = {Banik, Subhadeep and Bogdanov, Andrey and Regazzoni, Francesco} } @conference {18484, title = {Round gating for low energy block ciphers}, booktitle = {2016 IEEE International Symposium on Hardware Oriented Security and Trust, HOST}, year = {2016}, month = {05/2016}, pages = {55-60}, publisher = {IEEE Computer Society}, organization = {IEEE Computer Society}, address = {McLean, VA, USA}, abstract = {Pushed by the pervasive diffusion of devices operated by battery or by the energy harvested, energy has become one of the most important parameter to be optimized for embedded systems. Particularly relevant would be to optimize the energy consumption of security primitives. In this paper we explore design techniques for implementing block ciphers in a low energy fashion. We concentrate on round based implementation and we discuss how gating, applied at round level can affect and improve the energy consumption of the most common lightweight block cipher currently used in the internet of things. Additionally, we discuss how to needed gating wave can be generated. Experimental results show that our technique is able to reduce the energy consumption in most block ciphers by over 60\% while incurring only a minimal overhead in hardware}, keywords = {algorithm design and analysis, ciphers, clocks, computer architecture, energy consumption}, isbn = {978-1-4673-8826-9}, doi = {10.1109/HST.2016.7495556}, url = {http://dx.doi.org/10.1109/HST.2016.7495556}, author = {Banik, Subhadeep and Bogdanov, Andrey and Regazzoni, Francesco and Isobe, Takanori and Hiwatari, Harunaga and Akishita, Toru} } @conference {18474, title = {Exploring Energy Efficiency of Lightweight Block Ciphers}, booktitle = {Selected Areas in Cryptography: 22nd International Conference (SAC)2015}, series = {Lecture Notes in Computer Science}, volume = {9566}, year = {2015}, month = {08/2015}, pages = {178-194}, publisher = {Springer}, organization = {Springer}, address = {Sackville, NB, Canada}, abstract = {In the last few years, the field of lightweight cryptography has seen an influx in the number of block ciphers and hash functions being proposed. One of the metrics that define a good lightweight design is the energy consumed per unit operation of the algorithm. For block ciphers, this operation is the encryption of one plaintext. By studying the energy consumption model of a CMOS gate, we arrive at the conclusion that the energy consumed per cycle during the encryption operation of an r-round unrolled architecture of any block cipher is a quadratic function in r. We then apply our model to 9 well known lightweight block ciphers, and thereby try to predict the optimal value of r at which an r-round unrolled architecture for a cipher is likely to be most energy efficient. We also try to relate our results to some physical design parameters like the signal delay across a round and algorithmic parameters like the number of rounds taken to achieve full diffusion of a difference in the plaintext/key.}, keywords = {AES, lightweight block cipher, Low Power Energy Circuits}, isbn = {978-3-319-31300-9}, issn = {0302-9743}, doi = {10.1007/978-3-319-31301-6}, url = {http://dx.doi.org/10.1007/978-3-319-31301-6}, author = {Banik, Subhadeep and Bogdanov, Andrey and Regazzoni, Francesco} } @article {18473, title = {Exploring Energy Efficiency of Lightweight Block Ciphers}, journal = {(IACR) Cryptology ePrint Archive}, volume = {2015}, year = {2015}, month = {09/2015}, chapter = {847}, abstract = {In the last few years, the field of lightweight cryptography has seen an influx in the number of block ciphers and hash functions being proposed. One of the metrics that define a good lightweight design is the energy consumed per unit operation of the algorithm. For block ciphers, this operation is the encryption of one plaintext. By studying the energy consumption model of a CMOS gate, we arrive at the conclusion that the total energy consumed during the encryption operation of an r-round unrolled architecture of any block cipher is a quadratic function in r. We then apply our model to 9 well known lightweight block ciphers, and thereby try to predict the optimal value of r at which an r-round unrolled architecture for a cipher is likely to be most energy efficient. We also try to relate our results to some physical design parameters like the signal delay across a round and algorithmic parameters like the number of rounds taken to achieve full diffusion of a difference in the plaintext/key. }, keywords = {implementation AES, lightweight block cipher, Low Power Energy Circuits}, url = {http://eprint.iacr.org/2015/847}, author = {Banik, Subhadeep and Bogdanov, Andrey and Regazzoni, Francesco} } @conference {18475, title = {Exploring the energy consumption of lightweight blockciphers in FPGA}, booktitle = {International Conference on ReConFigurable Computing and FPGAs, ReConFig 2015}, year = {2015}, month = {02/2016}, pages = {1-6}, publisher = {IEEE}, organization = {IEEE}, edition = {2015}, address = {Rivera Maya, Mexico City}, abstract = {Internet of things and cyber-physical systems requiring security functionality has pushed for the design of a number of block ciphers and hash functions specifically developed for being implemented in resource constrained devices. Initially the optimization was mainly on area and power consumption, but, nowadays the attention is more on the energy consumption. In this paper, for the first time, we look at energy consumption of lightweight block ciphers implemented in reconfigurable devices, and we analyze the effects that round unrolling might have on the energy consumed during the encryption. Concentrating on applications that require a number of parallel encryptions, we instantiate several designs on the target FPGA and we analyze how the energy consumption varies in each algorithm when changing the amount of unrolled rounds. Our results, obtained on the Xc6slx45t device of the Spartan6 family, demonstrate that Present is the most energy efficient algorithm and that the relation between the energy consumption and the number of unrolled rounds measured on FPGA is similar to the one measured on dedicated hardware.}, keywords = {cryptography, cyber-physical systems, encryption, lightweight block cipher}, isbn = {978-1-4673-9406-2}, doi = {10.1109/ReConFig.2015.7393308}, url = {http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=7390332}, author = {Banik, Subhadeep and Bogdanov, Andrey and Regazzoni, Francesco} } @conference {18483, title = {Midori: A Block Cipher for Low Energy}, booktitle = {21st International Conference on the Theory and Application of Cryptology and Information Security ASIACRYPT 2015}, series = {Lecture Notes in Computer Science}, volume = {9453}, year = {2015}, month = {11/2015}, pages = {411-436}, publisher = {Springer Berlin Heidelberg}, organization = {Springer Berlin Heidelberg}, address = {Auckland, New Zealand}, abstract = {In the past few years, lightweight cryptography has become a popular research discipline with a number of ciphers and hash functions proposed. The designers{\textquoteright} focus has been predominantly to minimize the hardware area, while other goals such as low latency have been addressed rather recently only. However, the optimization goal of low energy for block cipher design has not been explicitly addressed so far. At the same time, it is a crucial measure of goodness for an algorithm. Indeed, a cipher optimized with respect to energy has wide applications, especially in constrained environments running on a tight power/energy budget such as medical implants. This paper presents the block cipher Midori (The name of the cipher is the Japanese translation for the word Green.) that is optimized with respect to the energy consumed by the circuit per bt in encryption or decryption operation. We deliberate on the design choices that lead to low energy consumption in an electrical circuit, and try to optimize each component of the circuit as well as its entire architecture for energy. An added motivation is to make both encryption and decryption functionalities available by small tweak in the circuit that would not incur significant area or energy overheads. We propose two energy-efficient block ciphers Midori128 and Midori64 with block sizes equal to 128 and 64 bits respectively. These ciphers have the added property that a circuit that provides both the functionalities of encryption and decryption can be designed with very little overhead in terms of area and energy. We compare our results with other ciphers with similar characteristics: it was found that the energy consumptions of Midori64 and Midori128 are by far better when compared ciphers like PRINCE and NOEKEON. }, keywords = {lightweight block cipher, low energy circuits}, isbn = {978-3-662-48799-0}, issn = {0302-9743}, doi = {10.1007/978-3-662-48800-3_17}, url = {http://dx.doi.org/10.1007/978-3-662-48800-3_17}, author = {Banik, Subhadeep and Bogdanov, Andrey and Isobe, Takanori and Shibutani, Kyoji and Hiwatari, Harunaga and Akishita, Toru and Regazzoni, Francesco} } @article {18472, title = {Midori: (A) Block Cipher for Low Energy (Extended Version)}, journal = {(IACR) Cryptology ePrint Archive}, volume = {2015}, year = {2015}, month = {12/2015}, chapter = {1142}, abstract = {In the past few years, lightweight cryptography has become a popular research discipline with a number of ciphers and hash functions proposed. The designers{\textquoteright} focus has been predominantly to minimize the hardware area, while other goals such as low latency have been addressed rather recently only. However, the optimization goal of low energy for block cipher design has not been explicitly addressed so far. At the same time, it is a crucial measure of goodness for an algorithm. Indeed, a cipher optimized with respect to energy has wide applications, especially in constrained environments running on a tight power/energy budget such as medical implants. This paper presents the block cipher Midori that is optimized with respect to the energy consumed by the circuit per bit in encryption or decryption operation. We deliberate on the design choices that lead to low energy consumption in an electrical circuit, and try to optimize each component of the circuit as well as its entire architecture for energy. An added motivation is to make both encryption and decryption functionalities available by small tweak in the circuit that would not incur significant area or energy overheads. We propose two energy-efficient block ciphers Midori128 and Midori64 with block sizes equal to 128 and 64 bits respectively. These ciphers have the added property that a circuit that provides both the functionalities of encryption and decryption can be designed with very little overhead in terms of area and energy. We compare our results with other ciphers with similar characteristics: it was found that the energy consumptions of Midori64 and Midori128 are by far better when compared ciphers like PRINCE and NOEKEON. }, keywords = {AES, lightweight block cipher, low energy circuits, secret-key cryptography}, url = {http://eprint.iacr.org/2015/1142}, author = {Regazzoni, Francesco and Banik, Subhadeep and Bogdanov, Andrey and Isobe, Takanori and Shibutani, Kyoji and Hiwatari, Harunaga and Akishita, Toru} } @conference {18071, title = {Lightweight AES-Based Authenticated Encryption}, booktitle = {Fast Software Encryption (FSE)}, year = {2013}, month = {March}, address = {Singapore}, author = {Bogdanov, Andrey and Mendel, Florian and Regazzoni, Francesco and Rijmen, Vincent and Tischhauser, Elmar} }