1 / 23

Comparison AES-Rijndael/Serpent

Comparison AES-Rijndael/Serpent. 2G1704: Internet Security and Privacy Weltz Max. Outline. Historical perspective Description of AES-Rijndael Description of Serpent Comparison. Historical perspective. 1998 Advanced Encryption Standard contest

teague
Télécharger la présentation

Comparison AES-Rijndael/Serpent

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ComparisonAES-Rijndael/Serpent 2G1704: Internet Security and Privacy Weltz Max

  2. Outline • Historical perspective • Description of AES-Rijndael • Description of Serpent • Comparison

  3. Historical perspective • 1998 Advanced Encryption Standard contest • 1999 Serpent and Rijndael among the last 5 finalist algorithms • Along with Mars, RC6 and Twofish • 2000 Rijndael selected as AES algorithm

  4. --------------- 32 Description of Rijndael • Main elements • Parameters • Key size: 128, 160, 192, 224, 256bits • Block size: 128, 160, 192, 224, 256bits • Number of rounds: 6+max(Bs,Ks) • Operations •  • Two substitutions tables • Rearrangement of octets • Key schedule

  5. Description of Rijndael • State array • Size of Bs • Organized in 4-octet columns

  6. Description of Rijndael • Rounds • Octets through the S-Box • Rows shifted • Columns mixed

  7. Description of Rijndael • Key expansion • As many round as required • Obtain (Nr+1)Bs/32 columns

  8. What is AES-Rijndael? • AES’ recommendations for Rijndael • Block size: • 128-bits • Key size: • 128bits -> AES-128 -> 10 rounds • 196bits -> AES-196 -> 12 rounds • 256bits -> AES-256 -> 14 rounds

  9. Description of Serpent • Parameters • Key size: 128, 192, 256bits • 128 and 192bit keys are padded with 100… • Block size: 128bits • Number of rounds: 32 • 16 rounds are supposedly enough • Operations •  • 8 substitution tables (S-boxes) • Linear transformation • Key schedule

  10. Description of Serpent • Process • Initial permutation • 32 Rounds • Final permutation • Permutations • Statically defined • Simplifying the optimized implementation

  11. Description of Serpent • Rounds • Key mixing • Pass through S-box • Linear transformation • Except for the last round • ( 33rd subkey)

  12. Source: Wikipedia Descriptionof Serpent • Linear transformation • Left-rotations • ’ing • Left-shifts

  13. Descriptionof Serpent • Key expansion • Padding (100…) • Affine expansion • S-boxes • Collapsing

  14. Comparison • Process • Security • Hardware performance • Software performance

  15. Adapted from [Lutz02] Comparison: Process

  16. Comparison: Security

  17. Rijndael 2.26Gbit/s @ 88.5MHz Assets Small number Of rounds Of subkeys Identical rounds Drawbacks Variable number of rounds Key length matters Large S-boxes Serpent 1.96Gbit/s @ 122.9MHz Assets Fixed number of rounds Key lengths does not matter Small S-boxes Drawbacks Different S-Box types Larger number Of rounds Of subkeys No hardware shared between encryption and decryption Comparison: Hardware

  18. Comparison: Software • Performance(see figures) • Serpent • 2 to 6 times slower • Non-symmetrical performances • But stable performances when changing architecture Pentium 133Mhz MMX | Pentium Pro C/Pentium Pro ASM

  19. Conclusion • Rijndael chosen by AES: why? • Fastest for small blocks and hashes encryption • Second fastest for bulk encryption • But • Security issues • In 1999, Schneier et al. claimed there was no possible timing attacks against Rijndael… • In 2006, a timing attack is found • Serpent is more secure if you are ready to spend more time

  20. • Questions• Opposition

  21. Network Security, Private Communication in a Public World, C. Kaufman, R. Perlman, M. Speciner, 2002 Wikipedia’s articles (French and English) on Rijndael, Bitwise operators, AES process and Serpent Cryptographic Hardware and Embedded Systems, Pawel Chodowiec, 2002 Serpent, a Proposal for the AES, R. Anderson, E. Biham, L. Knudsen, 1998 Serpent homepage www.cl.cam.ac.uk/~rja14/serpent.html [Lutz02]2Gbit/s Hardware Realizations of RIJNDAEL and SERPENT: A Comparative Analysis, Lutz, Treichler, Gürkaynak, Kaeslin, Basler, Erni, Reichmuth, Rommens, Oetiker, Fichtner, 2002 Sources

  22. A Note on Comparing AES Candidates (Revised), Biham, 1998 (?) Performance Comparison of the AES Submissions, B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, N. Ferguson, 1999 Performance Evaluation fo the AES Finalists on the High-End Smart Card, F. Sano, M. Koike, S. Kawamura, M. Shiba, 2000 Performance Comparison of 5 AES Candidates with New Performance Evaluation Tool, M. Takenaka, N. Torii, K. Itoh, J. Yajima, 2000 Instruction-level Parallelism in AES Candidates, C.S.K. Clapp, 1999 How Well Are High-End DSPs Suites for the AES Algorithms, T. J. Wollinger, M. Wang, J. Guajardo, C. Paar, 2000 Sources (cont.)

  23. Comments • Non-exhaustive listing and extracts of sources are available here: • http://www.google.com/notebook/public/02330310943113180415/BDRkjSwoQiJ-sle4h • Interesting links for both Serpent and Rijndael (and others) can be found here: • http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html • Figures where realized specially for this presentation, except stated otherwise

More Related