DOCSLIB.ORG

High Performance Cryptographic Engine PANAMA: Hardware Implementation G

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
High Performance Cryptographic Engine PANAMA: Hardware Implementation G High Performance Cryptographic Engine PANAMA: Hardware Implementation G. Selimis, P. Kitsos, and O. Koufopavlou VLSI Design Labotaroty Electrical & Computer Engineering Department, University of Patras Patras, Greece Email: [email protected] hardware implementations are more efficiency in FPGAs ABSTRACT than general purpose CPUs due to the fact that the algorithm specifications suits much better in FPGA structure. In this paper a hardware implementation of a dual operation cryptographic engine PANAMA is presented. The Typical application with high speed requirements is implementation of PANAMA algorithm can be used both as encryption or decryption of video-rate in conditional access a hash function and a stream cipher. A basic characteristic applications (e-g pay TV). The modern networks have been of PANAMA is a high degree of parallelism which has as implemented to satisfy the demand for high bandwidth result high rates for the overall system throughput. An other multimedia services. Then the switches which they are profit of the PANAMA is that one only architecture placed at the nodes of the network must provide high throughput. So if there is a need for secure networks, the supports two cryptographic operations – encryption/ systems in the network switches should not introduce delays. decryption and data hashing. The proposed system operates PANAMA [3] is a cryptographic module that can be used in 96.5 MHz frequency with maximum data rate 24.7 Gbps. both as a cryptographic hash function and as stream cipher in The proposed system outperforms previous any hash applications with ultra high speed requirements functions and stream ciphers implementations in terms of In this paper an efficient implementation of the PANAMA is performance. Additional techniques can increase the presented. The introduced system works either as a hash achieved throughput about 90%. function or stream cipher. The proposed implementation is suitable for application with ultra high speed data rates. Comparisons with other previous published hash functions 1. INTRODUCTION and stream ciphers implementations prove that the proposed Today more and more sensitive data is stored digitally. Bank one performs better in terms of overall system throughput. accounts, medical records and personal emails are some This paper is organized as follows: In section 2 the main categories that data must keep secure. The science of features of Hash Functions and Stream Ciphers are cryptography tries to encounter the lack of security. Data presented. In section 3 the PANAMA specifications are confidentiality, authentication, non-reputation and data given. The proposed Dual Operation Cryptographic Engine integrity are some of the main parts of cryptography. The PANAMA is presented in detail in section 4. The FPGA evolution of cryptography drove in very complex synthesis results are given in section 5, and finally section 6 cryptographic models which they could not be implemented concludes the paper. before some years. The revolution of computers and especially CMOS technology permit the design and the 2. DEFINITIONS implementation of systems with characteristics as limited area resources, low power consumption and high speed. Then due the CMOS technology known cryptographic 2.1 Hash Functions standards were implemented and today they provide secure The operation of a Hash function H is to map an input of transactions. arbitrary length into a fixed number of output bits, the hash The use of systems with increasing complexity, which value. Hash functions are used in cryptography mainly for usually are more secure, has as result low rate of throughput. authentication and digital signature schemes. The Last years the authors of new cryptographic algorithms try to requirements for a hash function are as follows: suit high complexity transformations in systems with the • The input can be of any length. view of high throughput rates. The assistance of FPGA and • Fixed - length output. ASIC technologies in this road is substantial. FPGAs • H(x) is relatively easy to compute for any given x. especially, are used for efficient and flexible implementations. When a current algorithm is broken and a • H(x) is one-way function which means that given a hash new standard is created (e.g. Advanced Encryption Standard- value h, it is computationally infeasible to find some AES [1]), it is perceivable that field devices are upgraded input x such that H(x) = h. with a new encryption algorithm [2]. In addition the • H(x) is collision-free which means it is computationally input bits (gamma stage- γ ). The stage updating infeasible to find any two messages x and y such that transformation ρ is given by the formula: H(x) = H(y). ρ = σ oθ o π o γ 2.2 Stream Ciphers Symbol “o” denotes the associative comparison of transformations where the right-most transformation While block ciphers operate on large blocks of data, stream executed first. ciphers typically operate on smaller units of plaintext, The PANAMA hash function transforms the information of usually bits. With a stream cipher, the transformation of arbitrary length to a hash result of 256 bits. It consists of these smaller plaintext units will vary, depending on when two processes: message padding and iteration phase. During they are encountered during the encryption process. Stream message padding the information is converted to a stream of cipher generates what is called a keystream (a sequence of data which its length is multiple of 256 while during bits used as a key). Encryption is accomplished by iteration phase the cryptographic module follows the below combining the keystream with the plaintext, usually with sequence diagram (Table 1). the bitwise XOR operation. Table 1. The sequence diagram of the hash function Time step t Mode Input Output 3. PANAMA ALGORITHM 0 reset ------ ------ 1,…,V Push p t ------ The basic elements of PANAMA [3] algorithm are a finite V=1,…,V+32 Pull ------ ------ state machine with a 544-bit state which called stateα , an V+33 Pull ------ H 8192-bit buffer and the state update transformation which The PANAMA stream encryption scheme is initialized by denoted by ρ . When the data of buffer and state machine first loading the 256-bit key K, the 256-bit diversification are updated then an iteration happens, Push or Pull. The parameter Q and performing 32 additional blank pull three possible modes for the PANAMA module are Reset, operations. During keystream generation an 8-word block z Push and Pull. In Reset mode the state α and buffer are set is delivered at the output for every iteration. The full to 0. In Push mode an 8-word input is applied and there is scenario of encryption / decryption process is shown in no output. In Pull mode there is no input and an 8-word Table 2. output is delivered. The buffer behaves as a linear feedback Table 2. The sequence diagram of the stream encryption scheme shift register that ensures that input bits are injected into the Time step t Mode Input Output 0 reset ------ ------ state α over a wide interval of iterations. In the Push mode 1,…,V Push t ------ the input to the shift register is formed by the external input, p in the Pull mode, by part of stateα . Figure 1 shows the V=1,…,V+32 Pull ------ ------ Push and Pull modes of PANAMA. V+33 Pull ------ H In practice, the diversification parameter allows for frequent p resynchronization without the need to change the key. 0 31 buffer stage ρ 4. PROPOSED ARCHITECTURE The proposed architecture is presented in Figure 2. α encryption/ decryption KEY 256-bit 256-bit internal PARAMETER Q 0 31 memory 256-bit decryption/ encryption DATA ρ 256-bit PADDING UNIT 256-bit 256-bit hash value BIT NUMBER PANAMA α HASH CONTROL CRYPTO Figure 1. Push (above) and Pull (below) modes of PANAMA The updating transformation ρ of the state has high Figure 2. PANAMA - proposed architecture diffusion and distributed nonlinearity. It combines four The operation of PANAMA system has two options. It can different transformations: one for nonlinearity (sigma stage- operate as keystream generator for data encryption and also σ ), one for bit dispersion (theta stage-θ ), one for inter-bit as hash function. In the following Figure 3 the PANAMA proposed VLSI implementation is presented in detail. diffusion (pi stage-π ), and one of injection of buffer and XOR. Due the fact that one transformation is executed in a Key 256-bit array of registers 256-bit Q 256-bit M clock cycle the whole system has very high throughput rate. H 256-bit U register X 256-bit 32-bit 32-bit 32-bit 256-bit 256-bit αi αi+1 αi+2 M U 256-bit X transformation 544-bit OR-32 crypto C O γ 1 2 • • • 18 hash register XOR-32 N γ π θ σ T 544-bit 32-bit R O 1 218 L 544-bit • • • input Shifting : LSB to MSB 012 29 30 31 A π alpha state 256-bit N α D • • • 3 4 5 2 1 0 544-bit output 544-bit 256-bit 32-bit 32-bit 32-bit α α θ 1 2 • • • 18 αi i+1 i+4 Figure 3. The PANAMA proposed architecture in details 544-bit XOR-32 256-bit The main components of proposed PANAMA crypto engine σ 1 2 • • • 18 XOR-32 are: the alpha stateα , the buffer, the transformation round 32-bit ρ and the control unit. The alpha state has memory storage 544-bit of 544 bits and it is implemented by (17 *32-bit) registers. The same policy has been applied for the construction of XOR-32 buffer. The buffer is an array of registers. As the Figure 3 shows shown that the buffer consists of 32 cells. Every cell has 8 words or 8*32-bit registers.
Load more

Recommended publications
  • Fast Hashing and Stream Encryption with Panama
    Fast Hashing and Stream Encryption with Panama Joan Daemen1 and Craig Clapp2 1 Banksys, Haachtesteenweg 1442, B-1130 Brussel, Belgium [email protected] 2 PictureTel Corporation, 100 Minuteman Rd., Andover, MA 01810, USA [email protected] Abstract. We present a cryptographic module that can be used both as a cryptographic hash function and as a stream cipher. High performance is achieved through a combination of low work-factor and a high degree of parallelism. Throughputs of 5.1 bits/cycle for the hashing mode and 4.7 bits/cycle for the stream cipher mode are demonstrated on a com- mercially available VLIW micro-processor. 1 Introduction Panama is a cryptographic module that can be used both as a cryptographic hash function and a stream cipher. It is designed to be very efficient in software implementations on 32-bit architectures. Its basic operations are on 32-bit words. The hashing state is updated by a parallel nonlinear transformation, the buffer operates as a linear feedback shift register, similar to that applied in the compression function of SHA [6]. Panama is largely based on the StepRightUp stream/hash module that was described in [4]. Panama has a low per-byte work factor while still claiming very high security. The price paid for this is a relatively high fixed computational overhead for every execution of the hash function. This makes the Panama hash function less suited for the hashing of messages shorter than the equivalent of a typewritten page. For the stream cipher it results in a relatively long initialization procedure. Hence, in applications where speed is critical, too frequent resynchronization should be avoided.
    [Show full text]
  • Permutation-Based Encryption, Authentication and Authenticated Encryption
    Permutation-based encryption, authentication and authenticated encryption Permutation-based encryption, authentication and authenticated encryption Joan Daemen1 Joint work with Guido Bertoni1, Michaël Peeters2 and Gilles Van Assche1 1STMicroelectronics 2NXP Semiconductors DIAC 2012, Stockholm, July 6 . Permutation-based encryption, authentication and authenticated encryption Modern-day cryptography is block-cipher centric Modern-day cryptography is block-cipher centric (Standard) hash functions make use of block ciphers SHA-1, SHA-256, SHA-512, Whirlpool, RIPEMD-160, … So HMAC, MGF1, etc. are in practice also block-cipher based Block encryption: ECB, CBC, … Stream encryption: synchronous: counter mode, OFB, … self-synchronizing: CFB MAC computation: CBC-MAC, C-MAC, … Authenticated encryption: OCB, GCM, CCM … . Permutation-based encryption, authentication and authenticated encryption Modern-day cryptography is block-cipher centric Structure of a block cipher . Permutation-based encryption, authentication and authenticated encryption Modern-day cryptography is block-cipher centric Structure of a block cipher (inverse operation) . Permutation-based encryption, authentication and authenticated encryption Modern-day cryptography is block-cipher centric When is the inverse block cipher needed? Indicated in red: Hashing and its modes HMAC, MGF1, … Block encryption: ECB, CBC, … Stream encryption: synchronous: counter mode, OFB, … self-synchronizing: CFB MAC computation: CBC-MAC, C-MAC, … Authenticated encryption: OCB, GCM, CCM … So a block cipher
    [Show full text]
  • Hash Functions and Thetitle NIST of Shapresentation-3 Competition
    The First 30 Years of Cryptographic Hash Functions and theTitle NIST of SHAPresentation-3 Competition Bart Preneel COSIC/Kath. Univ. Leuven (Belgium) Session ID: CRYP-202 Session Classification: Hash functions decoded Insert presenter logo here on slide master Hash functions X.509 Annex D RIPEMD-160 MDC-2 SHA-256 SHA-3 MD2, MD4, MD5 SHA-512 SHA-1 This is an input to a crypto- graphic hash function. The input is a very long string, that is reduced by the hash function to a string of fixed length. There are 1A3FD4128A198FB3CA345932 additional security conditions: it h should be very hard to find an input hashing to a given value (a preimage) or to find two colliding inputs (a collision). Hash function history 101 DES RSA 1980 single block ad hoc length schemes HARDWARE MD2 MD4 1990 SNEFRU double MD5 block security SHA-1 length reduction for RIPEMD-160 factoring, SHA-2 2000 AES permu- DLOG, lattices Whirlpool SOFTWARE tations SHA-3 2010 Applications • digital signatures • data authentication • protection of passwords • confirmation of knowledge/commitment • micropayments • pseudo-random string generation/key derivation • construction of MAC algorithms, stream ciphers, block ciphers,… Agenda Definitions Iterations (modes) Compression functions SHA-{0,1,2,3} Bits and bytes 5 Hash function flavors cryptographic hash function this talk MAC MDC OWHF CRHF UOWHF (TCR) Security requirements (n-bit result) preimage 2nd preimage collision ? x ? ? ? h h h h h h(x) h(x) = h(x‘) h(x) = h(x‘) 2n 2n 2n/2 Informal definitions (1) • no secret parameters
    [Show full text]
  • SPHINCS: Practical Stateless Hash-Based Signatures
    SPHINCS: practical stateless hash-based signatures Daniel J. Bernstein1;3, Daira Hopwood2, Andreas Hülsing3, Tanja Lange3, Ruben Niederhagen3, Louiza Papachristodoulou4, Peter Schwabe4, and Zooko Wilcox O'Hearn2 1 Department of Computer Science University of Illinois at Chicago Chicago, IL 606077045, USA [email protected] 2 Least Authority 3450 Emerson Ave. Boulder, CO 803056452 USA [email protected],[email protected] 3 Department of Mathematics and Computer Science Technische Universiteit Eindhoven P.O. Box 513, 5600 MB Eindhoven, The Netherlands [email protected], [email protected], [email protected] 4 Radboud University Nijmegen Digital Security Group P.O. Box 9010, 6500 GL Nijmegen, The Netherlands [email protected], [email protected] Abstract. This paper introduces a high-security post-quantum stateless hash-based sig- nature scheme that signs hundreds of messages per second on a modern 4-core 3.5GHz Intel CPU. Signatures are 41 KB, public keys are 1 KB, and private keys are 1 KB. The signature scheme is designed to provide long-term 2128 security even against attackers equipped with quantum computers. Unlike most hash-based designs, this signature scheme is stateless, allowing it to be a drop-in replacement for current signature schemes. Keywords: post-quantum cryptography, one-time signatures, few-time signatures, hyper- trees, vectorized implementation 1 Introduction It is not at all clear how to securely sign operating-system updates, web-site certicates, etc. once an attacker has constructed a large quantum computer: RSA and ECC are perceived today as being small and fast, but they are broken in polynomial time by Shor's algorithm.
    [Show full text]
  • Table of Contents
    PANAMA COUNTRY READER TABLE OF CONTENTS Edward W. Clark 1946-1949 Consular Officer, Panama City 1960-1963 Deputy Chief of Mission, Panama City Walter J. Silva 1954-1955 Courier Service, Panama City Peter S. Bridges 1959-1961 Visa Officer, Panama City Clarence A. Boonstra 1959-1962 Political Advisor to Armed Forces, Panama Joseph S. Farland 1960-1963 Ambassador, Panama Arnold Denys 1961-1964 Communications Supervisor/Consular Officer, Panama City David E. Simcox 1962-1966 Political Officer/Principal Officer, Panama City Stephen Bosworth 1962-1963 Rotation Officer, Panama City 1963-1964 Principle Officer, Colon 1964 Consular Officer, Panama City Donald McConville 1963-1965 Rotation Officer, Panama City John N. Irwin II 1963-1967 US Representative, Panama Canal Treaty Negotiations Clyde Donald Taylor 1964-1966 Consular Officer, Panama City Stephen Bosworth 1964-1967 Panama Desk Officer, Washington, DC Harry Haven Kendall 1964-1967 Information Officer, USIS, Panama City Robert F. Woodward 1965-1967 Advisor, Panama Canal Treaty Negotiations Clarke McCurdy Brintnall 1966-1969 Watch Officer/Intelligence Analyst, US Southern Command, Panama David Lazar 1968-1970 USAID Director, Panama City 1 Ronald D. Godard 1968-1970 Rotational Officer, Panama City William T. Pryce 1968-1971 Political Officer, Panama City Brandon Grove 1969-1971 Director of Panamanian Affairs, Washington, DC Park D. Massey 1969-1971 Development Officer, USAID, Panama City Robert M. Sayre 1969-1972 Ambassador, Panama J. Phillip McLean 1970-1973 Political Officer, Panama City Herbert Thompson 1970-1973 Deputy Chief of Mission, Panama City Richard B. Finn 1971-1973 Panama Canal Negotiating Team James R. Meenan 1972-1974 USAID Auditor, Regional Audit Office, Panama City Patrick F.
    [Show full text]
  • Performance Analysis of Cryptographic Hash Functions Suitable for Use in Blockchain
    I. J. Computer Network and Information Security, 2021, 2, 1-15 Published Online April 2021 in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijcnis.2021.02.01 Performance Analysis of Cryptographic Hash Functions Suitable for Use in Blockchain Alexandr Kuznetsov1 , Inna Oleshko2, Vladyslav Tymchenko3, Konstantin Lisitsky4, Mariia Rodinko5 and Andrii Kolhatin6 1,3,4,5,6 V. N. Karazin Kharkiv National University, Svobody sq., 4, Kharkiv, 61022, Ukraine E-mail: [email protected], [email protected], [email protected], [email protected], [email protected] 2 Kharkiv National University of Radio Electronics, Nauky Ave. 14, Kharkiv, 61166, Ukraine E-mail: [email protected] Received: 30 June 2020; Accepted: 21 October 2020; Published: 08 April 2021 Abstract: A blockchain, or in other words a chain of transaction blocks, is a distributed database that maintains an ordered chain of blocks that reliably connect the information contained in them. Copies of chain blocks are usually stored on multiple computers and synchronized in accordance with the rules of building a chain of blocks, which provides secure and change-resistant storage of information. To build linked lists of blocks hashing is used. Hashing is a special cryptographic primitive that provides one-way, resistance to collisions and search for prototypes computation of hash value (hash or message digest). In this paper a comparative analysis of the performance of hashing algorithms that can be used in modern decentralized blockchain networks are conducted. Specifically, the hash performance on different desktop systems, the number of cycles per byte (Cycles/byte), the amount of hashed message per second (MB/s) and the hash rate (KHash/s) are investigated.
    [Show full text]
  • The Second Cryptographic Hash Workshop
    Workshop Report The Second Cryptographic Hash Workshop University of California, Santa Barbara August 24-25, 2006 Report prepared by James Nechvatal and Shu-jen Chang Information Technology Laboratory, National Institute of Standards and Technology, Gaithersburg, MD 20899 Available online: http://csrc.nist.gov/groups/ST/hash/documents/SecondHashWshop_2006_Report.pdf 1. Introduction The Second Cryptographic Hash Workshop was held on Aug. 24-25, 2006, at University of California, Santa Barbara, in conjunction with Crypto 2006. 210 members of the global cryptographic community attended the workshop. The workshop was organized to encourage hash function research and discuss hash function development strategy. 2. Workshop Program The workshop program consisted of a day and a half of presentations of papers that were submitted to the workshop and panel discussion sessions. The main topics of the workshop included survey of hash function applications, new structures and designs of hash functions, cryptanalysis and attack tools, and development strategy of new hash functions. The program is available at http://csrc.nist.gov/groups/ST/hash/second_workshop.html . This report only briefly summarizes the presentations, because the above web site for the program includes links to the speakers' slides and papers. The main ideas of the discussion sessions, however, are described in considerable detail; in fact, the panelists and attendees are often paraphrased very closely, to minimize misinterpretation. Their statements are not necessarily presented in the order that they occurred, in order to organize them according to NIST's questions for each session. 3. Session Summary Session 1: Papers - New Structures of Hash Functions Session 1 included three talks dealing with new structures of hash functions.
    [Show full text]
  • SHA-3 and Permutation-Based Cryptography
    SHA-3 and permutation-based cryptography Joan Daemen1 Joint work with Guido Bertoni1, Michaël Peeters2 and Gilles Van Assche1 1STMicroelectronics 2NXP Semiconductors Crypto summer school Šibenik, Croatia, June 1-6, 2014 1 / 49 Outline 1 Prologue 2 The sponge construction 3 Keccak and SHA-3 4 Sponge modes of use 5 Block cipher vs permutation 6 Variations on sponge 2 / 49 Prologue Outline 1 Prologue 2 The sponge construction 3 Keccak and SHA-3 4 Sponge modes of use 5 Block cipher vs permutation 6 Variations on sponge 3 / 49 Prologue Cryptographic hash functions ∗ n Function h from Z2 to Z2 Typical values for n: 128, 160, 256, 512 Pre-image resistant: it shall take 2n effort to given y, find x such that h(x) = y 2nd pre-image resistance: it shall take 2n effort to 0 0 given M and h(M), find another M with h(M ) = h(M) collision resistance: it shall take 2n/2 effort to find x1 6= x2 such that h(x1) = h(x2) 4 / 49 Prologue Classical way to build hash functions Mode of use of a compression function: Fixed-input-length compression function Merkle-Damgård iterating mode Property-preserving paradigm hash function inherits properties of compression function …actually block cipher with feed-forward (Davies-Meyer) Compression function built on arithmetic-rotation-XOR: ARX Instances: MD5, SHA-1, SHA-2 (224, 256, 384, 512) … 5 / 49 The sponge construction Outline 1 Prologue 2 The sponge construction 3 Keccak and SHA-3 4 Sponge modes of use 5 Block cipher vs permutation 6 Variations on sponge 6 / 49 The sponge construction Sponge origin: RadioGatún Initiative
    [Show full text]
  • Theory and Practice Theory and Practice for Hash Functions
    www.ecrypt . eu. org Theory and practiceTitle of Presentation for hash functions Bart Preneel Kath o lie ke Un ivers ite it Leuven - COSIC [email protected] Cambridge, 1 February 2012 Insert presenter logo here on slide master Hash functions X.509 Annex D RIPEMD-160 MDC-2 SHA-256 SHA-3 MD2, MD4, MD5 SHA-512 SHA-1 This is an input to a crypto - graphic hash function. The input is a very long string, that is reduced by the hash function to a string of fixed length. There are 1A3FD4128A198FB3CA345932 additional security conditions: it h should be very hard to find an input hashing to a given value (a preimage) or to find two colliding inputs (a collision). 2 Applications • short unique identifier to a string – digital signatures – data authentication • one-way function of a string – protection of passwords – micro-payments • confirma tion o f k nowl e dge /comm itmen t • pseudo-random string generation/key derivation • entropy extraction • construction of MAC algorithms, stream ciphers, block ciphers,… 2005: 800 uses of MD5 in Microsoft Windows 3 Bridging theory and practice? 4 Agenda Definitions Iterations (modes) Compression functions Hash functions SHA-3 5 Security requirements (n-bit result) preimage 2nd preimage collision ? x ≠ ? ? ≠ ? h h h h h h(()x) h(()x) = h(()x’) h(()x) = h(x’) 2n 2n 2n/2 6 Length extension length extension: if one knows h(x), easy to compute h(x || y) without knowing x or IV IV H H 1 2 H = h(x) f f f 3 x1 x2 x3 IV H1 H2 H3 H4= h(x || y) f f f f x1 x2 x3 y solution: output transformation IV H1
    [Show full text]
  • Keccak and the SHA-3 Standardization
    Keccak and the SHA-3 Standardization Guido Bertoni1 Joan Daemen1 Michaël Peeters2 Gilles Van Assche1 1STMicroelectronics 2NXP Semiconductors NIST, Gaithersburg, MD February 6, 2013 1 / 60 Outline 1 The beginning 2 The sponge construction 3 Inside Keccak 4 Analysis underlying Keccak 5 Applications of Keccak, or sponge 6 Some ideas for the SHA-3 standard 2 / 60 The beginning Outline 1 The beginning 2 The sponge construction 3 Inside Keccak 4 Analysis underlying Keccak 5 Applications of Keccak, or sponge 6 Some ideas for the SHA-3 standard 3 / 60 The beginning Cryptographic hash functions * h : f0, 1g ! f0, 1gn Input message Digest MD5: n = 128 (Ron Rivest, 1992) SHA-1: n = 160 (NSA, NIST, 1995) SHA-2: n 2 f224, 256, 384, 512g (NSA, NIST, 2001) 4 / 60 The beginning Our beginning: RadioGatún Initiative to design hash/stream function (late 2005) rumours about NIST call for hash functions forming of Keccak Team starting point: fixing Panama [Daemen, Clapp, FSE 1998] RadioGatún [Keccak team, NIST 2nd hash workshop 2006] more conservative than Panama variable-length output expressing security claim: non-trivial exercise Sponge functions [Keccak team, Ecrypt hash, 2007] closest thing to a random oracle with a finite state Sponge construction calling random permutation 5 / 60 The beginning From RadioGatún to Keccak RadioGatún confidence crisis (2007-2008) own experiments did not inspire confidence in RadioGatún neither did third-party cryptanalysis [Bouillaguet, Fouque, SAC 2008] [Fuhr, Peyrin, FSE 2009] follow-up design Gnoblio went nowhere NIST SHA-3
    [Show full text]
  • Panamanian Música Típica and the Quest for National and Territorial Sovereignty
    “Cien por Ciento Nacional!” Panamanian Música Típica and the Quest for National and Territorial Sovereignty Melissa Gonzalez Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in the Graduate School of Arts and Sciences COLUMBIA UNIVERSITY 2015 ©2015 Melissa Gonzalez All Rights Reserved ABSTRACT “Cien por Ciento Nacional!” Panamanian Música Típica and the Quest for National and Territorial Sovereignty Melissa Gonzalez This dissertation investigates the socio-cultural and musical transfigurations of a rural-identified musical genre known as música típica as it engages with the dynamics of Panama’s rural-urban divide and the country’s nascent engagement with the global political economy. Though regarded as emblematic of Panama’s national folklore, música típica is also the basis for the country’s principal and most commercially successful popular music style known by the same name. The primary concern of this project is to examine how and why this particular genre continues to undergo simultaneous processes of folklorization and commercialization. As an unresolved genre of music, I argue that música típica can offer rich insight into the politics of working out individual and national Panamanian identities. Based on eighteen months of ethnographic fieldwork conducted in Panama City and several rural communities in the country’s interior, I examine the social struggles that subtend the emergence of música típica’s genre variations within local, national, and transnational contexts. Through close ethnographic analysis of particular case studies, this work explores how musicians, fans, and the country’s political and economic structures constitute divisions in regards to generic labeling and how differing fields of musical circulation and meaning are imagined.
    [Show full text]
  • The Rijndael Block Cipher, Other Than Encryption
    Joan Daemen Vincent Rijmen Note on naming Rijndael Note on naming 1. Introduction After the selection of Rijndael as the AES, it was decided to change the names of some of its component functions in order to improve the readability of the standard. However, we see that many recent publications on Rijndael and the AES still use the old names, mainly because the original submission documents using the old names, are still available on the Internet. In this note we repeat quickly the new names for the component functions. Additionally, we remind the reader on the difference between AES and Rijndael and present an overview of the most important references for Rijndael and the AES. 2. References [1] Joan Daemen and Vincent Rijmen, AES submission document on Rijndael, June 1998. [2] Joan Daemen and Vincent Rijmen, AES submission document on Rijndael, Version 2, September 1999. http://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael.pdf [3] FIPS PUB 197, Advanced Encryption Standard (AES), National Institute of Standards and Technology, U.S. Department of Commerce, November 2001. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf [4] Joan Daemen and Vincent Rijmen, The Design of Rijndael, AES - The Advanced Encryption Standard, Springer-Verlag 2002 (238 pp.) 3. Naming The names of the component functions of Rijndael have been modified between the publication of [2] and that of [3]. Table 1 lists the two versions of names. We recommend using the new names. Old naming New naming ByteSub SubBytes ShiftRow ShiftRows MixColumn MixColumns AddRoundKey AddRoundKey Table 1: Old and new names of the Rijndael component functions 4.
    [Show full text]