Interface of Ciphers and Authenticated Ciphers Alice: I love you! Bob Alice: I love you! Bob Basic Security Services (1) 1. Confidentiality Bob Alice
Charlie 2. Message integrity Bob Alice
Charlie 3. Message authentication Bob Alice
Charlie Confidentiality Ciphers Bob Alice IV Message IV Ciphertext
KAB Cipher KAB Cipher
IV Ciphertext IV Message
KAB - Secret key of Alice and Bob IV – Initialization Vector Authentication Message Authentication Code - MAC
Bob Alice
IV Message Tag IV Message Tag
KAB KAB MAC MAC
Tag’
valid =
Tag
KAB - Secret key of Alice and Bob IV – Initialization Vector Confidentiality & Authentication Authenticated Ciphers
Bob Alice IV Message IV Ciphertext Tag
K valid KAB Authenticated AB Authenticated Cipher Cipher
IV Ciphertext Tag IV Message Tag’
KAB - Secret key of Alice and Bob IV – Initialization Vector Confidentiality & Authentication Authenticated Ciphers with Associated Data
Bob Alice IV AD Message IV AD Ciphertext Tag
K valid KAB Authenticated AB Authenticated Cipher Cipher
IV AD Ciphertext Tag IV AD Message Tag’
KAB - Secret key of Alice and Bob IV – Initialization Vector, AD – Associated Data Two Types of Ciphers
Ciphers: Authenticated Ciphers:
• XTS-AES • AES-GCM • Salsa20/12 • AES-OCB3 • KASUMI • AES-OCB • CLEFIA • AES-CCM • Rabbit • AES-EAX • SNOW 3G • Grain-128a • HIGHT • SEED-128 • MISTY1 • Camellia Cipher Core Interface
clk rst
clk rst Cipher w Core w pdi do PDI DO Public Data Input pdi_ready do_ready Data Output Ports Ports pdi_read do_write w sdi error SDI Error Notification sdi_ready Secret Data Input 8 Ports ecode Ports sdi_read Ciphers
Public Data Inputs: Data Outputs:
Encryption: Encryption: • Initialization Vector - IV • Initialization Vector - IV • Message - M • Ciphertext - C
Decryption: Decryption: • Initialization Vector - IV • Initialization Vector - IV • Ciphertext - C • Message - M
Secret Data Input:
• Key - K Authenticated Ciphers
Public Data Inputs: Data Outputs:
Encryption: Encryption: • Initialization Vector - IV • Initialization Vector - IV • Associated Data - AD • Associated Data - AD • Message - M • Ciphertext - C • Tag - T
Decryption: Decryption: • Initialization Vector - IV • Initialization Vector - IV • Associated Data - AD • Associated Data - AD • Ciphertext - C • Message - M • Tag - T • Tag - T
Secret Data Input:
• Key - K Typical External Circuit
clk rst
clk rst clk rst clk rst Cipher w w w w epdi ipdi Core ido edo pdi do DO pfifo_full PDI pfifo_empty ofifo_full ofifo_empty FIFO pdi_ready do_ready FIFO pfifo_write pfifoin_read pdi_read ofifo_write ofifo_read do_write w w esdi isdi sdi error sfifo_full SDI sfifo_empty FIFO sdi_ready 8 ecode sfifo_write sfifo_read sdi_read
clk rst Format of Secret Data Input
w bits
instruction seg_0_header . . seg_0 . = Key
Format of Public Data Input Authenticated Cipher - Encryption
w bits
instruction seg_0_header
seg_0 = IV
seg_1_header. . . seg_1 = AD
seg_2_header
seg_2 = Message Format of Data Output Authenticated Cipher - Encryption
w bits
instruction seg_0_header
seg_0 = IV
seg_1_header . seg_1. = AD . seg_2_header
seg_2 = Ciphertext
seg_3_header seg_3 = Tag Instruction w-1 0 0000 – – – – – – – – – – – – – – – – – – ….. – – – – – – – – – –
8 4 4 w-16 Message ID Opcode [0..255] 0000 – Encryption 0001 – Decryption 0010 – Authenticated Encryption 0011 – Authenticated Decryption 0100 – Load Key Segment Header
w-1 0 – – 1 8 4 2 1 1 w-16 Message ID LS Segment [0..255] Length Segment [0..2w-16-1 bytes] Type 0000 – Reserved 0001 – Initialization Vector 0010 – Associated Data 0011 – Message 0100 – Ciphertext 0101 – Tag 0110 – Key LS = 1 if the last segment of input 0 otherwise Error Codes ecode output
0 – No error 1 – Unsupported opcode 2 – Uninitialized key 3 – Unsupported key length 4 – Unsupported IV length 5 – Unsupported tag length 6 – Segments out of sequence (e.g., Message before IV) 7 – Segment type incompatible with opcode (e.g., AD for Encryption) 8 – Invalid Tag