DOCSLIB.ORG

Unified Hardware Architecture for 128-Bit Block Ciphers AES and Camellia

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Unified Hardware Architecture for 128-Bit Block Ciphers AES and Camellia Unified Hardware Architecture for 128-bit Block Ciphers AES and Camellia A. Satoh and S. Morioka Tokyo Research Laboratory IBM Japan Ltd. Contents Unified S-Box Unified Permutation Layer Unified Data Path Architecture ASIC Implementation Results Conclusion Unified S-Box AES S-Box Combinations of GF(28) inverter and affine transformations Inverter followed by affine transformation for encryption and inverter follows affine transformation for decryption SubBytes InvSubBytes x0 y0 x0 y0 x1 y1 x1 y1 x2 y2 x2 y2 x3 GF(28 ) y3 x3 GF(2 8 ) y3 x4 Inverter y4 x4 Inverter y4 x5 y5 x5 y5 x6 y6 x6 y6 x7 y7 x7 y7 Affine Transformation A Affine Transformation A-1 1 0 0 0 1 1 1 1 a 1 0 0 1 0 0 1 0 1 a ⊕ 1 0 0 1 1 0 0 0 1 1 1 a1 1 1 0 0 1 0 0 1 0 a1 ⊕ 1 1 1 1 0 0 0 1 1 a 0 0 1 0 0 1 0 0 1 a 2 2 1 1 1 1 0 0 0 1 a3 0 1 0 1 0 0 1 0 0 a3 ⊕ 1 1 1 1 1 0 0 0 a 0 4 0 1 0 1 0 0 1 0 a4 0 1 1 1 1 1 0 0 a 1 0 0 1 0 1 0 0 1 a ⊕ 1 5 5 0 0 1 1 1 1 1 0 1 a6 1 0 0 1 0 1 0 0 a6 ⊕ 1 0 0 0 1 1 1 1 1 a 0 7 0 1 0 0 1 0 1 0 a7 Camellia S-Box GF((24)2) inverter is placed between two affine transformations Four S-Boxes S1~S4 (I/O ordering is differed) are used Feistel-type cipher Camellia uses same S-Box in encryption and decryption s1 s2 x0 y0 8 8 x >>1 y x1 y1 s1 x2 y2 x3 GF((242 ) ) y3 s3 8 8 x4 Inverter y4 x s1 <<1 y x5 y5 x6 y6 s4 8 8 x7 y7 x <<1 s1 y Affine TransformationFH Affine Transformation 0 1 0 0 0 1 0 0 a ⊕ 1 0 1 0 0 1 1 0 0 a 0 0 0 1 0 0 0 0 0 1 0 a1 ⊕ 1 0 1 0 0 0 1 0 0 a1 1 0 0 1 0 1 0 0 1 a 0 0 0 1 0 0 1 0 a 1 2 2 0 0 1 0 0 0 0 1 a3 0 1 0 0 0 0 0 1 a3 0 ⊕ 0 0 0 1 0 0 1 0 a 4 0 0 1 0 0 0 1 0 a4 1 0 1 0 0 1 0 0 0 a5 ⊕ 1 1 0 0 0 0 0 0 1 a 1 5 1 0 0 0 0 0 0 1 a 6 1 0 0 0 1 0 0 0 a6 1 0 0 0 1 0 1 0 0 a ⊕ 1 7 0 0 1 0 0 1 0 0 a7 0 Unified S-Box (1) AES S-Boxes (4) Combine affine and isomorphism 0 -1% 0 (28 ) (28 ) δ 4 2 δ A GF A A-1 GF GF((2 ) ) Inverter Inverter Inverter A-1% δ 1 δ -1 1 SubBytes InvSubBytes (2) Share GF(28) inverter (5) Share common terms 0 A 0 0 0 GF(28 ) δ GF((24 )2) δ -1%A -1 Inverter -1% Inverter -1 A 1 1 A δ 1 δ 1 (3) Use GF((24)2) inverter (6) Merge Camellia S-Box 0 4 2 A 0 δ 0 δ -1%A 0 GF((2 ) ) GF((24 )2) δ δ -1 A-1% δ 1 δ -1 1 -1 Inverter Inverter A 1 1 FH2 2 Modifying affine transformations In order to share common terms, bit inverse operations on input are converted to the operations on output -1 δ 0 4 2 δ %A 0 -1 GF((2 ) ) A-1% δ 1 δ -1 1 A Inverter F 2 H 2 1 1 0 0 0 1 1 0 a 0 1 0 0 0 1 0 0 a ⊕ 1 A-1×δ 0 F 0 0 1 1 1 0 0 0 1 a1 ⊕ 1 1 0 0 0 0 0 1 0 a1 ⊕ 1 0 1 1 1 1 0 0 0 a ⊕ 1 0 0 1 0 1 0 0 1 a 2 2 1 1 1 1 0 1 1 1 a3 0 0 1 0 0 0 0 1 a3 1 0 1 0 0 0 0 0 a4 0 0 0 1 0 0 1 0 a4 0 0 1 0 1 0 1 0 a 0 1 0 0 1 0 0 0 a ⊕ 1 5 5 0 1 1 0 1 1 0 0 a6 ⊕ 1 1 0 0 0 0 0 0 1 a6 0 0 1 0 0 0 1 0 a7 ⊕ 1 0 0 0 1 0 1 0 0 a7 ⊕ 1 1 1 0 0 0 1 1 0a 0 0 1 0 0 0 1 0 0 a0 0 0 0 1 1 1 0 0 0 1a1 1 1 0 0 0 0 0 1 0 a1 1 0 1 1 1 1 0 0 0a 0 0 0 1 0 1 0 0 1 a 1 2 2 1 1 1 1 0 1 1 1a3 0 0 0 1 0 0 0 0 1 a3 1 ⊕ ⊕ 0 0 0 1 0 0 1 0 a 0 1 0 1 0 0 0 0 0a4 1 4 0 0 1 0 1 0 1 0a 0 0 1 0 0 1 0 0 0 a 1 5 5 0 1 1 0 1 1 0 0a6 0 1 0 0 0 0 0 0 1 a6 0 0 0 0 1 0 1 0 0 a 1 0 0 1 0 0 0 1 0a7 0 7 Common term sharing δ 0 δ -1%A 0 GF((24 )2) -1% δ 1 δ -1 1 A Inverter Merging 6 matrices FH2 2 into 2 matrices 1 0 1 0 0 0 0 0 a 1 0 0 0 0 1 1 0 a 0 0 0 1 0 1 0 1 1 0 0 a1 1 1 0 1 0 0 0 0 a1 1 1 1 0 1 0 0 1 0 a 1 0 0 0 1 1 1 0 a 1 XORs are reduced 2 2 0 1 1 1 0 0 0 0 a3 0 1 1 1 1 0 1 1 a3 0 -1 ⊕ 1 1 0 0δ 0 1 1 0 a 0 0 δ0 0 ×0A1 0 1 a 0 by 40% 4 4 0 1 0 1 0 0 1 0 a 0 1 0 1 1 0 0 1 a 0 5 5 0 0 0 0 1 0 1 0 a6 1 0 0 0 1 1 1 1 a6 1 1 1 0 1 1 1 0 1 a7 0 1 1 0 0 1 0 1 a7 1 δ 20 XORs 1 1 0 0 0 1 1 0a 0 0 0 1 0 0 1 0 0 a 0 0 -1 0 1 1 1 0 0 0 1a1 1 1 1 1 0 1 1 1 0 a1 δ 21 XORs 0 1 1 1 1 0 0 0a 0 1 0 1 0 0 1 0 0 a 2 2 -1 1 1 1 1 0 1 1 1a3 0 0 1 0 1 1 0 1 0 a3 A ×δ 22 XORs -1 ⊕ -1 A ×δ 1 0 1 δ1 0 0 1 0 a 1 0 1 0 0 0 0 0a4 1 4 -1 0 0 1 0 1 0 1 0 a 0 0 1 1 1 0 0 1 0 a5 Original δ ×A 21 XORs 5 1 0 1 1 0 0 0 0 0 1 1 0 1 1 0 0a6 0 a6 0 1 0 1 0 0 0 1 a F 9 XORs 0 0 1 0 0 0 1 0a7 0 7 0 1 0 0 0 1 0 0 a 0 0 1 0 0 1 1 0 0 a 0 H 9 XORs 0 0 1 0 0 0 0 0 1 0 a1 1 0 1 0 0 0 1 0 0 a1 1 0 0 1 0 1 0 0 1 a 1 0 0 0 1 0 0 1 0 a 1 Total 102 XORs 2 2 0 0 1 0 0 0 0 1 a3 1 0 1 0 0 0 0 0 1 a3 0 ⊕ ⊕ AES+ 0 0 0 1F 0 0 1 0 a 0 0 0 1 0H0 0 1 0 a 1 Merged 56~60 XORs 4 4 0 1 0 0 1 0 0 0 a 1 1 0 0 0 0 0 0 1 a 1 S1~S4 5 5 1 0 0 0 0 0 0 1 a6 0 1 0 0 0 1 0 0 0 a6 1 0 0 0 1 0 1 0 0 1 a7 0 0 1 0 0 1 0 0 a7 0 Performance of unified S-Box 1/2 size in comparison with discretely implemented S-Boxes Speed degraded by 20% due to selectors for component sharing ((24 )2) 280 gates -1% GF δ InvSubBytes A δ Inverter 3.65 ns (AES) ((24 )2) 280 gates Total δ GF -1% SubBytes Inverter δ A 3.56 ns 816 gates (AES) ((24 )2) 256 gates F GF H S1~S4 Inverter 3.45 ns (Camellia) δ 0 δ -1 %A 0 SubBytes+ GF((24 )2) 411~414 gates -1% δ 1 δ -1 1 InvSubBytes+ A Inverter S1~S4 FH2 2 4.29~4.65 ns (AES+Camellia) Unified Permutation Layer Merging MixColumns and InvMixColumns Break permutation layers of AES (MixColumns and InvMixColumns) into {01, 02, 04, 08} elements All elements of MixColumns are included in InvMixColumns MixColumns InvMixColumns z 02 03 01 01 x yy 0E0E 0B0B 0D0D 0909 xx 0 0 Same 0 0 00 z1 01 02 03 01 x1 yy11 0909 0E0E 0B0B 0D0D xx11 = ⋅⋅ == ⋅⋅ z 01 01 02 03 x yy 0D0D 0909 0E0E 0B0B xx 2 22 Matrices 22 22 z 03 01 01 02 x z3 03 01 01 02 x3 yy33 0B0B 0D0D 0909 0E0E xx33 00 01 01 01 x 02 02 00 00 x 00 01 01 01 x 02 02 00 00 x 0 0 0 0 01 00 01 01 x1 00 02 02 00 x1 01 00 01 01 x 00 02 02 00 x = ⋅ + ⋅ = ⋅ 1 + ⋅ 1 01 01 00 01 x 00 00 02 02 x 01 01 00 01 x 00 00 02 02 x 2 2 2 2 01 01 01 00 x3 02 00 00 02 x3 01 01 01 00 x3 02 00 00 02 x3 04 00 04 00 x 08 08 08 08 x 0 0 00 04 00 04 x 08 08 08 08 x + ⋅ 1 + ⋅ 1 04 00 04 00 x 08 08 08 08 x 2 2 00 04 00 04 x3 08 08 08 08 x3 Merging P-function and InvMixColumns Generate 64-bit matrix contains two InvMixColumns Factor common terms between P-function and 64-bit InvMixColumns P - function InvMixColumns w 0 1 0 1 1 0 1 1 1 x 0 y 0 E B D 9 x0 w1 1 1 0 1 1 0 1 1 x1 y1 9 E B D x1 0 w 2 1 1 1 0 1 1 0 1 x 2 y 2 D 9 E B x 2 w 3 0 1 1 1 1 1 1 0 x 3 y3 B D 9 E x3 = ⋅ = ⋅ w 1 1 0 0 0 1 1 1 x y E B D 9 x 4 4 4 4 9 E B D w 5 0 1 1 0 1 0 1 1 x 5 y5 x5 0 w 0 0 1 1 1 1 0 1 x D 9 E B 6 6 y 6 x6 w 1 0 0 1 1 1 1 0 x B D 9 E 7 7 y 7 x7 1 0 0 0 0 1 1 1 x x x x 0 0 0 1 1 0 E A E 8 0 0 1 1 1 0 1 0 1 1 0 1 0 0 x1 1 0 0 1 x1 8 E A E x1 1 0 1 1 x1 1 1 0 1 0 0 0 0 0 1 0 x 2 1 1 0 0 x 2 E 8 E A x 2 1 1 0 1 x2 1 1 1 0 0 0 0 1 x 3 0 1 1 0 x 3 A E 8 E x3 1 1 1 0 x3 = ⋅ + ⋅ = ⋅ + ⋅ 1 1 0 0 x 0 1 1 1 x E A E 8 x 0 1 1 1 x 4 4 4 4 1 0 1 1 8 E A E 1 0 1 1 0 1 1 0 x 5 x 5 x5 x5 0 0 0 0 0 1 1 x 1 1 0 1 x E 8 E A 1 1 0 1 0 6 6 x6 x6 1 0 0 1 x 1 1 1 0 x A E 8 E 1 1 1 0 7 7 x7 x7 Performance of unified permutation layer Number of XOR terms is reduced to 1/3 of the original matrices with two additional XOR-gates of delay x {08,04,00} {02,01,00} {01,00} {01,00} -element -element -element -element Matrices Matrices Matrices Matrices y z w InvMixColumns MixColumns P-function Original Matrices Shared MixCol InvMixCol P-funk Total Matrix XORs 304 880 288 1,482 476 Delay (gates) 3 5 3 5 7 Unified Data Path Architecture AES Algorithm SPN structure using 4 primitive functions takes 11 rounds Cipherihg Block a a a a 00 0102 03 k 00kkk01 02 03 b00bbb01 02 03 128-bit plain text 1-bit a a a a kkkk bbbb 10 1112 13 1011 12 13 = 1011 12 13 88 8 XOR a a a a kkkk bbbb 128 20 2122 23 2021 22 23 2021 22 23 AddRoundKey a30 a31a32 a 33 kkkk3031 32 33 bbbb3031 32 33 SubBytes a a a a b bbb ShiftRows 8-bit 00 0102 03 S-Box 0001 02 03 a a a a bbbbb MixColumns S-Box 10 11ij 13 1011 12ij 13 a a a a bbbb AddRoundKey 16 20 2122 23 2021 22 23 a30 a31a32 a 33 bbbb3031 32 33 a a a a no shift a a a a 32-bit 0001 02 03 0001 02 03 SubBytes a a a a left rotation by 1 a Rotation 10 1112 13 10 ShiftRows a a a a left rotation by 2 a a 4 2021.
Load more

Recommended publications
  • Camellia: a 128-Bit Block Cipher Suitable for Multiple Platforms
    gopyright x nd witsuishi iletri gorp ortion PHHHEPHHI g mel l iX e IPVEfit flo k gipher uitle for wultiple ltforms y z y uzumro eoki etsuyshikw wsyuki und z y z z witsuru wtsui hiho worii tunkoxkjim oshio okit y xipp on elegrph nd elephone gorp ortion IEI rikrino okD okosukD ungwD PQWEHVRU tpn fmroDkndDshihogdislFnttFoFjp z witsuishi iletri gorp ortion SEIEI yfunD umkurD ungwD PRUEVSHI tpn fihikwDmtsuiDjuneISDtokitgdissFislFmeloFoFjp er IFHX tuly IQD PHHH er PFHX eptemer PTD PHHI estrtF e present new IPVEit lo k ipher lled gmel liF gmelli supp orts IPVEit lo ksizend IPVED IWPED nd PSTEit keysD iFeF the sme interfe sp eitions s the edvned inryption tndrd @eiAF iieny on oth softE wre nd hrdwre pltforms is remrkle hrteristi of gmelli in ddition to its high level of seurityF st is onrmed tht gmelli provides strong seurity ginst dierentil nd liner ryptnlysisF gompred to the ei nlistsD iFeF weD gTD ijndelD erp entD nd woshD gmelli oers t lest omprle enryption sp eed in softwre nd hrdwreF en optimized implementtion of gmelE li in ssemly lnguge n enrypt on entiums s s @IFIQqrzA t the rte of RUI wits p er seondF sn dditionD distinguishing feture is its smll hrdwre designF e hrdwre implementtionD whih inludes enryptionD deryptionD nd the key shedule for IPVEit keysD o upies only VFIPu gtes using HFIV"m gwy esg lirryF his is in the smllest lss mong ll existing IPVEit lo k iphersF gopyright x nd witsuishi iletri gorp ortion PHHHEPHHI gontents I sntro dution I P hesign tionle Q PFI p Efuntion X X X X X X X X X X X X X X X X X X X X X X X X X
    [Show full text]
  • Zero Correlation Linear Cryptanalysis on LEA Family Ciphers
    Journal of Communications Vol. 11, No. 7, July 2016 Zero Correlation Linear Cryptanalysis on LEA Family Ciphers Kai Zhang, Jie Guan, and Bin Hu Information Science and Technology Institute, Zhengzhou 450000, China Email: [email protected]; [email protected]; [email protected] Abstract—In recent two years, zero correlation linear Zero correlation linear cryptanalysis was firstly cryptanalysis has shown its great potential in cryptanalysis and proposed by Andrey Bogdanov and Vicent Rijmen in it has proven to be effective against massive ciphers. LEA is a 2011 [2], [3]. Generally speaking, this cryptanalytic block cipher proposed by Deukjo Hong, who is the designer of method can be concluded as “use linear approximation of an ISO standard block cipher - HIGHT. This paper evaluates the probability 1/2 to eliminate the wrong key candidates”. security level on LEA family ciphers against zero correlation linear cryptanalysis. Firstly, we identify some 9-round zero However, in this basic model of zero correlation linear correlation linear hulls for LEA. Accordingly, we propose a cryptanalysis, the data complexity is about half of the full distinguishing attack on all variants of 9-round LEA family code book. The high data complexity greatly limits the ciphers. Then we propose the first zero correlation linear application of this new method. In FSE 2012, multiple cryptanalysis on 13-round LEA-192 and 14-round LEA-256. zero correlation linear cryptanalysis [4] was proposed For 13-round LEA-192, we propose a key recovery attack with which use multiple zero correlation linear approximations time complexity of 2131.30 13-round LEA encryptions, data to reduce the data complexity.
    [Show full text]
  • Internet Engineering Task Force (IETF) S. Kanno Request for Comments: 6367 NTT Software Corporation Category: Informational M
    Internet Engineering Task Force (IETF) S. Kanno Request for Comments: 6367 NTT Software Corporation Category: Informational M. Kanda ISSN: 2070-1721 NTT September 2011 Addition of the Camellia Cipher Suites to Transport Layer Security (TLS) Abstract This document specifies forty-two cipher suites for the Transport Security Layer (TLS) protocol to support the Camellia encryption algorithm as a block cipher. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6367. Copyright Notice Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
    [Show full text]
  • Camellia: a 128-Bit Block Cipher Suitable for Multiple Platforms – Design Andanalysis
    Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms – Design andAnalysis Kazumaro Aoki1, Tetsuya Ichikawa2, Masayuki Kanda1, Mitsuru Matsui2, Shiho Moriai1, Junko Nakajima2, and Toshio Tokita2 1 Nippon Telegraph and Telephone Corporation, 1-1 Hikarinooka, Yokosuka, Kanagawa, 239-0847Japan {maro,kanda,shiho}@isl.ntt.co.jp 2 Mitsubishi Electric Corporation, 5-1-1 Ofuna, Kamakura, Kanagawa, 247-8501 Japan {ichikawa,matsui,june15,tokita}@iss.isl.melco.co.jp Abstract. We present a new 128-bit block cipher called Camellia. Camellia supports 128-bit block size and 128-, 192-, and 256-bit keys, i.e., the same interface specifications as the Advanced Encryption Stan- dard (AES). Efficiency on both software and hardware platforms is a remarkable characteristic of Camellia in addition to its high level of se- curity. It is confirmed that Camellia provides strong security against differential and linear cryptanalyses. Compared to the AES finalists, i.e., MARS, RC6, Rijndael, Serpent, and Twofish, Camellia offers at least comparable encryption speed in software and hardware. An optimized implementation of Camellia in assembly language can encrypt on a Pen- tium III (800MHz) at the rate of more than 276 Mbits per second, which is much faster than the speed of an optimized DES implementation. In addition, a distinguishing feature is its small hardware design. The hard- ware design, which includes encryption and decryption and key schedule, occupies approximately 11K gates, which is the smallest among all ex- isting 128-bit block ciphers as far as we know. 1 Introduction This paper presents a 128-bit block cipher called Camellia, which was jointly developed by NTT and Mitsubishi Electric Corporation.
    [Show full text]
  • Block Ciphers: Fast Implementations on X86-64 Architecture
    Block Ciphers: Fast Implementations on x86-64 Architecture University of Oulu Department of Information Processing Science Master’s Thesis Jussi Kivilinna May 20, 2013 Abstract Encryption is being used more than ever before. It is used to prevent eavesdropping on our communications over cell phone calls and Internet, securing network connections, making e-commerce and e-banking possible and generally hiding information from unwanted eyes. The performance of encryption functions is therefore important as slow working implementation increases costs. At server side faster implementation can reduce the required capacity and on client side it can lower the power usage. Block ciphers are a class of encryption functions that are typically used to encrypt large bulk data, and thus make them a subject of many studies when endeavoring greater performance. The x86-64 architecture is the most dominant processor architecture in server and desktop computers; it has numerous different instruction set extensions, which make the architecture a target of constant new research on fast software implementations. The examined block ciphers – Blowfish, AES, Camellia, Serpent and Twofish – are widely used in various applications and their different designs make them interesting objects of investigation. Several optimization techniques to speed up implementations have been reported in previous research; such as the use of table look-ups, bit-slicing, byte-slicing and the utilization of “out-of-order” scheduling capabilities. We examine these different techniques and utilize them to construct new implementations of the selected block ciphers. Focus with these new implementations is in modes of operation which allow multiple blocks to be processed in parallel; such as the counter mode.
    [Show full text]
  • A Cache Trace Attack on CAMELLIA
    A Cache Trace Attack on CAMELLIA Rishabh Poddar, Amit Datta, and Chester Rebeiro Department of Computer Science and Engineering, Indian Institute of Technology, Kharagpur, India {rishavp,adatta,chester}@cse.iitkgp.ernet.in Abstract. CAMELLIA is a 128 bit block cipher certified for its security by NESSIE and CRYPTREC. Yet an implementation of CAMELLIA can easily fall prey to cache attacks. In this paper we present an attack on CAMELLIA, which utilizes cache access patterns along with the differen- tial properties of CAMELLIA’s s-boxes. The attack, when implemented on a PowerPC microprocessor having a 32 byte cache line size requires power traces from 216 different encryptions. Further, the work shows that this trace requirement reduces to 211 if a 64 byte cache line is used. 1 Introduction With the development of newer and better encryption schemes, it has become increasingly difficult to find flaws in the algorithm and therefore the schemes are more secure. However, implementations of the encryption algorithms are highly susceptible to being attacked. Attacks that target implementations are known as side channel attacks, and were discovered by Paul Kocher in 1996 [10]. These attacks take advantage of the information that gets leaked during the cipher’s execution. The channels for leakage are generally power consumption, timing for execution, and electro-magnetic radiation. Cache attacks are a class of side-channel attacks that glean secret information from the behavior of the processor’s cache memory. These attacks utilize the fact that a cache miss has a different power and timing profile compared to a cache hit. Cache attacks were first prophesied by Kelsey et al.
    [Show full text]
  • Camellia As an Oilseed Crop
    HORTSCIENCE 52(4):488–497. 2017. doi: 10.21273/HORTSCI11570-16 Camellia as an Oilseed Crop Haiying Liang1 Department of Genetics and Biochemistry, Clemson University, Clemson, SC 29634 Bing-Qing Hao, Guo-Chen Chen, Hang Ye, and Jinlin Ma1 Guangxi Forestry Research Institute, Guangxi Key Laboratory of Non-wood Cash Crops Cultivation and Utilization, Nanning, P.R. China, 530002 Additional index words. biodiesel, cultivar, edible oil, new horticultural crop, oil camellias Abstract. Camellia is one of the four main oil-bearing trees along with olive, palm, and coconut in the world. Known as ‘‘Eastern Olive Oil,’’ camellia oil shares similar chemical composition with olive oil, with high amounts of oleic acid and linoleic acid and low saturated fats. Camellia was first exploited for edible oil in China more than 1000 years ago. Today, its oil serves as the main cooking oil in China’s southern provinces. Introduction of camellia oil into the Western countries was delayed until the recognition of its many health benefits. Although popularity for the oil has yet to grow outside of China, interest has emerged in commercial production of camellia oil in other countries in recent years. Unlike seed-oil plants that are grown on arable land, oil camellias normally grow on mountain slopes. This allows the new crop to take full usage of the marginal lands. To facilitate promoting this valuable crop as an alternative oil source and selecting promising cultivars for targeted habitats, this paper reviews the resources of oil camellias developed in China, use of by-products from oil-refining process, as well as the progress of developing camellias for oil production in China and other nations.
    [Show full text]
  • A Review on the Biological Activity of Camellia Species
    molecules Review A Review on the Biological Activity of Camellia Species Ana Margarida Teixeira 1 and Clara Sousa 2,* 1 LAQV/REQUIMTE, Departamento de Ciências Químicas, Faculdade de Farmácia, Universidade do Porto, 4050-290 Porto, Portugal; [email protected] 2 CBQF—Centro de Biotecnologia e Química Fina-Laboratório Associado, Escola Superior de Biotecnologia, Universidade Católica Portuguesa, Rua Diogo Botelho 1327, 4169-005 Porto, Portugal * Correspondence: [email protected] Abstract: Medicinal plants have been used since antiquity to cure illnesses and injuries. In the last few decades, natural compounds extracted from plants have garnered the attention of scientists and the Camellia species are no exception. Several species and cultivars are widespread in Asia, namely in China, Japan, Vietnam and India, being also identified in western countries like Portugal. Tea and oil are the most valuable and appreciated Camellia subproducts extracted from Camellia sinensis and Camellia oleifera, respectively. The economic impact of these species has boosted the search for additional information about the Camellia genus. Many studies can be found in the literature reporting the health benefits of several Camellia species, namely C. sinensis, C. oleifera and Camellia japonica. These species have been highlighted as possessing antimicrobial (antibacterial, antifungal, antiviral) and antitumoral activity and as being a huge source of polyphenols such as the catechins. Particularly, epicatechin (EC), epigallocatechin (EGC), epicatechin-3-gallate (ECG), and specially epigallocatechin-3-gallate (EGCG), the major polyphenols of green tea. This paper presents a detailed review of Camellia species’ antioxidant properties and biological activity. Citation: Teixeira, A.M.; Sousa, C. A Keywords: antimicrobial; antitumor; antifungal; phenolics; flavonoids; ABTS Review on the Biological Activity of Camellia Species.
    [Show full text]
  • An Improved Impossible Differential Attack on MISTY1
    An Improved Impossible Differential Attack on MISTY1 Orr Dunkelman1,⋆ and Nathan Keller2,⋆⋆ 1 Ecole´ Normale Sup´erieure D´epartement d’Informatique, CNRS, INRIA 45 rue d’Ulm, 75230 Paris, France. [email protected] 2Einstein Institute of Mathematics, Hebrew University. Jerusalem 91904, Israel [email protected] Abstract. MISTY1 is a Feistel block cipher that received a great deal of cryptographic attention. Its recursive structure, as well as the added FL layers, have been successful in thwarting various cryptanalytic tech- niques. The best known attacks on reduced variants of the cipher are on either a 4-round variant with the FL functions, or a 6-round variant without the FL functions (out of the 8 rounds of the cipher). In this paper we combine the generic impossible differential attack against 5-round Feistel ciphers with the dedicated Slicing attack to mount an attack on 5-round MISTY1 with all the FL functions with time com- plexity of 246.45 simple operations. We then extend the attack to 6- round MISTY1 with the FL functions present, leading to the best known cryptanalytic result on the cipher. We also present an attack on 7-round MISTY1 without the FL layers. 1 Introduction MISTY1 [10] is a 64-bit block cipher with presence in many cryptographic stan- dards and applications. For example, MISTY1 was selected to be in the CRYP- TREC e-government recommended ciphers in 2002 and in the final NESSIE portfolio of block ciphers, as well as an ISO standard (in 2005). MISTY1 has a recursive Feistel structure, where the round function is in itself (very close to) a 3-round Feistel construction.
    [Show full text]
  • Name of Cryptographic Technique Camellia
    (Appendix B) Publication status of specification (Submission Form 6) Name of cryptographic technique Camellia i) Date and the name of the conference where the submission was publicized Date: 2000.5.25 Name of the speaker: Masayuki KANDA Name of the conference: ISEC Technical report of IEICE Title of the talk and the paper: Camellia – A 128-bit Block Cipher ii) Oath on settlement of the export regulations and the evidence We declare that there is no regulations on the documents of the submitted technique (Camellia) EXCEPT the documents “(4) Test vector” and “(5) Reference code/its specification, and test vector generation program/its specification.” We also declare that there is regulations on the documents (4) and (5) because their documents are unpublished. Name of the applicant in charge: Sei’ichi Ido Evidence on settlement of the regulations (attach a copy of the document). The ISEC technical report on the 25th May, 2000, is attached. Since the following documents do NOTincludes information on design, manufacture, and experiment, they are NOT a target for export regulations; (1) Application form in 2001, (2) Fixed information of Specifications in 2001, (3) Update of Self Evaluation Report in 2001, (6) Publication status of specification, (7) Presentation file for CRYPTREC submission explanation meeting. Title of the document: Camellia – A 128-bit Block Cipher iii) Intellectual property and license We declare that there is no responsibility for evaluation purpose of CRYPTREC on the submitted technique (Camellia). Name of the applicant in charge: Sei’ichi Ido Describe all patents and intellectual properties regarding the submission Patent number, Title, Date of application 2000-064614 データ変換装置及びデータ変換方法及びデータ変換方法をコンピュータに実行させるプログラムを記録したコ ンピュータ読み取り可能な記録媒体 (date of application: March 9.
    [Show full text]
  • Specification of Camellia | a 128-Bit Block Cipher
    Sp eci cation of C amel l ia | a 128-bit Blo ck Cipher y z y Kazumaro AOKI , Tetsuya ICHIKAWA , Masayuki KANDA , z y z z Mitsuru MATSUI , Shiho MORIAI , Junko NAKAJIMA , Toshio TOKITA y z Nipp on Telegraph and Telephone Corp oration, Mitsubishi Electric Corp oration Version 1.0: July 12, 2000 Version 2.0: September 26, 2001 Contents 1 Intro duction 3 2 Notations and Conventions 3 2.1 Radix . 3 2.2 Notations . 3 2.3 List of Symbols . 3 2.4 Bit/Byte Ordering . 3 3 Structure of C amel l ia 5 3.1 List of Functions and Variables . 5 3.2 Encryption Pro cedure . 5 3.2.1 128-bit key . 5 3.2.2 192-bit and 256-bit key . 6 3.3 Decryption Pro cedure . 6 3.3.1 128-bit key . 6 3.3.2 192-bit and 256-bit key . 7 3.4 Key Schedule . 8 4 Comp onents of C amel l ia 10 4.1 F -function . 10 4.2 FL-function . 10 1 4.3 FL -function . 10 4.4 S -function . 10 4.5 s-b oxes . 11 4.6 P -function . 15 A Figures of the Camellia Algorithm 16 B Test Data 22 1 Copyright NTT and Mitsubishi Electric Corp oration 2000-2001 2 C Software Implementation Techniques 22 C.1 Setup . 22 C.1.1 Store All Subkeys . 22 C.1.2 Subkey Generation Order . 23 C.1.3 XOR Cancellation Prop erty in Key Schedule . 23 C.1.4 Rotation Bits for K , K , K ,andK .
    [Show full text]
  • Survey and Benchmark of Block Ciphers for Wireless Sensor Networks
    Survey and Benchmark of Block Ciphers for Wireless Sensor Networks Yee Wei Law, Jeroen Doumen and Pieter Hartel Faculty of Electrical Engineering, Mathematics and Computer Science University of Twente, The Netherlands {ywlaw, doumen, pieter}@cs.utwente.nl Abstract. Choosing the most storage- and energy-efficient block cipher specifically for wireless sensor networks (WSNs) is not as straightforward as it seems. To our knowledge so far, there is no systematic evaluation framework for the purpose. In this paper, we have identified the can- didates of block ciphers suitable for WSNs based on existing literature. For evaluating and assessing these candidates, we have devised a system- atic framework that not only considers the security properties but also the storage- and energy-efficency of the candidates. Finally, based on the evaluation results, we have selected the suitable ciphers for WSNs, namely Rijndael for high security and energy efficiency requirements; and MISTY1 for good storage and energy efficiency. 1 Introduction A wireless sensor network (WSN) is a network comprised of a large number of sensors that (1) are physically small, (2) communicate wirelessly among each other, and (3) are deployed without prior knowledge of the network topology. Due to the limitation of their physical size, the sensors tend to have storage space, energy supply and communication bandwidth so limited that every pos- sible means of reducing the usage of these resources is aggressively sought. For example, a sensor typically has 8∼120KB of code memory and 512∼4096 bytes of data memory. The energy supply of a sensor is such that it will be depleted in less than 3 days if operated constantly in active mode [1].
    [Show full text]