the fastest cipher vsc: evaluation of its cryptographic ...2003/04/16 · the fastest stream cipher...
TRANSCRIPT
The fastest stream cipher in the world at 25 Gbps
The fastest cipher VSC:Evaluation of
its cryptographic randomness and implementation efficiency
Ken Umeno, Songju Kim and Akio HasegawaCommunications Research Laboratory, Japan
Contact Email: [email protected] Tel: 042-327-6399 Fax: 042-327-6299
Introduction
The VSC( Vector Stream cipher) is based on the Chaos Algorithm
developed at Communications Research Laboratory(CRL), Japan
This algorithm can be implemented both
in Hardware as well as Software with highest efficiency.
Demonstrations of the Encryption / Decryption process using hardware
And software ( file & image)are shown in the following slides.
Press Release :
http://www2.crl.go.jp/pub/whatsnew/press/030415-1/030415-1.html
Motivation for Our Security ResearchMotivation for Our Security Research
・Scalable TechnologiesQuestion for example:
Is quantum cyrptology scalable?
・Limiting TechnologiesQuestion for example:
Is there a limit for implementation
(Gate-Usage) efficiency [bps/Gate]?
Markets• Video security and copyright protection• Mobile market – Low power, cost, overhead
such as wireless lan and cellular phone• Set-top market• Corporate• PC• Database (awarded VSC applied product “eCipherGate” )
http://www.gear.ne.jp/sanken/singijyutu/2002/15th.htmhttp://www.jit-g.co.jp/pdf/eciphergate.pdf
• New
Features
• Full Scalable Cipher Chip Architecture
• The fastest encryption speed record ( 25.6 Gbps )
• Reconfigurable Chip Implementation
• FIPS140-2, NIST800-22 Randomness Test Passed
• Patented Technology ( JP3030341 and U.S. Patent filed. )
• 14.85 Gbps Encryption, Transmission and Decryption of HDTV Signals (the fastest processing speed for system with encryption, transmission and decryption)
Technical Description of Demo System
EncryptedImage
DecryptedImage
encipheringInput
FPGAIC
IC
FPGA
IC
deciphering
videodecoder
videoencoder
videoencoder
VideoCamera
Output Output
Encrypted Data
LVDS cable
Hardware Implementation of 1Gbps Realtime Video Encryption
Original Movie Picture Encrypted Movie Picture Decrypted Movie Picture
暗号鍵更新部の概要(From IEICE Report ISEC2002-141(2003-03))
• IV(Initialization Vector)のアイディアを使う
(IVを用いて暗号鍵を更新する)
• IVとして以前に送った暗号文の一部を用いる
(送信データを増やさない)
• SYNC信号で暗号鍵の更新を行う
(暗号化前のシステムで使っている信号を使う)
鍵更新部の概要(送信側)
鍵更新システムの概要(受信側)
送信側の暗号化部の構成
受信側の復号化部の構成
Hardware Implementation of 14.85Gbps Realtime HDTV Encryption
Whole System Encryption and Decryption Board
Press Release:http://www2.crl.go.jp/pub/whatsnew/press/030415-1/030415-1.html
HDTV Encryption versus NTSC EncryptionEncrypted HDTV Signals Encrypted NTSC Signals
14.85Gbps Encryption 1Gbps Encryption
HDTV Decryption versus NTSC DecryptionDecrypted HDTV Signals v.s. Decrypted NTSC Signals
14.85Gbps Decryption 1Gbps Decryption
Scalability Features in Encryption
0
5000
10000
15000
20000
25000
30000
35000
40000
45000
50000
80 480 960
1Gbps
200Mbps
Gate Size
Key Length [bit]
Basic Concept of Chaos Algorithm (Ex. 3D Case ) Y(1) Z(1)X(1)
Digital Chaotic MapX(2)=F(X(1))
Digital Chaotic Map with a parameter
Y(2)=G(X(2),Y(1))
Digital Chaotic Mapwith a parameter
Z(2)=G(Y(2),Z(1))
Y(2)X(2) Z(2)
BitBit RotationRotation
File Encryption
Technical Specifications :-
• All types of files
• Preview for BMP, GIF & JPEG Files
• Various Key choices ( 64 ,128 , 256& 512) bit keys
• Speed 200+ Mbps
• Combination of Password and Key
• Supports all file formats
• AES,AES Counter Mode and ChaosEncryption algorithms supported forcomparison of each mode.
File Encryption
After Encryption :-
• The randomness of the algorithm can be clearly seen in the Display
• Time or Speed display can be viewed
• User can supply a password whileusing the Chaos algorithm
FIPS PUB 140-2
• FIPS PUB(= Federal Information Processing Standards Publication)
• Security Requirements for Cryptographic Modules
• FIPS 140-1 (January 11, 1994)• FIPS 140-2 (May 25, 2001) http://csrc.nist.gov/cryptval/140-2.htm
FIPS 140-2 乱数テスト
• 20,000ビットのビット列に対して
・ monobit test ・ poker test ・ runs test ・ long runs test の4つのテストを行い、結果がある決められた
範囲に入っていれば合格とする。
FIPS 140-2 乱数テストの問題点
• 一つの20,000ビットのビット列だけに対するテストである
• 線形複雑度に関するテストがない
→ 予測困難性をテストできない
• 周期性に関するテストがない
→ 周期20,000以下の周期ビット列でも
4つのテストに合格できる
など
FIPS 140-2 乱数テストだけで暗号用の擬似
乱数発生器の評価をするのは不十分である。
NIST 800-22 乱数テストでは、FIPS 140-2 乱数テストでの問題点が改善されている。
NISTの統計テストによる評価
“A Statistical Test suite for Random and Pseudorandom Number Generators for Cryptographic Applications”
National Institute of Standards and Technology(2001)
http://csrc.nist.gov/rng/
NISTの統計テストの種類-1
Non-overlapping Template Matching7Overlapping Template Matching8
Discrete Fourier Transform6Binary Matrix Rank5Longest Run4Runs3Block Frequency2Frequency1
TEST NAMENUMBER
NISTの統計テストの種類-2
Random Excursions15Cumulative Sums14
Random Excursions Variant16
Approximate Entropy13Serial12Linear Complexity11Lempel Ziv Compression10Universal9
TEST NAMENUMBER
P-valueとは
P-valueとは(つづき)
P-value ≥ α(0.01)
のとき「サクセス」
統計テスト結果の評価方法
• P-valueの一様性 p-value of p-value ≥ 0.0001 ([0,1]を10個のBOXに分けた場合のp-valueの頻度分布Fiに対するカイ
二乗値をχ2)p-value of p-value: igamc( 9/2, χ2 /2 ),
where igamc(n,x) is an incomplete gamma function.• サクセス率 特定の範囲 : 1-α±3√α(1-α)/m
(μ±3σ)/m 99.97%
統計テストのパラメタ
20000Block Frequency
10Approximate Entropy10Serial
500 (5000)Linear Complexity
7(1280)
Universal(Initialization Steps)
9Template Matching
BLOCK LENGTH[bit]TEST NAME
n=10,6 α=0.01, 1000サンプル
NIST800-22テスト結果(カオス-VSC128)
passedpassed10
Lempel-Zivpassed 9
Lempel-Zivpassed 8
passedNOTM, REX 7
NOTM(3), OTM, AE, LZNOTM(4), OTM 6
passedpassed 5
passedpassed 4
passedpassed 3
passedpassed 2
passed NOTM 1
P-valueの一様性 サクセス率初期値
カオス-VSC128 (初期値1,2)
カオス-VSC128 (初期値3,4)
カオス-VSC128 (初期値5,6)
カオス-VSC128 (初期値7,8)
カオス-VSC128 (初期値9,10)
NIST800-22テスト結果(SHA1)
Lempel-Zivpassed10
passedpassed 9
passedNOTM 8
passedNOTM(2) 7
passedNOTM, REX, REXV 6
Lempel-Zivpassed 5
FFTNOTM(2) 4
passedNOTM(2) 3
Lempel-Zivpassed 2
passedpassed 1
P-valueの一様性 サクセス率初期値
NISTテスト結果(AES128bit key)
FFTpassed 4
passedNOTM 3
passedNOTM(2), Serial 2
NOTM(2)NOTM, REX 1
P-valueの一様性サクセス率初期値
NISTテスト結果(RC4 256bit key)
Lempel-Zivpassed4
passedpassed3
passedNOTM, Lempel-Ziv2
passedNOTM1
P-valueの一様性サクセス率key
From IEICE Report ISEC2002-142(2003-03)
セルオートマトン暗号のランダム性評価と実装
独立行政法人 通信総合研究所理事長ファンド カオス暗号チップG
金 成主、 長谷川 晃朗、 梅野 健
CA Rule 30+Rotation
VSC実装効率評価[Target Device:Xilinx Vertex-II XC2V1000]
193.57.0357.0536,323VSC128
182.212.8850.3370,703VSC256
181.625.6250.05141,112VSC512
134.621.0620.57156,479VSC1024
実装効率
[Kbps/Gate]
暗号
処理
速度
[Gbps]
クロック
周波数
[MHz]
ゲートサイズ
[Gate]
VSCアルゴリズム
の種類
Future Roadmap[April-July 2003]
VSC Internal Evaluation Period (Cryptological Attacks)
[April-July 2003]VSC Patent Licensing with special
licensing fee.http://www2.crl.go.jp/kk/e416/tokkyo/koukai/detail/411.htm
[August 2003]We will launch a VSC consortium at CRL.
VSC – Realizing the target of
”SAFE COMMUNICATIONS”
Thank You
Contact Email: [email protected] Tel: 042-327-6399 Fax: 042-327-6299