Download presentation

Presentation is loading. Please wait.

Published byAlena Harcrow Modified over 2 years ago

1
Formal Verification of Hardware Support For Advanced Encryption Standard Anna Slobodová Centaur Technology This work was done while at Intel

2
Outline of the talk AES algorithm and instructions sketch of the algorithm mapping to AES instructions operations over GF Verification of AES instructions Verification framework BDD variable ordering that works FMCAD 2008Anna Slobodova 2

3
AES algorithm and instructions Cipher(byte in[16], byte out[16], word w[4*(N r +1)]) begin byte state[4, 4] state = in AddRoundKey(state, w[0,3] for round = 1 step 1 to N r -1 SubBytes(state) ShiftRows(state) MixColumns(state) AddRoundKey(state, w[4*round, 3*(round+1)] end for SubBytes(state) ShiftRows(state) AddRoundKey(state, w[4*N r,3*N r +1] out = state end FMCAD 2008Anna Slobodova 3 AESENC AESENCLAST AESDEC, AESDECLAST, AESKEYGENASSIST, AESIMC

4
AES bytes, words and state Byte - basic unit, 8 bits - Interpreted as polynomials State – array of bytes FMCAD 2008Anna Slobodova 4 word ≈column [w0 w1 w2 w3]

5
Galois Field 2 8 elements = bytes 7 th degree polynomials with binary coefficients addition = subtraction = bit-wise XOR multiplication = multiplication of polynomials modulo irreducible polynomial FMCAD 2008Anna Slobodova 5

6
Polynomials with coefficients in GF(2 8 ) words = 4 th degree polynomials with coefficients in GF(2 8 ) addition = addition in GF(2 8 ) of corresponding bytes (modular) multiplication = multiplication of polynomials modulo polynomial x 4 +1 FMCAD 2008Anna Slobodova 6

7
ShiftRows FMCAD 2008Anna Slobodova 7

8
S-box transformation FMCAD 2008Anna Slobodova 8 0123456789ABCDEF 0 637c777bf26b6fc53001672bfed7ab76 1 ca82c97dfa5947f0add4a2af9ca472c0 2 b7fd9326363ff7cc34a5e5f171d83115 3 04c723c31896059a071280e2eb27b275 4 09832c1a1b6e5aa0523bd6b329e32f84 5 53d100ed20fcb15b6acbbe394a4c58cf 6 d0efaafb434d338545f9027f503c9fa8 7 51a3408f929d38f5bcb6da2110fff3d2 8 cd0c13ec5f974417c4a77e3d645d1973 9 60814fdc222a908846eeb814de5e0bdb a e0323a0a4906245cc2d3ac629195e479 b e7c8376d8dd54ea96c56f4ea657aae08 c ba78252e1ca6b4c6e8dd741f4bbd8b8a d 703eb5664803f60e613557b986c11d9e e e1f89811698d8e949b1e87e9ce5528df f 8ca1890dbfe6426841992d0fb054bb16

9
MixColumns FMCAD 2008Anna Slobodova 9

10
Verification of AES instructions Data-path proof Control proof FMCAD 2008Anna Slobodova 10 Symbolic inputs Symbolic outputs Symbolic inputs Symbolic outputs weakening e 0 e 1 e 2 X X d 2 X X 0X X e 2 0 0 1 d2d2

11
BDD variable ordering for AES instructions FMCAD 2008Anna Slobodova 11

12
Conclusions Hardware support for AES instructions can be done using BDD based simulation engine. There is a common BDD variable ordering that can be used across all symbolic simulation runs. FMCAD 2008Anna Slobodova 12

Similar presentations

OK

AES: Rijndael 林志信 王偉全. Outline Introduction Mathematical background Specification Motivation for design choice Conclusion Discussion.

AES: Rijndael 林志信 王偉全. Outline Introduction Mathematical background Specification Motivation for design choice Conclusion Discussion.

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Ppt on life of amelia earhart Download ppt on indus valley civilization pottery Ppt on disk formatting software Ppt on climate of europe Ppt on wireless network architecture Ppt on power grid failure 1965 Ppt on bill gates as a leader Ppt on nuclear micro batteries Ppt on omission of articles in spanish Ppt on ledger and trial balance