Miroslav Knezevic

NXP Semiconductors, Eindhoven, North Brabant, Netherlands

Are you Miroslav Knezevic?

Claim your profile

Publications (19)3.98 Total impact

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper, we present a novel lightweight authenticated cipher optimized for hardware implementations called Fides. It is an online nonce-based authenticated encryption scheme with authenticated data whose area requirements are as low as 793 GE and 1001 GE for 80-bit and 96-bit security, respectively. This is at least two times smaller than its closest competitors Hummingbird-2 and Grain-128a. While being extremely compact, Fides is both throughput and latency efficient, even in its most serial implementations. This is attained by our novel sponge-like design approach. Moreover, cryptographically optimal 5-bit and 6-bit S-boxes are used as basic nonlinear components while paying a special attention on the simplicity of providing first order side-channel resistance with threshold implementation.
    Cryptographic Hardware and Embedded Systems - CHES 2013; 08/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper presents a block cipher that is optimized with respect to latency when implemented in hardware. Such ciphers are desirable for many future pervasive applications with real-time security needs. Our cipher, named PRINCE, allows encryption of data within one clock cycle with a very competitive chip area compared to known solutions. The fully unrolled fashion in which such algorithms need to be implemented calls for innovative design choices. The number of rounds must be moderate and rounds must have short delays in hardware. At the same time, the traditional need that a cipher has to be iterative with very similar round functions disappears, an observation that increases the design space for the algorithm. An important further requirement is that realizing decryption and encryption results in minimum additional costs. PRINCE is designed in such a way that the overhead for decryption on top of encryption is negligible. More precisely for our cipher it holds that decryption for one key corresponds to encryption with a related key. This property we refer to as α-reflection is of independent interest and we prove its soundness against generic attacks.
    Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security; 12/2012
  • [Show abstract] [Hide abstract]
    ABSTRACT: The first contribution of our paper is that we propose a platform, a design strategy, and evaluation criteria for a fair and consistent hardware evaluation of the second-round SHA-3 candidates. Using a SASEBO-GII field-programmable gate array (FPGA) board as a common platform, combined with well defined hardware and software interfaces, we compare all 256-bit version candidates with respect to area, throughput, latency, power, and energy consumption. Our approach defines a standard testing harness for SHA-3 candidates, including the interface specification for the SHA-3 module on our testing platform. The second contribution is that we provide both FPGA and 90-nm CMOS application-specific integrated circuit (ASIC) synthesis results and thereby are able to compare the results. Our third contribution is that we release the source code of all the candidates and by using a common, fixed, publicly available platform, our claimed results become reproducible and open for a public verification.
    IEEE Transactions on Very Large Scale Integration (VLSI) Systems 01/2012; 20(5):827-840. · 1.22 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: This paper presents a block cipher that is optimized with respect to latency when implemented in hardware. Such ciphers are desirable for many future pervasive applications with real-time security needs. Our cipher, named PRINCE, allows encryption of data within one clock cycle with a very competitive chip area compared to known solutions. The fully unrolled fashion in which such algorithms need to be implemented calls for innovative design choices. The number of rounds must be moderate and rounds must have short delays in hardware. At the same time, the traditional need that a cipher has to be iterative with very similar round functions disappears, an observation that increases the design space for the algorithm. An important further requirement is that realizing decryption and encryption results in minimum additional costs. PRINCE is designed in such a way that the overhead for decryption on top of encryption is negligible. More precisely for our cipher it holds that decryption for one key corresponds to encryption with a related key. This property we refer to as α-reflection is of independent interest and we prove its soundness against generic attacks.
    ASIACRYPT; 01/2012
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper proposes two improved interleaved modular multiplication algorithms based on Barrett and Montgomery modular reduction. The algorithms are simple and especially suitable for hardware implementations. Four large sets of moduli for which the proposed methods apply are given and analyzed from a security point of view. By considering state-of-the-art attacks on public-key cryptosystems, we show that the proposed sets are safe to use, in practice, for both elliptic curve cryptography and RSA cryptosystems. We propose a hardware architecture for the modular multiplier that is based on our methods. The results show that concerning the speed, our proposed architecture outperforms the modular multiplier based on standard modular multiplication by more than 50 percent. Additionally, our design consumes less area compared to the standard solutions.
    IEEE Transactions on Computers 01/2011; · 1.38 Impact Factor
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper presents a new modular multiplication algorithm that allows one to implement modular multiplications efficiently. It proposes a systematic approach for maximizing a level of parallelism when performing a modular multiplication. The proposed algorithm effectively integrates three different existing algorithms, a classical modular multiplication based on Barrett reduction, the modular multiplication with Montgomery reduction and the Karatsuba multiplication algorithms in order to reduce the computational complexity and increase the potential of parallel processing. The algorithm is suitable for both hardware implementations and software implementations in a multiprocessor environment. To show the effectiveness of the proposed algorithm, we implement several hardware modular multipliers and compare the area and performance results. We show that a modular multiplier using the proposed algorithm achieves a higher speed comparing to the modular multipliers based on the previously proposed algorithms.
    Integration. 01/2011; 44:259-269.
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: The design of secure yet efficiently implementable cryptographic algorithms is a fundamental problem of cryptography. Lately, lightweight cryptography--optimizing the algorithms to fit the most constrained environments--has received a great deal of attention, the recent research being mainly focused on building block ciphers. As opposed to that, the design of lightweight hash functions is still far from being well investigated with only few proposals in the public domain. In this paper, we aim to address this gap by exploring the design space of lightweight hash functions based on the sponge construction instantiated with present-type permutations. The resulting family of hash functions is called spongent. We propose 13 spongent variants--or different levels of collision and (second) preimage resistance as well as for various implementation constraints. For each of them, we provide several ASIC hardware implementations--ranging from the lowest area to the highest throughput. We make efforts to address the fairness of comparison with other designs in the field by providing an exhaustive hardware evaluation on various technologies, including an open core library. We also prove essential differential properties of spongent permutations, give a security analysis in terms of collision and preimage resistance, as well as study in detail dedicated linear distinguishers.
    IEEE Transactions on Computers 01/2011; 2011:697. · 1.38 Impact Factor
  • Source
    Cryptographic Hardware and Embedded Systems - CHES 2011 - 13th International Workshop, Nara, Japan, September 28 - October 1, 2011. Proceedings; 01/2011
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: The objective of the SHA-3 NIST competition is to select, from multiple competing candidates, a standard algorithm for cryptographic hashing. The selected winner must have adequate cryptographic properties and good implementation characteristics over a wide range of target platforms, including both software and hardware. Performance evaluation in hardware is particularly challenging because of the large design space, wide range of target technologies, and multitude of optimization criteria. We describe the efforts of three research groups to evaluate SHA-3 candidates using a common prototyping platform. Using a SASEBO-GII FPGA board as a starting point, we evaluate the performance of the 14 remaining SHA-3 candidates with respect to area, throughput, and power consumption. Our approach defines a standard testing harness for SHA-3 candidates, including the interface specifications for the SHA-3 module on the SASEBO testing board.
    Hardware-Oriented Security and Trust (HOST), 2010 IEEE International Symposium on; 07/2010
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: A large set of moduli, for which the speed of bipartite modular multiplication considerably increases, is proposed in this work. By considering state of the art attacks on public-key cryptosystems, we show that the proposed set is safe to use in practice for both elliptic curve cryptography and RSA cryptosystems. We propose a hardware architecture for the modular multiplier that is based on our method. The results show that, concerning the speed, our proposed architecture outperforms the modular multiplier based on standard bipartite modular multiplication. Additionally, our design consumes less area compared to the standard solutions.
    Arithmetic of Finite Fields, Third International Workshop, WAIFI 2010, Istanbul, Turkey, June 27-30, 2010. Proceedings; 01/2010
  • Dusko Karaklajic, Miroslav Knezevic, Ingrid Verbauwhede
    [Show abstract] [Hide abstract]
    ABSTRACT: The testability of cryptographic cores brings an extra dimension to the process of digital circuits testing security. The benefits of the classical methods such as the scan-chain method introduce new vulnerabilities concerning the data protection. The Built-In Self-Test (BIST) is considered to be the most suitable countermeasure for this purpose. In this work we propose the use of a digit-serial multiplier over GF (2m), that is at the heart of many public-key cryptosystems, as a basic building block for the BIST circuitry. We show how the multiplier can be configured to operate as a Test Pattern Generator and a Signature Analyzer. Furthermore, the multiplier becomes a fully self-testable design. All the additional features come at the cost of only a few extra gates. With a hardware overhead of 0.33% this approach makes the multiplier perfectly suitable for low-end embedded devices.
    2010 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2010, Santa Barbara, California, USA, 21 August 2010; 01/2010
  • Source
    Miroslav Knezevic, Vladimir Ro, Ingrid Verbauwhede
    [Show abstract] [Hide abstract]
    ABSTRACT: Abstract—Embedded,devices need both an efficient and,a secure implementation of cryptographic algorithms. In this overview paper we show a typical top-down approach for secure and efficient implementation of embedded,systems. We outline the security pyramid by illustrating the five primary abstraction levels in an embedded,system. Focusing only on two levels - architecture and circuit level - we show how,the design can be implemented to be both efficient and secure. Index Terms—Security, embedded systems, design methods,
    01/2009;
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Testing of cryptographic chips or components has one extra dimension: physical security. The chip designers should improve the design if it leaks too much information through side-channels, such as timing, power consumption, electric-magnetic radiation, and so on. This requires an evaluation of the security level of the chip under different side-channel attacks before it is manufactured. This paper presents an FPGA-based testing strategy for cryptographic chips. Using a block-based architecture, a testing bus and a shadow FPGA, we are able to check information leakage of each block. We describe this strategy with an Elliptic Curve Cryptosystem (ECC) for RFID tags.
    15th IEEE International On-Line Testing Symposium (IOLTS 2009), 24-26 June 2009, Sesimbra-Lisbon, Portugal; 01/2009
  • Source
    Miroslav Knezevic, Ingrid Verbauwhede
    [Show abstract] [Hide abstract]
    ABSTRACT: E-cient hardware architectures for the Lufia hash algo- rithm are proposed in this work. We explore difierent trade- ofis and propose several architectures, targeting both com- pact and high-throughput designs. Implemented using UMC 0.13 "m CMOS standard cell library, the most compact ar- chitecture of Lufia-224/256 contains 18,260 GE. The same version, optimized for speed, achieves a throughput of al- most 32 Gbps, while the throughput of the pipelined design approaches 291.7 Gbps. Concerning the flnal throughput, our implementations outperform state of the art implemen- tations of the existing hash standards.
    Proceedings of the 4th Workshop on Embedded Systems Security, WESS 2009, Grenoble, France, October 15, 2009; 01/2009
  • Source
    Cryptographic Hardware and Embedded Systems - CHES 2009, 11th International Workshop, Lausanne, Switzerland, September 6-9, 2009, Proceedings; 01/2009
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: The recent discovery of the constructive use of pairings in cryptography has opened up a wealth of new research options into identity- based encryption. In this paper, we will investigate the possible use of pairings in constrained environments. The focus will be on an small, en- ergy ecient ASIC implementation of an accelerator for the Tate pairing over a supersingular curve. The results are encouraging for further research. It is possible to obtain an implementation of less than 30k gates. Furthermore, large energy ef- ficiency improvements compared to other published designs are possible. Keywords. Identity-based cryptography, elliptic curve cryptography, Tate pairing, hardware accelerator, ASIC
    Physical Review D - PHYS REV D. 01/2009;
  • Source
    Miroslav Knezevic, Lejla Batina, Ingrid Verbauwhede
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper we show how modular reduction for integers with Barrett and Montgomery algorithms can be implemented efficiently without using a precomputational phase. We propose four distinct sets of moduli for which this method is applicable. The proposed modifications of existing algorithms are very suitable for fast software and hardware implementations of some public-key cryptosystems and in particular of Elliptic Curve Cryptography. Additionally, our results show substantial improvement when a small number of reductions with a single modulus is performed.
    International Symposium on Circuits and Systems (ISCAS 2009), 24-17 May 2009, Taipei, Taiwan; 01/2009
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: We propose a new parameter for optimizing the performance of rateless codes by minimizing latency and data overhead. We call it Latency-Overhead Product (LOP). It is based on ideas used in the analysis of digital circuits. We demonstrate the effectiveness of the LOP parameter for a specific class of rateless codes called Online codes (OC). We give results from experiments in ideal channel and simulated wireless channel with losses. In the second part of our experiments we analyze the relationship between the message block size and the performance of rateless codes. With the results from these experiments we extend the results from the performance of Luby Transform (LT) codes published in (Vukobratovic and Despotovic, 2005) by adding figures for Online codes.
    WINSYS 2008 - Proceedings of the International Conference on Wireless Information Networks and Systems, Porto, Portugal, July 26-29, 2008, WINSYS is part of ICETE - The International Joint Conference on e-Business and Telecommunications; 01/2008
  • Conference Paper: Modular Reduction in GF(2
    Arithmetic of Finite Fields, 2nd International Workshop, WAIFI 2008, Siena, Italy, July 6-9, 2008, Proceedings; 01/2008