A Fast New DES Implementation in Software Eli Biham Computer Science Department Technion - Israel Institute of Technology. In this paper we describe a fast new DES implementation. This implementation is about five times faster than the fastest known DES implementation on a (64-bit) Alpha computer, and about three. 262 Eli Biham. May 17, 2006 - In this paper we describe a fast new DES implementation. FSE 1997: Fast Software Encryption pp 260-272| Cite as. Compact representation of DES S-boxes indeed has been studied, starting (AFAIK) with Eli Biham's A fast new DES implementation in software (1997, in proceedings of the fourth FSE conference). See also Matthew Kwan's website and paper Reducing the Gate Count of Bitslice DES (2000, IACR eprint archive ). Biham, Cryptanalysis of Ladder-DES, CS 0890, Fast Software Encryption 4, 1997. Shamir, Differential Fault Analysis of Secret Key Cryptosystems, Proceedings of Crypto '97. Shamir, Differential Fault Analysis of Secret Key Cryptosystems, CS 0910, Proceedings of Crypto'97. DES Implementation Collection Multiple implementations of DES (Data Encryption Standard) encryption and decryption. Includes the following: • des.py Straightforward but slow. Well documented and easy to follow; a good learning tool for people new to DES. • des.c Conversion of des.py into C. • des_64.c Optimized based on techniques described below in the optimizations section. Useful learning tool to understand these optimizations • crack/ Distributed, optimized key search (known plaintext attack). Efficient Galois Field Arithmetic on SIMD Architectures. Bit-slicing was introduced by Biham [2] to obtain a fast implementation of DES in software. Bit-slicing regards a. A fast new DES implementation in software. Of Fast Software Encryption 4, 1997. Daemen and V. Takes a known plaintext, ciphertext pair and tries every key until one of them works. More information in All implementations except for crack/ are learning tools for DES and optimizations. In contrast, crack/ is fully optimized and not meant for readability, although it is well commented and as readable as it can be without sacrificing speed. Des.py To encrypt, run des.py using Python and pass in your plaintext and key in hex: $ python des.py beefbeefbeefbeef abcdef 45c4afc7a174e828 Here, beefbeefbeefbeef is the plaintext and abcdef is the key. They both must be 16 hex digits. To decrypt, use the -d option and give ciphertext instead of plaintext: $ python des.py -d 45c4afc7a174e8789abcdef beefbeefbeefbeef ASCII Input/Output If you want to give the plaintext with 8 ASCII characters, use the -a option: $ python des.py -a ascichrs abcdef 065c67acb4b351d6 When decrypting, -a will instead convert the resulting plaintext into ASCII: $ python des.py -a -d 065c67acb4b351d6 abcdef ascichrs Verbose Output You can also use the -v option to have it show detailed step by step calculations: $ python des.py -v beefbeefbeefbeef abcdef Use this for your homework! Des.c and des_64.c You will need GNU Make and gcc. To compile, run make: $ make This will create executables des and des_64. For now, there is no way to provide input on the command line. Sorry, it's in the TODO list. You will have to put the input in the code yourself. Currently des and des_64 are set up to run many encryptions as a speed test. Optimizations These optimizations were proposed by Eli Biham in the paper 'A Fast New DES Implementation in Software'. 64-Bit Parallel This is a way to do 64 encryptions simultaneously utilizing 64-bit integers. Consider the normal way to do 64 encryptions at once. We would store each key, plaintext and ciphertext in an array. Then, every time we do an operation, we do it to all 64. Now consider how one of these values, the key for example, is stored. They would be stored in an array like this: Normal Format Bit 1 Bit 2 Bit 3 Bit 4 Bit 5. Int64 Key 1 a b c d e. Int64 Key 2 f g h i j. Int64 Key 3 k l m n o. Int64 Key 4 p q r s t. Int64 Key 5 u v w x y. Each row contains a key. We can store each key as a 64-bit integer, so we would have an array of 64 integers. Now suppose we transpose the table above: Zipped Format Key 1 Key 2 Key 3 Key 4 Key 5. Int64 Bit 1 a f k p u. Int64 Bit 2 b g l q v. Int64 Bit 3 c h m r w. Int64 Bit 4 d i n s x. Int64 Bit 5 e j o t y. Biham A Fast New Des Implementation In SoftwareWe store each row in a 64-bit integer, again giving us an array of 64 integers. We call this zipped format. Now instead of looping through each of the 64 parallel encryptions to do an operation, we can just do the operation on one 64-bit integer. For example, Doing an xor with two elements of arrays in this format, a single xor instruction will simultaneously do an xor for all 64 encryptions. When you see functions like zip_64_bit in the code, these convert from normal to zipped format. Since this is like transposing a matrix, zip_64_bit is its own inverse. Permutation Elimination Permutations are expensive and DES requires a lot of them. But we don't actually have to permute things in memory in order to compute the result. Instead, we can index the bit that would be used if the permutation were actually performed. Biham explains this as 'changing the naming of the registers.' This includes the expansion step as well. This is best explained by example. Consider this pseudocode: bit a, b, x, y swap(a, b) x = xor(a, x) y = xor(b, y) It's pretty obvious the swap is unnecessary: bit a, b, x, y x = xor(b, x) y = xor(a, y) Eliminating permutations is the same idea on a larger scale. Bitwise S-Boxes Traditionally, s-boxes are implemented with lookup tables. But s-boxes can actually be implemented using nothing but logic gate operations, which is much faster, especially when using the 64-bit parallel optimization. Finding the optimum logic design of s-boxes is very non-trivial. A Eli Biham talks about this in his paper 'A Fast New DES Implementation in Software', but Matthew Kwan's page entitled has much more up to date information, as well as some history. The fastest implementation I know about is implemented in. They actually have multiple implementations, and the fastest one is automatically chosen. This project's bitwise DES s-box implementation can be found in include/sbox.h, which defines functions s0 through s7. I didn't come up with any designs myself. Biham A Fast New Des Implementation In Software Development• Part of the book series (LNCS, volume 1334) Abstract This paper improves the fast DES implementation in software proposed by Biham at the 4-th Fast Software Encryption Workshop. That is, we propose a new algorithm which reduces the number of instructions for computation of S-boxes, which is the factor dominating the performance of Biham's implementation. When we apply our algorithm to DES S-boxes, we need only 87.75 instructions in average. We can reduce the number of instructions for 1 round of DES to 942, and in total, in terms of the number of instructions, our implementation is expected to be about 8% faster than Biham's implementation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |