**Êtes-vous un étudiant de l'EPFL à la recherche d'un projet de semestre?**

Travaillez avec nous sur des projets en science des données et en visualisation, et déployez votre projet sous forme d'application sur GraphSearch.

Personne# Muhammed Fatih Balli

Cette page est générée automatiquement et peut contenir des informations qui ne sont pas correctes, complètes, à jour ou pertinentes par rapport à votre recherche. Il en va de même pour toutes les autres pages de ce site. Veillez à vérifier les informations auprès des sources officielles de l'EPFL.

Unités associées

Chargement

Cours enseignés par cette personne

Chargement

Domaines de recherche associés

Chargement

Publications associées

Chargement

Personnes menant des recherches similaires

Chargement

Cours enseignés par cette personne

Aucun résultat

Publications associées (16)

Chargement

Chargement

Chargement

Personnes menant des recherches similaires (119)

Unités associées (2)

Domaines de recherche associés (13)

vignette|un schéma de chiffrement par bloc
Le chiffrement par bloc (en anglais block cipher) est une des deux grandes catégories de chiffrements modernes en cryptographie symétrique, l'autre étant le

Une primitive cryptographique est un algorithme cryptographique de bas niveau, bien documenté, et sur la base duquel est bâti tout système de sécurité informatique. Ces algorithmes fournissent notamme

thumb|La machine de Lorenz utilisée par les nazis durant la Seconde Guerre mondiale pour chiffrer les communications militaires de haut niveau entre Berlin et les quartiers-généraux des différentes ar

Most of the cryptographic protocols that we use frequently on the internet are designed in a fashion that they are not necessarily suitable to run in constrained environments. Applications that run on limited-battery, with low computational power, or area constraints, therefore requires the new designs as well as improved implementations of cryptographic primitives, hence emerges the field lightweight cryptography.
In this thesis, we contribute to this effort in few separate directions, in particular regarding block ciphers and block-cipher-based authentication scheme implementations as application-specific integrated circuits (ASIC).
First, we look at optimizations that can be achieved at higher level. In particular, we show that the complete AES family (with varying key sizes 128, 192 and 256) can be realized as combined lightweight circuit, in a manner that shares the storage elements in order to save up silicon area.
Secondly, we contribute in the evaluation of a new design paradigm of fork cipher. We look at how much lightweight efficiency can be gained with this new AEAD design approach, by implementing ForkAES both in round-based and byte-serial implementations. Our comparison with respect to silicon area and energy consumption provides useful insights into AEAD design process.
Lastly, in the large portion of this thesis, we look at the permutation layer of block ciphers from the perspective of serial-circuits. Based on the permutation theory, we establish a method to divide the permutation layers of AES, SKINNY, GIFT and PRESENT into simpler swap operations. Given that these swap operations are cheap in ASIC, we further provide architectural optimization techniques for the implementation of these block ciphers, and we provide the smallest 1-bit implementations of them.

Muhammed Fatih Balli, Subhadeep Banik, Andrea Felice Caforio

Public knowledge about the structure of a cryptographic system is a standard assumption in the literature and algorithms are expected to guarantee security in a setting where only the encryption key is kept secret. Nevertheless, undisclosed proprietary cryptographic algorithms still find widespread use in applications both in the civil and military domains. Even though side-channel-based reverse engineering attacks that recover the hidden components of custom cryptosystems have been demonstrated for a wide range of constructions, the complete and practical reverse engineering of AES-128-like ciphers remains unattempted. In this work, we close this gap and propose the first practical reverse engineering of AES-128-like custom ciphers, i.e., algorithms that deploy undisclosed SubBytes, ShiftRows and MixColumns functions. By performing a side-channel-assisted differential power analysis, we show that the amount of traces required to fully recover the undisclosed components are relatively small, hence the possibility of a side-channel attack remains as a practical threat. The results apply to both 8-bit and 32-bit architectures and were validated on two common microcontroller platforms.

2021Muhammed Fatih Balli, Subhadeep Banik, Andrea Felice Caforio, Francesco Regazzoni

In the last few years, the field of lightweight cryptography has seen an influx in the number of block ciphers and hash functions being proposed. In the past there have been numerous papers that have looked at circuit level implementation of block ciphers with respect to lightweight metrics like area power and energy. In the paper by Banik et al. (SAC‘15), for example, by studying the energy consumption model of a CMOS gate, it was shown that the energy consumed per cycle during the encryption operation of an r-round unrolled architecture of any block cipher is a quadratic function in r. However, most of these explorative works were at a gate level, in which a circuit synthesizer would construct a circuit using gates from a standard cell library, and the area power and energy would be estimated by estimating the switching statistics of the nodes in the circuit. Since only a part of the EDA design flow was done, it did not account for issues that might arise when the circuit is finally mapped into silicon post route. Metrics like area, power and energy would need to be re-estimated due to the effect of the parasitics introduced in the circuit by the connecting wires, nodes and interconnects. In this paper, we look to plug this very gap in literature by re-examining the designs of lightweight block ciphers with respect to their performances after completing the placement and routing process. This is a timely exercise to do since three of the block ciphers we analyze in the paper are used in around 13 of the 32 candidates in the second round of the NIST lightweight competition being conducted currently.