摘要
轻量级密码算法是适宜物联网等资源受限环境的密码算法.随着物联网等应用的推广普及,物联网设备采集的数据经轻量级密码算法处理后大量汇集到云端,在云端高性能计算机需要对加密数据进行快速解密,因此,轻量级密码算法的快速软件实现技术成为一个重要的研究内容.LHash是一个低功耗的轻量级杂凑函数,具有灵活可调的参数,设计者给出了4种建议规模.本文探讨LHash算法的软件优化实现方法.利用SSE指令和nibble-slice技术,我们给出了轻量杂凑函数LHash的软件优化实现,和目前基于查表的软件实现相比有明显优势.对于LHash的4种建议规模,在Intel Core i7-2600处理器上,相比于查表方法,采用SSE指令的软件实现性能分别提高了;采用nibble-slice技术的软件实现性能分别提高了倍.采用SSE指令和nibble-slice技术的LHash软件实现不存在内存或高速缓存查表21.85%,21.85%,32.03%,33.33%;采用nibble-slice技术的软件实现性能分别提高了2.74,2.74,3.02,3.16倍.采用SSE指令和nibble-slice技术的LHash软件实现不存在内存或高速缓存查表,因此,该软件实现方法可抵抗缓存计时攻击等侧信道攻击.此外,本文中所使用的方法同样适用于轻量分组密码算法LED.
Lightweight cryptographic algorithm is suitable for Internet of Things(IoT) and other resource-constrained environments. With the popularization of IoT applications, the data collected by IoT devices is handled by lightweight cryptographic algorithms and then aggregated into the cloud, and high-performance computers in the cloud are required to decrypt the encrypted data fast.Therefore, fast software implementation technology of lightweight cryptographic algorithms has become an important research topic. LHash is a low-power lightweight hash function with flexible and adjustable parameters, the designers recommended 4 sizes. This paper investigates the software optimized implementation of LHash. Using SSE instruction and nibble-slice technique, we present software optimization implementation of LHash, which has a significant advantage over current software implementations based on look-up tables. For the 4 recommended sizes of LHash, on the Intel Core i7-2600 processor, the software performance is improved 21.85%, 21.85%, 32.03%, and 33.33% respectively with SSE, and 2.74, 2.74, 3.02, 3.16 times respectively with nibble-slice technique, both compared to implementation based on look-up tables. There is no look-up table in memory or cache in the software implementation of LHash with SSE instruction and nibble-slice technique. Therefore, our software implementation can resist side channel attacks such as cache timing attacks. Similarly, the method used in this paper can also be applied to the lightweight block cipher LED.
出处
《密码学报》
CSCD
2017年第4期345-359,共15页
Journal of Cryptologic Research
基金
国家自然科学基金项目(61232009
61672509)
