| 摘要: |
| KNOT是一族轻量级认证加密算法和密码杂凑算法,它是NIST的轻量级密码标准征集中的第二轮候选算法之一。安全性和软硬件实现性能是衡量一个密码算法好坏的重要指标。本文从软件实现性能指标上评估KNOT算法。本文研究KNOT在32位微控制器和64位高端处理器的优化实现,并且使用公开的软件性能基准测试平台测试KNOT的性能,主要贡献包含两部分:1.在32位微控制器上,KNOT采用比特交错技术优化,使用C和汇编语言实现到达ROM或速度最优。分析比特交错对KNOT在NIST测试平台和las3测试平台的5个32位微控制器上的性能提升。与C语言实现的性能结果相比,KNOT的比特交错技术优化实现在大部分微控制器上有不同程度的性能提升,其中在Arduino Nano 33 BLE(Cortex-M4)上的性能提升最大:KNOT-Pair I、KNOT-Pair IV的认证加密算法和密码杂凑算法的速度提升分别为18%、20%、28%、22%。2.KNOT-Pair IV采用SSE指令优化64位处理器上的实现。在计算机(Inter(R) Core(TM)i9-900 CPU),KNOT-Pair IV的SSE实现的认证加密算法和密码杂凑算法的速度比C语言实现分别提升26%、28%。分析KNOT在SUPERCOP中的三个不同的64位高端处理器上的性能结果。经分析可知,与第二轮其他候选算法相比,KNOT算法的速度和代码量性能突出。 |
| 关键词: KNOT算法 轻量级密码算法 微控制器 软件优化实现 比特交错 认证加密算法 哈希函数 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2023.08.33 |
| 投稿时间:2021-06-24修订日期:2021-09-28 |
| 基金项目:国家自然科学基金项目(面上项目,重点项目,重大项目) |
|
| Software Optimized Implementations of KNOT Authenticated Encryption Algorithms |
|
zhaoxuefeng, zhangwentao
|
| (State Key Laboratory of Information Security, Institute of Information Engineering) |
| Abstract: |
| KNOT is a family of lightweight authenticated encryption algorithms and hash algorithms, which is a second-round candidate in the ongoing National Institute of Standards and Technology (NIST) Lightweight Cryptography Standardization Process (LWC). Security and the performance of hardware and software implementation are important criteria of a cryptographic algorithm. In this paper, we focus on the performance criteria of software implementation of KNOT. We use different software optimized implementations of KNOT on 32-bit microcontrollers and 64-bit high-end computers. We also analyze the software performance of KNOT by the public software performance benchmarking. Specifically, the main work of this paper contains two parts. (i) KNOT is optimized by bit-interleaving and implemented by C and assembly for ROM or speed on 32-bit microcontrollers. We analyze the performance improvement of KNOT on five 32-bit microcontrollers of two microcontroller benchmarking: Micro-controller Benchmarking by NIST (NIST Benchmarking) and AVR/ARM/RISC-V Microcontroller Benchmarking by Renner (las3 Benchmarking). Comparing with C implementation, bit-interleaving can improve the speed of KNOT on almost all microcontrollers. The improvement varies with different microcontrollers. Among the five microcontrollers mentioned above, the speed improvement on Arduino Nano 33 BLE(Cortex-M4) is the largest: the improvement of KNOT-Pair I’ and KNOT-Pair IV’ authenticated encryption algorithm and hash algorithm are 18%, 28%, 20%, and 22%, respectively. (ii) KNOT-Pair IV is optimized by Streaming SIMD Extensions (SSE) on 64-bit processors. Comparing the speed of SSE and C implementation on the 64-bit computer (Inter(R) Core(TM) i9-900 CPU, 3.10GHz), the speed of KNOT-Pair IV’ authenticated encryption algorithm and hash algorithm are 26%, 28% ahead on C implementation. We analyze the speed of KNOT on three different 64-bit high-end processors of SUPERCOP. Through the abovementioned studies, KNOT has great advantages in speed and ROM over other second-round candidate algorithms. |
| Key words: KNOT lightweight cryptography algorithm microcontroller software optimized implementations bit interleaving authentication encryption algorithm hash algorithm |
