Commit 05cca176 authored by Olivier Bronchain's avatar Olivier Bronchain

Update README.md

parent 7244c49c
......@@ -215,7 +215,7 @@ other blocks of the design in order to properly perform the Spook algorithm base
represent controls signals going to a core while `*_status` signals represent some status flags coming back to the controller.
+ **Decoder**: This module is the practical input of the core. It receives the commands, decodes the latter and keep the
information related to the current instruction and header under process (respectively `inst_info` and `header_info`).
It also compute the `data_validity` of each raw data command which is simply a validity flag for each byte of the command.
It also computes the `data_validity` of each raw data command which is simply a validity flag for each byte of the command.
+ **Encoder**: As opposed to the decoder, this module is the practical output of the core.
It receives the digested data, encode these according to the API and outputs these.
+ **Datapath**: This module contains all the circuitry related to the computation required to perform a call of Spook.
......@@ -225,8 +225,8 @@ logic (i.e., muxes) and the logic for the primitives Shadow and Clyde.
## Spook Protected Architecture
Here is described the architecture of the datapath for the protected Spook HW core. The main difference with
the unprotected case is that the Clyde primitive is strongly protected against Side-Channel-Attacks(SCAs), using
high-order masking. Additionally, the long term key is stored as a sharing instead of raw data.
the unprotected case is that the Clyde primitive is implementing countermeasures against Side-Channel-Attacks(SCAs). In this implementation, it makes use of masking with [Cassiers et al.](https://eprint.iacr.org/2020/185) scheme.
Additionally, the long term key is stored as a sharing instead of raw data.
Last but not least, the tag verification process is performed using the inverse operation of Clyde.
### Quick Overview
......@@ -234,7 +234,7 @@ Last but not least, the tag verification process is performed using the inverse
Since Shadow does not need to be masked, both primitives are implemented as independant modules. On top of these
some routing (i.e., muxes) redirect the data in an appropriate manner. As for the unprotected case, the
primitives process the data serially on reduced parts of the state in order to reduce the logical cost.
More especially, modules for Shadow's Round A and Round B each compute over 128bits parts of the state and are processed
More especially, modules for Shadow's Round A and Round B each computes over 128-bit parts of the state and are processed
sequentially (i.e., 4 cycles for RA then 4 cycles for RB). Additionally, the Clyde core is implemented with independant
Sbox layer and Lbox layer (typically 8 Sboxes and 1 Lbox), both being also processed sequentially to perform a round function.
Finally, the inverse Sbox is implemented using the direct Sbox logic with two additional linear
......@@ -255,7 +255,7 @@ Next, the amount of shares used for the masking scheme is denoted by `d`.
As shown next, the Clyde module is separated in two mechanisms: the Clyde computation itself and the
generation/handling of the randomness. The computation takes as input the sharing of the key (i.e., the `sharing_key` bus), the
tweak (i.e., the `tweak` bus) and either the plaintext or the ciphertext (i.e., the `data_in` bus). The control signal `inverse` is used to
specify to the core wich operation (i.e., encryption or decryption) is currently perfomed. Next, controls signals will be represented in blue.
specify to the core which operation (i.e., encryption or decryption) is currently perfomed. Next, control signals will be represented in blue.
The randomness is generated by the use of two (similar) instances of a maximum length
[128-bits LFSR](https://www.xilinx.com/support/documentation/application_notes/xapp210.pdf) (i.e., the `prng_unit` module). Seeds can be
sent to these instances through the `feed_data` signal by the mean of a `SEED` segment, as explained above.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment