Commit 422d61d9 authored by Momin Charles's avatar Momin Charles

Merge branch 'master' of git-crypto.elen.ucl.ac.be:cmomin/hw_ctf

parents 345e0a10 f332f800
......@@ -255,12 +255,14 @@ As shown next, the Clyde module is separated in two mechanisms: the Clyde comput
generation/handling of the randomness. The computation takes as input the sharing of the key (i.e., the `sharing_key` bus), the
tweak (i.e., the `tweak` bus) and either the plaintext or the ciphertext (i.e., the `data_in` bus). The control signal `inverse` is used to
specify to the core which operation (i.e., encryption or decryption) is currently perfomed. Next, control signals will be represented in blue.
The randomness is generated by using two (similar) instances of a maximum length
[128-bits LFSR](https://www.xilinx.com/support/documentation/application_notes/xapp210.pdf) (i.e., the `prng_unit` module). Seeds can be
sent to these instances through the `feed_data` signal by means of a `SEED` segment, as explained above.
A specific controller (i.e., the `stalling_unit`) is used to properly handle the interaction between the PRNGs and the Clyde logic (using the
`control_sig*`, `control_status*`and `stall_control*` signals). Basically, the latter enables the LFSRs and stalls the computation
core when randomness is required and not ready. It is also used as a control wrapper interface for the Clyde computation logic.
core when randomness is required and not ready. It is also used as a control wrapper interface for the Clyde computation logic. Note
that in the case of the CTF, the randomness is generated in 1 clock cycle and the computation core is thus not stalled.
<div align="center">
......@@ -336,11 +338,12 @@ inversely (the `MSKcols2bundle` module). These only consist in wiring modificati
</div>
A `MSKspook_sbox_dual` instance is implemented using dedicated logic for the Sbox operation. The inverse Sbox
operation is performed by reusing the Sbox logic with two additional linear layers (`MSKpre_inv_sbox` before
the sbox logic and `MSKpost_inv_sbox` after). In particular, the input of the Sbox logic comes either
from `MSKpre_inv_sbox` or from the instance input depending on the value of the `inverse` control signal.
Similarly, the output of the instance comes either from `MSKpost_inv_sbox` or from the output of the sbox.
A`MSKspook_sbox_dual` instance is mainly composed by the logic dedicated to perform the Sbox operation
(i.e., `MSKspook_spook`). The inverse Sbox operation is performed by reusing the Sbox logic with two
additional linear layers (`MSKpre_inv_sbox` before the sbox logic and `MSKpost_inv_sbox` after). In
particular, the input of the Sbox logic comes either from `MSKpre_inv_sbox` or from the instance
input depending on the value of the `inverse` control signal. Similarly, the output of the instance
comes either from `MSKpost_inv_sbox` or from the output of the sbox.
<div align="center">
......@@ -367,6 +370,19 @@ The different configurations are summed up in the following table:
</div>
The specific (and quite difficult) architure of a `MSKspook_sbox` instance is shown next. The labels used
directly reflect the related HDL code. Each color used represent a level in the pipeline.
A specificity is to be noted for the AND gates: these are implemented with one pipeline level and two
different latencies for the inputs. More especially, the inputs are expected to enter the
core at two successive clock cycles. Denoting these cycles c<sub>0</sub> and c<sub>1</sub>, the gate is
drawn with the color of the input expected at the cycle c<sub>0</sub>.
<div align="center">
![MSKspook_sbox](/spook_msk/schematics/MSKspook_sbox.jpg)
</div>
### Simulations Script (unix-like)
As mentionned above, the [simu](spook_msk/simu) contains the simulation script
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment