Commit f332f800 authored by Momin Charles's avatar Momin Charles

add sbox explanatino

parent ec73107e
...@@ -255,12 +255,14 @@ As shown next, the Clyde module is separated in two mechanisms: the Clyde comput ...@@ -255,12 +255,14 @@ As shown next, the Clyde module is separated in two mechanisms: the Clyde comput
generation/handling of the randomness. The computation takes as input the sharing of the key (i.e., the `sharing_key` bus), the generation/handling of the randomness. The computation takes as input the sharing of the key (i.e., the `sharing_key` bus), the
tweak (i.e., the `tweak` bus) and either the plaintext or the ciphertext (i.e., the `data_in` bus). The control signal `inverse` is used to tweak (i.e., the `tweak` bus) and either the plaintext or the ciphertext (i.e., the `data_in` bus). The control signal `inverse` is used to
specify to the core which operation (i.e., encryption or decryption) is currently perfomed. Next, control signals will be represented in blue. specify to the core which operation (i.e., encryption or decryption) is currently perfomed. Next, control signals will be represented in blue.
The randomness is generated by using two (similar) instances of a maximum length The randomness is generated by using two (similar) instances of a maximum length
[128-bits LFSR](https://www.xilinx.com/support/documentation/application_notes/xapp210.pdf) (i.e., the `prng_unit` module). Seeds can be [128-bits LFSR](https://www.xilinx.com/support/documentation/application_notes/xapp210.pdf) (i.e., the `prng_unit` module). Seeds can be
sent to these instances through the `feed_data` signal by means of a `SEED` segment, as explained above. sent to these instances through the `feed_data` signal by means of a `SEED` segment, as explained above.
A specific controller (i.e., the `stalling_unit`) is used to properly handle the interaction between the PRNGs and the Clyde logic (using the A specific controller (i.e., the `stalling_unit`) is used to properly handle the interaction between the PRNGs and the Clyde logic (using the
`control_sig*`, `control_status*`and `stall_control*` signals). Basically, the latter enables the LFSRs and stalls the computation `control_sig*`, `control_status*`and `stall_control*` signals). Basically, the latter enables the LFSRs and stalls the computation
core when randomness is required and not ready. It is also used as a control wrapper interface for the Clyde computation logic. core when randomness is required and not ready. It is also used as a control wrapper interface for the Clyde computation logic. Note
that in the case of the CTF, the randomness is generated in 1 clock cycle and the computation core is thus not stalled.
<div align="center"> <div align="center">
...@@ -336,11 +338,12 @@ inversely (the `MSKcols2bundle` module). These only consist in wiring modificati ...@@ -336,11 +338,12 @@ inversely (the `MSKcols2bundle` module). These only consist in wiring modificati
</div> </div>
A `MSKspook_sbox_dual` instance is implemented using dedicated logic for the Sbox operation. The inverse Sbox A`MSKspook_sbox_dual` instance is mainly composed by the logic dedicated to perform the Sbox operation
operation is performed by reusing the Sbox logic with two additional linear layers (`MSKpre_inv_sbox` before (i.e., `MSKspook_spook`). The inverse Sbox operation is performed by reusing the Sbox logic with two
the sbox logic and `MSKpost_inv_sbox` after). In particular, the input of the Sbox logic comes either additional linear layers (`MSKpre_inv_sbox` before the sbox logic and `MSKpost_inv_sbox` after). In
from `MSKpre_inv_sbox` or from the instance input depending on the value of the `inverse` control signal. particular, the input of the Sbox logic comes either from `MSKpre_inv_sbox` or from the instance
Similarly, the output of the instance comes either from `MSKpost_inv_sbox` or from the output of the sbox. input depending on the value of the `inverse` control signal. Similarly, the output of the instance
comes either from `MSKpost_inv_sbox` or from the output of the sbox.
<div align="center"> <div align="center">
...@@ -367,6 +370,19 @@ The different configurations are summed up in the following table: ...@@ -367,6 +370,19 @@ The different configurations are summed up in the following table:
</div> </div>
The specific (and quite difficult) architure of a `MSKspook_sbox` instance is shown next. The labels used
directly reflect the related HDL code. Each color used represent a level in the pipeline.
A specificity is to be noted for the AND gates: these are implemented with one pipeline level and two
different latencies for the inputs. More especially, the inputs are expected to enter the
core at two successive clock cycles. Denoting these cycles c<sub>0</sub> and c<sub>1</sub>, the gate is
drawn with the color of the input expected at the cycle c<sub>0</sub>.
<div align="center">
![MSKspook_sbox](/spook_msk/schematics/MSKspook_sbox.jpg)
</div>
### Simulations Script (unix-like) ### Simulations Script (unix-like)
As mentionned above, the [simu](spook_msk/simu) contains the simulation script As mentionned above, the [simu](spook_msk/simu) contains the simulation script
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment