Efficient advanced encryption standard implementation using lookup and normal basis

A new type of advanced encryption standard (AES) implementation using a normal basis is presented. The method is based on a lookup technique that makes use of inversion and shift registers, which leads to a smaller size of lookup for the S-box than its corresponding implementations. The reduction in the lookup size is based on grouping sets of inverses into conjugate sets which in turn leads to a reduction in the number of lookup values. The above technique is implemented in a regular AES architecture using register files, which requires less interconnect and area and is suitable for security applications. The results of the implementation are competitive in throughput and area compared with the corresponding solutions in a polynomial basis.

Generic Architecture and Semiconductor Intellectual Property Cores for Avanced Encryption Standard Cryptography

A generic architecture for implementing the advanced encryption standard (AES) encryption algorithm in silicon is proposed. This allows the instantiation of a wide range of chip specifications, with these taking the form of semiconductor intellectual property (IP) cores. Cores implemented from this architecture can perform both encryption and decryption and support four modes of operation: (i) electronic codebook mode; (ii) output feedback mode; (iii) cipher block chaining mode; and (iv) ciphertext feedback mode. Chip designs can also be generated to cover all three AES key lengths, namely 128 bits, 192 bits and 256 bits. On-the-fly generation of the round keys required during decryption is also possible. The general, flexible and multi-functional nature of the approach described contrasts with previous designs which, to date, have been focused on specific implementations. The presented ideas are demonstrated by implementation in FPGA technology. However, the architecture and IP cores derived from this are easily migratable to other silicon technologies including ASIC and PLD and are capable of covering a wide range of modem communication systems cryptographic requirements. Moreover, the designs produced have a gate count and throughput comparable with or better than the previous one-off solutions.

Rijndael FPGA implementations utilising look-up tables

This paper presents single-chip FPGA Rijndael algorithm implementations of the Advanced Encryption Standard (AES) algorithm, Rijndael. In particular, the designs utilise look-up tables to implement the entire Rijndael Round function. A comparison is provided between these designs and similar existing implementations. Hardware implementations of encryption algorithms prove much faster than equivalent software implementations and since there is a need to perform encryption on data in real time, speed is very important. In particular, Field Programmable Gate Arrays (FPGAs) are well suited to encryption implementations due to their flexibility and an architecture, which can be exploited to accommodate typical encryption transformations. In this paper, a Look-Up Table (LUT) methodology is introduced where complex and slow operations are replaced by simple LUTs. A LUT-based fully pipelined Rijndael implementation is described which has a pre-placement performance of 12 Gbits/sec, which is a factor 1.2 times faster than an alternative design in which look-up tables are utilised to implement only one of the Round function transformations, and 6 times faster than other previous single-chip implementations. Iterative Rijndael implementations based on the Look-Up-Table design approach are also discussed and prove faster than typical iterative implementations.

Design and analysis of dual-rail circuits for security applications

Dual-rail encoding, return-to-spacer protocol, and hazard-free logic can be used to resist power analysis attacks by making energy consumed per clock cycle independent of processed data. Standard dual-rail logic uses a protocol with a single spacer, e.g., all-zeros, which gives rise to energy balancing problems. We address these problems by incorporating two spacers; the spacers alternate between adjacent clock cycles. This guarantees that all gates switch in every clock cycle regardless of the transmitted data values. To generate these dual-rail circuits, an automated tool has been developed. It is capable of converting synchronous netlists into dual-rail circuits and it is interfaced to industry CAD tools. Dual-rail and single-rail benchmarks based upon the advanced encryption standard (AES) have been simulated and compared in order to evaluate the method and the tool.

Hardware Comparison of the ISO/IEC 29192-2 Block Ciphers

As ubiquitous computing becomes a reality, sensitive information is increasingly processed and transmitted by smart cards, mobile devices and various types of embedded systems. This has led to the requirement of a new class of lightweight cryptographic algorithm to ensure security in these resource constrained environments. The International Organization for Standardization (ISO) has recently standardised two low-cost block ciphers for this purpose, Clefia and Present. In this paper we provide the first comprehensive hardware architecture comparison between these ciphers, as well as a comparison with the current National Institute of Standards and Technology (NIST) standard, the Advanced Encryption Standard.

Power Spectral Density Side-Channel Attack Overlapping Window Method

Cryptographic algorithms have been designed to be computationally secure, however it has been shown that when they are implemented in hardware, that these devices leak side channel information that can be used to mount an attack that recovers the secret encryption key. In this paper an overlapping window power spectral density (PSD) side channel attack, targeting an FPGA device running the Advanced Encryption Standard is proposed. This improves upon previous research into PSD attacks by reducing the amount of pre-processing (effort) required. It is shown that the proposed overlapping window method requires less processing effort than that of using a sliding window approach, whilst overcoming the issues of sampling boundaries. The method is shown to be effective for both aligned and misaligned data sets and is therefore recommended as an improved approach in comparison with existing time domain based correlation attacks.

High-performance FPGA implementation of DES using a novel method for implementing the key schedule

A generic, parameterisable key scheduling core is presented, which can be utilised in pipelinable private-key encryption algorithms. The data encryption standard (DES) algorithm, which lends itself readily to pipelining, is utilised to exemplify this novel key scheduling method and the broader applicability of the method to other encryption algorithms is illustrated. The DES design is implemented on Xilinx Virtex FPGA technology. Utilising the novel method, a 16-stage pipelined DES design is achieved, which can run at an encryption rate of 3.87 Gbit/s. This result is among the fastest hardware implementations and is a factor 28 times faster than software implementations.

WHIRLBOB, the Whirlpool Based Variant of STRIBOB: Lighter, Faster, and Constant Time

WHIRLBOB, also known as STRIBOBr2, is an AEAD (Authenticated Encryption with Associated Data) algorithm derived from STRIBOBr1 and the Whirlpool hash algorithm. WHIRLBOB/STRIBOBr2 is a second round candidate in the CAESAR competition. As with STRIBOBr1, the reduced-size Sponge design has a strong provable security link with a standardized hash algorithm. The new design utilizes only the LPS or ρ component of Whirlpool in flexibly domain-separated BLNK Sponge mode. The number of rounds is increased from 10 to 12 as a countermeasure against Rebound Distinguishing attacks. The 8 ×8 - bit S-Box used by Whirlpool and WHIRLBOB is constructed from 4 ×4 - bit “MiniBoxes”. We report on fast constant-time Intel SSSE3 and ARM NEON SIMD WHIRLBOB implementations that keep full miniboxes in registers and access them via SIMD shuffles. This is an efficient countermeasure against AES-style cache timing side-channel attacks. Another main advantage of WHIRLBOB over STRIBOBr1 (and most other AEADs) is its greatly reduced implementation footprint on lightweight platforms. On many lower-end microcontrollers the total software footprint of π+BLNK = WHIRLBOB AEAD is less than half a kilobyte. We also report an FPGA implementation that requires 4,946 logic units for a single round of WHIRLBOB, which compares favorably to 7,972 required for Keccak / Keyak on the same target platform. The relatively small S-Box gate count also enables efficient 64-bit bitsliced straight-line implementations. We finally present some discussion and analysis on the relationships between WHIRLBOB, Whirlpool, the Russian GOST Streebog hash, and the recent draft Russian Encryption Standard Kuznyechik.

Lattice-based Encryption Over Standard Lattices in Hardware

Lattice-based cryptography has gained credence recently as a replacement for current public-key cryptosystems, due to its quantum-resilience, versatility, and relatively low key sizes. To date, encryption based on the learning with errors (LWE) problem has only been investigated from an ideal lattice standpoint, due to its computation and size efficiencies. However, a thorough investigation of standard lattices in practice has yet to be considered. Standard lattices may be preferred to ideal lattices due to their stronger security assumptions and less restrictive parameter selection process. In this paper, an area-optimised hardware architecture of a standard lattice-based cryptographic scheme is proposed. The design is implemented on a FPGA and it is found that both encryption and decryption fit comfortably on a Spartan-6 FPGA. This is the first hardware architecture for standard lattice-based cryptography reported in the literature to date, and thus is a benchmark for future implementations.
Additionally, a revised discrete Gaussian sampler is proposed which is the fastest of its type to date, and also is the first to investigate the cost savings of implementing with lamda_2-bits of precision. Performance results are promising in comparison to the hardware designs of the equivalent ring-LWE scheme, which in addition to providing a stronger security proof; generate 1272 encryptions per second and 4395 decryptions per second.

Vandetanib with FOLFIRI in patients with advanced colorectal adenocarcinoma: results from an open-label, multicentre phase I study.

The safety and tolerability of vandetanib (ZACTIMA; ZD6474) plus FOLFIRI was investigated in patients with advanced colorectal cancer (CRC). METHODS: Patients eligible for first- or second-line chemotherapy received once-daily oral doses of vandetanib (100 or 300 mg) plus 14-day treatment cycles of FOLFIRI. RESULTS: A total of 21 patients received vandetanib 100 mg (n = 11) or 300 mg (n = 10) + FOLFIRI. Combination therapy was well tolerated at both vandetanib dose levels. There were no DLTs in the vandetanib 100 mg cohort and one DLT of hypertension (CTCAE grade 3) in the 300 mg cohort. The most common adverse events were diarrhoea (n = 20), nausea (n = 12) and fatigue (n = 10). Two patients (one in each cohort) discontinued vandetanib due to adverse events (rash, 100 mg cohort; hypertension, 300 mg cohort). There was no apparent pharmacokinetic interaction between vandetanib and FOLFIRI. Preliminary efficacy results included two confirmed partial responses in the 100 mg cohort and 9 patients with stable disease > or =8 weeks (100 mg, n = 7; 300 mg, n = 2). CONCLUSIONS: Once-daily vandetanib (100 or 300 mg) in combination with a standard FOLFIRI regimen was generally well tolerated in patients with advanced CRC.

The addition of cetuximab to oxaliplatin-based first-line combination chemotherapy for advanced colorectal cancer: results of the MRC COIN trial.

Background: In the Medical Research Council (MRC) COIN trial, the epidermal growth factor receptor (EGFR)-targeted antibody cetuximab was added to standard chemotherapy in first-line treatment of advanced colorectal cancer with the aim of assessing effect on overall survival.
Methods: In this randomised controlled trial, patients who were fit for but had not received previous chemotherapy for advanced colorectal cancer were randomly assigned to oxaliplatin and fluoropyrimidine chemotherapy (arm A), the same combination plus cetuximab (arm B), or intermittent chemotherapy (arm C). The choice of fluoropyrimidine therapy (capecitabine or infused fluouroracil plus leucovorin) was decided before randomisation. Randomisation was done centrally (via telephone) by the MRC Clinical Trials Unit using minimisation. Treatment allocation was not masked. The comparison of arms A and C is described in a companion paper. Here, we present the comparison of arm A and B, for which the primary outcome was overall survival in patients with KRAS wild-type tumours. Analysis was by intention to treat. Further analyses with respect to NRAS, BRAF, and EGFR status were done. The trial is registered, ISRCTN27286448.
Findings: 1630 patients were randomly assigned to treatment groups (815 to standard therapy and 815 to addition of cetuximab). Tumour samples from 1316 (81%) patients were used for somatic molecular analyses; 565 (43%) had KRAS mutations. In patients with KRAS wild-type tumours (arm A, n=367; arm B, n=362), overall survival did not differ between treatment groups (median survival 17·9 months [IQR 10·3—29·2] in the control group vs 17·0 months [9·4—30·1] in the cetuximab group; HR 1·04, 95% CI 0·87—1·23, p=0·67). Similarly, there was no effect on progression-free survival (8·6 months [IQR 5·0—12·5] in the control group vs 8·6 months [5·1—13·8] in the cetuximab group; HR 0·96, 0·82—1·12, p=0·60). Overall response rate increased from 57% (n=209) with chemotherapy alone to 64% (n=232) with addition of cetuximab (p=0·049). Grade 3 and higher skin and gastrointestinal toxic effects were increased with cetuximab (14 vs 114 and 67 vs 97 patients in the control group vs the cetuximab group with KRAS wild-type tumours, respectively). Overall survival differs by somatic mutation status irrespective of treatment received: BRAF mutant, 8·8 months (IQR 4·5—27·4); KRAS mutant, 14·4 months (8·5—24·0); all wild-type, 20·1 months (11·5—31·7).
Interpretation: This trial has not confirmed a benefit of addition of cetuximab to oxaliplatin-based chemotherapy in first-line treatment of patients with advanced colorectal cancer. Cetuximab increases response rate, with no evidence of benefit in progression-free or overall survival in KRAS wild-type patients or even in patients selected by additional mutational analysis of their tumours. The use of cetuximab in combination with oxaliplatin and capecitabine in first-line chemotherapy in patients with widespread metastases cannot be recommended.

A Phase I Trial of Bortezomib in Combination with Epirubicin, Carboplatin and Capecitabine (VECarboX) in Advanced Gastric and Gastro-oesophageal Junction Adenocarcinoma

PURPOSE:
The protease inhibitor bortezomib attenuates the action of NF-κB and has shown preclinical activity alone and in combination with chemotherapy.

DESIGN:
A Phase I dose-escalation study was performed administering bortezomib (0.7, 1.0, 1.3 and 1.6 mg m(-2) on days 1 and 8 from cycle 2 onwards) in combination with Epirubicin 50 mg m(-2) intravenously on day 1, Carboplatin AUC 5 day 1 and Capecitabine 625 mg m(-2) BD days 1-21 every 21 days (VECarboX regimen), in patients with advanced oesophagogastric adenocarcinoma. The primary objective was to define the maximum tolerated dose (MTD) of Bortezomib when combined with ECarboX.

RESULTS:
18 patients received bortezomib 0.7 (n = 6), 1.0 (n = 3), 1.3 (n = 6) and 1.6 mg m(-2) (n = 3) and a protocol amendment reducing the capecitabine dose to 500 mg m(-2) BD was enacted due to myelotoxicity. Common treatment-related non-haematological adverse events of any grade were fatigue (83.3 %), anorexia (55.6 %), constipation (55.6 %) and nausea (55.6 %). Common Grade 3/4 haematological toxicities were neutropenia (77.8 %) and thrombocytopenia (44.4 %). Objective responses were achieved in 6 patients (33.3 %) and a further 5 patients (27.8 %) had stable disease for >8 weeks.

CONCLUSIONS:
The addition of Bortezomib to ECarboX is well tolerated and response rates are comparable with standard chemotherapy.

Reduced soluble receptor for advanced glycation end-products (sRAGE) scavenger capacity precedes pre-eclampsia in Type 1 diabetes

Objective Increased advanced glycation end-products (AGEs) and their soluble receptors (sRAGE) have been implicated in the pathogenesis of pre-eclampsia (PE). However, this association has not been elucidated in pregnancies complicated by diabetes. We aimed to investigate the serum levels of these factors in pregnant women with Type 1 diabetes mellitus (T1DM), a condition associated with a four-fold increase in PE. Design Prospective study in women with T1DM at 12.2 ± 1.9, 21.6 ± 1.5 and 31.5 ± 1.7 weeks of gestation [mean ± standard deviation (SD); no overlap] before PE onset. Setting Antenatal clinics. Population Pregnant women with T1DM (n = 118; 26 developed PE) and healthy nondiabetic pregnant controls (n = 21). Methods Maternal serum levels of sRAGE (total circulating pool), N -(carboxymethyl)lysine (CML), hydroimidazolone (methylglyoxal-modified proteins) and total AGEs were measured by immunoassays. Main outcome measures Serum sRAGE and AGEs in pregnant women with T1DM who subsequently developed PE (DM PE+) versus those who remained normotensive (DM PE-). Results In DM PE+ versus DM PE-, sRAGE was significantly lower in the first and second trimesters, prior to the clinical manifestation of PE (P <0.05). Further, reflecting the net sRAGE scavenger capacity, sRAGE:hydroimidazolone was significantly lower in the second trimester (P <0.05) and sRAGE:AGE and sRAGE:CML tended to be lower in the first trimester (P <0.1) in women with T1DM who subsequently developed PE versus those who did not. These conclusions persisted after adjusting for prandial status, glycated haemoglobin (HbA1c), duration of diabetes, parity and mean arterial pressure as covariates. Conclusions In the early stages of pregnancy, lower circulating sRAGE levels, and the ratio of sRAGE to AGEs, may be associated with the subsequent development of PE in women with T1DM. © 2012 The Authors BJOG An International Journal of Obstetrics and Gynaecology © 2012 RCOG.

A Tunable Encryption Scheme and Analysis of Fast Selective Encryption for CAVLC and CABAC in H.264/AVC

Recently, two fast selective encryption methods for context-adaptive variable length coding and context-adaptive binary arithmetic coding in H.264/AVC were proposed by Shahid et al. In this paper, it was demonstrated that these two methods are not as efficient as only encrypting the sign bits of nonzero coefficients. Experimental results showed that without encrypting the sign bits of nonzero coefficients, these two methods can not provide a perceptual scrambling effect. If a much stronger scrambling effect is required, intra prediction modes, and the sign bits of motion vectors can be encrypted together with the sign bits of nonzero coefficients. For practical applications, the required encryption scheme should be customized according to a user's specified requirement on the perceptual scrambling effect and the computational cost. Thus, a tunable encryption scheme combining these three methods is proposed for H.264/AVC. To simplify its implementation and reduce the computational cost, a simple control mechanism is proposed to adjust the control factors. Experimental results show that this scheme can provide different scrambling levels by adjusting three control factors with no or very little impact on the compression performance. The proposed scheme can run in real-time and its computational cost is minimal. The security of the proposed scheme is also discussed. It is secure against the replacement attack when all three control factors are set to one.

Advanced glycation end-products and methionine sulphoxide in skin collagen of patients with type 1 diabetes

We determined whether oxidative damage in collagen is increased in (1) patients with diabetes; (2) patients with diabetic complications; and (3) subjects from the Diabetes Control and Complications Trial (DCCT)/Epidemiology of Diabetes Interventions and Complications (EDIC) study, with comparison of subjects from the former standard vs intensive treatment groups 4 years after DCCT completion.