History of Updates
v2.0 : December 5, 2017
- Support for the development of lightweight implementations of authenticated ciphers:
- VHDL code for the lightweight PreProcessor, PostProcessor, Header/Tag FIFO, Top-Level Unit, etc., in the folder $ROOT/hardware/AEAD/src_rtl_lw
- VHDL code for the lightweight dummy1 authenticated cipher, with the three different values of the PDI, SDI, and DO port widths (8, 16, and 32 bits),
in the folder $ROOT/hardware/lw_examples
- Improved support for the development of high-speed implementations of authenticated ciphers:
- Revised VHDL code for the high-speed PreProcessor, PostProcessor, Top-Level Unit, etc., in the folder $ROOT/hardware/AEAD/src_rtl_hs,
taking into account experiences with the implementation of multiple Round 2 and Round 3 CAESAR Candidates, including changes, such as
- introducing enhanced handshaking mechanism for the transfer of the message authentication result from the CipherCore to the PostProcessor during authenticated decryption
- fixing a bug that caused an incorrect behavior when the input data bus was idle in a certain state
- fixing a stall bug that manifested itself when DBLK_SIZE = W
- fixing a stall bug that manifested itself when ABLK_SIZE < DBLK_SIZE.
- Improved support for experimental testing using FPGA boards, in applications
with intermittent availability of input sources and output destinations.
- Added reference implementations of all previously missing Round 2 and Round 3 CAESAR
candidates to the folder $ROOT/software/CAESAR, based on SUPERCOP, release 20171020
- Modified and extended examples of the test vector generating scripts located
in the folder $ROOT/software/aeadtvgen/examples
- The authors would like to express special gratitude to the colleagues
from Technische Universitat Munchen (TUM), Germany - Michael Tempelmeier
and Fabrizio De Santis - for reporting multiple
problems related to practical experimental testing of CAESAR
candidate cores and for validating several example cores developed using
the new Development Package.
v1.0-3 : June 10, 2016
- Modified the implementation of the dummy1 authenticated cipher by
eliminating the use of the Length Segment.
- Modified the implementation of the dummy2 authenticated cipher
by taking into account the new format of the Length Segment,
recommended in the
Addendum to the CAESAR Hardware API v1.0.
- Added support for Two-Pass CipherCore.
- Added support for PAD_STYLE = 2 (ICEPOLE padding rule).
- Updated the universal testbench, hardware/AEAD/src_tb/AEAD_TB.vhd,
to make it compatible with designs for which w < 32.
- Improved and extended help of aeadtvgen (test vector generator).
- Introduced the following modifications to the arguments of aeadtvgen,
in support of the changes recommended in the
Addendum to the CAESAR Hardware API v1.0:
- Added the --offline option. This option automatically adds the
Length segment as the first segment in the input to the hardware
cipher core. The exact format of the length segment is described
in the aforementioned Addendum.
- Removed the --len_format option.
- Introduced the following additional modifications to the arguments of aeadtvgen:
- Added the --gen_custom_mode option to specify the type of data to
be generated when using --gen_custom.
- Added the --ciph_exp_noext option. This option indicates that the
reference ciphertext expansion algorithm does not automatically add
an extra ciphertext block when the message size is a multiple of
a block size. Note: This option needs to be specified, for example,
- Fixed --gen_custom 'decrypt' parameter. It was previously deasserted
when set to True and asserted when set to False.
- Fixed the implementation of the --gen_single option.
- Fixed the implementation of the --add_partial option.
- Set the reserved bits in the instructions for AEAD
(being a part of test vectors generated by aeadtvgen) to 0.
- Improved dummyN.py scripts located in software/aeadtvgen/examples to make
them more readable and easier to use.
- Revised dummy1.py and dummy2.py scripts by eliminating the
len segment in --msg_format, and adding the option -offline in dummy2.py.
v1.0-2 : May 19, 2016
- Fixed a problem that appeared when the public message number size was larger
than the data (message/ciphertext) block size, DBLK_SIZE, e.g.,
public message number size = 128 and DBLK_SIZE = 64.
- Fixed a problem related to ciphers supporting the padding mode in
which an extra block of padding is added when the size of AD/Message is a non-zero multiple
of a block size (generic values: PAD_AD > 2 and/or PAD_D > 2).
The problem appeared, in particular, when AD and/or Message were divided into
- Fixed a problem that appeared for G_W > G_SW.
- Fixed an inconsistency with the Implementer's Guide, Figure 5.3,
related to the behavior of the key_update signal.
key_update was deactivated prematurely, before the clock cycle
with the active values of key_valid and key_ready.
- Improved the performance of the registered mode of the PreProcessor.
- Fixed a bug in the generation of test vectors, resulting in the misplacement
of the tag segment in the expected output from authenticated encryption.
This bug appeared as a result of the -msg_format option, for ciphers
in which the tag segment should be located before the AD/ciphertext segment
in the input to decryption.
v1.0-1 : Initial release : May 12, 2016