
TL;DR
This paper reviews memristive cryptography within the context of lightweight hardware cryptography, emphasizing its potential for secure, resource-efficient data protection in edge devices, and highlights the need for specialized cryptanalysis methods.
Contribution
It provides an overview of memristive cryptography, contrasting it with traditional methods, and underscores the necessity for developing memristive cryptanalysis techniques.
Findings
Memristive cryptography offers promising lightweight security solutions.
Current cryptanalysis methods are insufficient for memristive cryptography.
The paper highlights the need for specialized cryptanalysis approaches.
Abstract
Smaller, smarter and faster edge devices in the Internet of things era demands secure data analysis and transmission under resource constraints of hardware architecture. Lightweight cryptography on edge hardware is an emerging topic that is essential to ensure data security in near-sensor computing systems such as mobiles, drones, smart cameras, and wearables. In this article, the current state of memristive cryptography is placed in the context of lightweight hardware cryptography. The paper provides a brief overview of the traditional hardware lightweight cryptography and cryptanalysis approaches. The contrast for memristive cryptography with respect to traditional approaches is evident through this article, and need to develop a more concrete approach to developing memristive cryptanalysis to test memristive cryptographic approaches is highlighted.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
11institutetext: Nazarbayev University
An overview of memristive cryptography
Alex Pappachen James 11 [email protected]
Abstract
Smaller, smarter and faster edge devices in the Internet of things era demands secure data analysis and transmission under resource constraints of hardware architecture. Lightweight cryptography on edge hardware is an emerging topic that is essential to ensure data security in near-sensor computing systems such as mobiles, drones, smart cameras and wearables. In this article, the current state of memristive cryptography is placed in context of lightweight hardware cryptography. The paper provides a brief overview of the traditional hardware lightweight cryptography and cryptanalysis approaches. The contrast for memristive cryptography with respect to traditional approaches is evident through this article, and need to develop a more concrete approach to developing memristive cryptanalysis to test memristive cryptographic approaches is highlighted.
1 Introduction
The penetration of internet into every aspect of our lives also brings with it several challenges related to data security and privacy zhang2014iot ; dorri2017blockchain . Manipulation and misuse of data can have a substantial influence in the way we perceive and view our world cache2007hacking ; warren2006social . The cryptography katz1996handbook studies deals with encryption and decryption, while cryptanalysis stamp2007applied deals with the techniques to break encrypted systems. The existing cryptography methods balasubramanian2018recent are largely based on mathematical theories designed for computational hardness, with an aim to make it difficult for an adversary to break into such systems.
The vulnerability of the encryption techniques are often exposed through various side channel attacks zhou2005side ; brier2002weierstrass ; joy2011side and through high performance computing tools. It is expected that with future technologies such as quantum computing sergienko2018quantum can introduce massive parallelism that can make most of the encryption techniques look very weak. Given the challenges are significant in the years ahead, it is only important to address this topic in a hardware perspective in view of the challenges ahead with post-quantum cryptography era buchmann2018postquantum . The exclusive need to ensure secure data processing in edge devices with internet requires high speed and low power offered by hardware circuits that is not beatable by the existing software only counterparts damaj2018analysis .
The hardware based cryptography rajagopalan2012survey ; de2007high has been in use for several decades, as it offers a faster and efficient way to generate keys and random numbers. In addition, embedded in reconfigurable chips, or that in ASIC, it is practically difficult to decode the logic or implement various side channel attacks el2015survey . The dynamic nature of such keys makes it extremely hard to break. With advancement of wearable and internet of things devices, it becomes even more important to provide on-chip solutions, that are area and power efficient pantelopoulos2010survey . The ability to have low power solutions are important as many of these wearable works on limited battery capacity, and often require secure data transmission ometov2016feasibility . The implementation of the existing algorithmic only solutions are not efficient in such situations, and nano-electronic solutions become more viable .
In the last decade, there has been a substantial push towards more than Moore’s era technologies huff2008into ; williams2017s1 , with focus on emerging devices for non-traditional computing architectures and systems. This is required to overcome the limitations imposed by device scaling kahng2010scaling and the rapid need to have higher computational capabilities for edge devices krestinskaya2019neuro . In this review, we present the overall developments in the hardware based cryptography with specific focus on the use of memristor devices and networks. The importance of this topic lay in the intersection of memristor as an effective device used for chaotic system, having ability to switch states, and having interesting properties that resemble the generalisation functions of a neuron and its networks.
The paper is organised into five sections: section 2 provides an introduction to memristors and memristor networks, section 3 provides background on lightweight cryptography, section 4 builds on the previous section to introduce memristor cryptography and section 5 concludes the paper.
2 Memristor networks
The memristor (Fig. 1(a,b)) remained as an elusive circuit element for several decades, until the claims of this missing circuit element being found was proposed in 2008 strukov2008missing . After this, there have been a surge of memory devices that is deemed fit into the broad category of memristors. They find applications in as non-volatile memory, modelling neural networks, chaotic circuits, signal processing, and cryptography. In several of these applications, the most popular memristor circuit configurations is that of a memristor crossbar configuration (Fig. 1(c)), which can be used for memory array, and for dot-product computations.
2.1 Memristor in a nutshell
The memristor is considered as a fourth fundamental circuit element strukov2008missing ; chua1971memristor . There has been arguments in the recent past for and against this assertion vongehr2015missing ; abraham2018case . Nonetheless, there are several useful behavioural properties that makes memristor practically a very useful circuit element joglekar2009elusive ; ho2011dynamical ; corinto2018memristor . In a recent paper, five enigmas of non-volatile memristor device theory chua2018five were proposed and proved:
Enigma 1: All non-volatile memristors have continuum memories. 2. 2.
Enigma 2: Conductance of all non-volatile memristors can be tuned by applying single voltage pulses. 3. 3.
Enigma 3: Faster switching can always be achieved by increasing the pulse amplitude. 4. 4.
Enigma 4: Periodic unipolar input gives non-periodic finger-like multi-prong-pinched hysteresis loops. 5. 5.
Enigma 5: DC VI curves of non-volatile memristors are fakes.
These enigmas provide the summary of what we know today about idealistic memristor device. In fact, modelling of any realistic memristor with high accuracy is very challenging task. The underlying reason for this is largely due to the material characteristics of the devices that vary significantly from one device to another. The device level variability issues for large majority of memristor devices is still not resolved to completely validate with mathematical models with accuracy’s similar to standard CMOS technology. Any simulation of memristors without variability analysis is incomplete and does not reflect a realistic implementation. In contrast, the variability of memristor specific to a manufacturing process is often useful for cryptographic application such as to generate random keys and physically unclonable functions.
2.2 Crossbar arrays
The crossbar latch kuekes2005crossbar is one of the memristor array configuration that was shown to be useful for implementing various digital logic operations. The memristor crossbar array architecture can also be used for writing and reading conductance values of the memristor making it useful as a memory array. The crossbar architecture can also be used for building analog neural computing units.
In a crossbar arrangement of memristors mouttet2008proposal ; mouttet2007programmable ; vontobel2009writing , the inputs are applied to the rows as voltage signals and outputs are read as current signals. The current output is a weighted sum of input voltage, where the weights corresponds to the memristor conductancekim2011functional . Mathematically, this is equivalent to a dot product operator which is required for weighted summation of inputs in each neural network layer zhang2018neuromorphic ; krestinskaya2018analog . The two-terminal memristor devices are area efficient, and can help accelerate neural network computations at high speed and low power. The memristor crossbar can also be used as a regular memory array, with each memristor in the network is capable to be programmed to several discrete resistive states adam20173 ; lu2011two .
The variability of the memristor states from device to device under the same conditions and constraints, often is considered as a challenge for having stable analog memory irmanova2018neuron ; stathopoulos2017multibit . This makes the use of memristor as an analog memory in large crossbar array not practical, however, as a discrete state device and as a binary state device, they can be used effectively, in small arrays. The crossbar also suffers from sneak path problems, parasitic resistors, and wire resistors, that can further limit the large scaling of crossbar that can be implemented today li2018analogue ; krestinskaya2019memristive .
3 Lightweight cryptography
3.1 Cryptograpic methods
Lightweight cryptography eisenbarth2007survey works between the trade-offs of security, cost, and performance, and is focused at devices and systems on edge. The increase in internet connected devices, requires to build smarter systems that are secure using low-cost hardware solutions. The symmetric and asymmetric ciphers are essentially a major topic of study in hardware cryptography, each having a different set of applications. Hardware for asymmetric ciphers are more complex than symmetric ones, and consume more area on chip and power. For example, in terms of computational complexity, symmetric cipher such as the Advanced Encryption Standard (AES) daemen2013design algorithm is about 1000 much faster than an optimised elliptic-curve cryptography hankerson2011elliptic that is an asymmetric algorithm.
There exists several hardware implementations of ciphers such as Highthong2006hight , Clefiashirai2007128 , DESXL panasenko2011lightweight , DESL, SEAmoosavi2015sea , Hummingbirdengels2010hummingbird , PRESENTposchmann2009lightweight , PRINTcipherknudsen2010printcipher , mCryptonlim2005mcrypton , KLEINgong2011klein , TWINEtomoyasu2012twine , SIMON beaulieu2015simon , SPECKbeaulieu2015simon , PRINCEborghoff2012prince , PRIDEalbrecht2014block , LBLOCKwu2011lblock , MIBSizadi2009mibs , Puffin cheng2008puffin , ESFtripathy2013esf , Piccoloshibutani2011piccolo , Khudrakolay2014khudra etc in use today, making this an emerging topic of study for edge devices. In addition, there are also several requirements for AEADstruik2013aead and hash functionsbalasch2012compact , for lightweight cryptography, such as, they should be useful for short messages, optimised for resource constraint hardware, efficient key preprocessing, apply to different platforms, and have low power/energy/latency. The resource constraints also means that there are higher ’risk’ in design, lower security margins, and few number of components that can be targets of attacks.
3.2 Cryptanalysis methods
The analysis of the cryptography algorithms in general is known as cryptanalysisschneier2000self , and is an essential aspect of testing the reliability of the cryptography system for practical use. The major classes of attackssun2015links can be classified as based on impossible differentials, guess and determine, and that are dedicated for a given method. In classical differential attackkaraklajic2013hardware , the difference two outputs relative to the difference in pain text is tracked. In a truncated differential attacksknudsen1994truncated , changes to only part of the differences are predicted. The impossible differential attackskim2003impossible on the other hand uses a differential with probability 0. The Miss-in-the-middle biham1999miss improves over this, and by extending such approaches to forward and backward can give information of key bitswang2014cryptanalysis .
There have been numerous improvements to impossible differential attacks such as multiple impossible differentials, choosing the correctly the changes, state-test techniques, and improving the estimate of pairs boura2014scrutinizing . The example applications of impossible differential attacks includes a best attack on CLEFIA with 13 roundsmala2011impossible , improved best attacks for Camelliawu2007impossible , AES attacks comparable with best mitm ones in 7 rounds mala2010improved and LBlock with reduced rounds karakocc2012impossible .
The Meet-in-the-middlenishimura1990probability attack is relatively an old approach, that over the years have been improved using partial matchingwei2011improved , bicliquesbogdanov2011biclique , sieve- in-the-middlecanteaut2013sieve etc. This approach requires fewer data and is an applied tool. The bicliques method can be used to reduce the total number of computations, with the main focus of acceleration of exhaustive search. Bicliquesjeong2012biclique have been used for attacks on PRESENT, LED, KLEIN, HIGHT, Piccolo, TWINE, and LBlock.
Merging the lists and dissection algorithm such as that for divide-and-conquer and rebound attacks find applications in ARMADILLO2abdelraheem2011cryptanalysis , ECHO256naya2011improve , JH42naya2011rebound , Grøstlmendel2009rebound , Klein, AES-like, Sproutlallemand2015cryptanalysis , and Ketje. Among the popular algorithm specific attack schemes, such as for PRESENT, the most effective approach as been multiple linear attacks using Sieving, forward and backward computations leander2011linear .
4 Memristor cryptography
The majority of the cryptography works based on memristor circuits aim for low power and compact on-chip solution. Given that more and more devices are connected to internet, such solutions are ideally suitable for edge devices and can be considered within the class of lightweight cryptography solutions.
4.1 Chaotic systems
The memristor due to this resistive switching behaviour forms as an excellent choice for building chaotic circuitsmuthuswamy2010implementing ; zheng2018analysis . The cryptographic applicationyang1997cryptography of chaotic circuits range from that of random number generators to that for modelling dynamic systems. The state equations for chaotic systems can be parameterised using the memristor device, and offers an area efficient way to implement chaotic oscillators and circuits. The chaotic systems can be used to build chaotic encryptor and the chaotic decryptor for secure communication arafin2015survey . The memristor based chaotic system also finds application in image encryption wang2018memristor .
The use of random numbers are essential to ensure the difficulty of breaking a majority of cryptographic systems used today such as AES and RSAmiller1982rsa . The ability to guess the pseudo random numbers generated by conventional techniques within this algorithm can be a potential weakness that can be exploited by the attackers. A chaotic random number generatorscorinto2016memristor can overcome this issue by making it extremely difficult to predict the generated numbers.
4.2 Physical unclonable functions
Physical Unclonable Functions (PUFs) maes2016physically from electronic circuits has a unique microstructure that results from the variability introduced during semiconductor manufacturing. The physical variability are unpredictable making it impossible to replicate its structure. PUFs are implemented using challenge–response authentication, where it evaluates the underlying microstructure. For a given stimulus (or challenge), the microstructure responds (or response) in unpredictable but in a precise manner. The challenge-response pair (CRP) does not reveal the device structure and hence is resistant to spoofing attacks.
The cryptographic keys can be also obtained using key extractor PUFs. The PUF hardware costs lower that a ROM based CRP that uses table of responses to the challenges. Even with same manufacturing process, the PUF from one device to another will be different, making it unclonable and difficult to compute unknown response. Without knowing all the physical properties its practically not possible to predict CRPs. This essentially means that PUFs are useful as unique signatures for edge devices, and is also useful for key generation and a source of randomness.
The classical approaches to cryptography are often slow, energy consuming, and prone to various attacks. The physical unclonable functions suh2007physical are hardware tokens that depends on the intrinsic behavior of memristor networks, and maps a challenge to a response. The public physical unclonable functions (PPUF) beckmann2009hardware ; maes2010physically is one of the prominent build using memristor crossbar arraysrajendran2012nano ; gao2016emerging ; mazady2015memristor ; arafin2018memristors ; uddin2018design , and employs the non-idealities and characteristics of the memristor devices. Such PPUF can be used for multiple party security using keys, authentications, time stamping, and bit commitments.
Arguably, the most important aspect that makes memristor a suitable device for PUF is the ability to have randomness within a memristor network, making it a good building block for a complex physical system for extracting secret keys. In the past, the use of Ring Oscillator PUF (ROPUF)maiti2011improved , Arbiter PUF (APUF)tajik2014physical , and SRAM (Static Random Access Memory) PUF (SRAM PUF)garg2014design used digital designs testing on FPGAs or ASICs. However, with scaling, these systems become unstable due to dependence of temperature and practical signal integrity issues. The use of nanoelectronic systems such as based on memristor could become popular for generating large challenge-response pairs, as they prove to be area efficient and provides an option for generating more stable PUF such as within crossbar networkszhang2018nanoscale ; nili2018hardware . The PUF design with memristors can be also extended to develop reconfigurable PUFs using different memristor network configurations, which help generalise the PUF approach to larger number of key exchange schemesgao2018efficient .
4.3 Hash functions
The memristor crossbar can be used to build encrypted messaging systems, such as MemHashkvatinsky2018memristive ; azriel2017towards . In MemHash, a prefix and suffix is wrapped with original message. This message is further passed through a scrambler that is linear function of input bits, cycle count and a random value read from the crossbar array. This is used to generate an address and a value to write to the crossbar array. For the subsequent cycles, a differential read circuit is used to provide the input to the scrambler and for having a signature read-back.
The feasibility of using such hash functions in realistic systems requires further tests, as the quality of the crossbar devices can have an impact on how it is used in the hashing based algorithms. The interface circuits such as differential read block if inaccurate can have a significant impact on the performance of hash functions generated using the memhash systems. Nonetheless, this approach is useful as the technology matured and process related issues resolved.
4.4 Open challenges
Reliability issues
There exists several open challenges in this area of work. The field of memristor cryptography is challenged by the reliability issues of memristor devices. The device and process variability in memristor crossbars is a useful aspect of the design of most memristor cryptographic systems. However, there are several practical reliability issues that are not usually accounted for in the design such as effect of aging, state variability, signal integrity and, electromagnetics issues.
Variability
The integration of the CMOS circuits with that of the memristor arrays in a cryptography chip is not a trivial task. Since the variability between a non-ideal memristor crossbar from one chip to another can be high, the process related variability that acts as an encoding signature expected from these devices would be hard to replicate under the effect of aging and temperature changes.
Architecture robustness
The system integration and architecture for memristor cryptography is another open problem. While there are few class of architectures such as based on PUF and hash functions, they could be prone to side channel attacks when the designs are of small scale. Further, communication errors on-chip and off-chip can be explored by adversaries to model the behaviour of the encryption scheme.
Hardware acceleration
The speed-up of traditional hardware implementations of cryptography algorithms is an on-going challenge for edge devices. There are dedicated cryptography chips that are incorporated as a co-processor in modern commercial edge devices. These co-processors uses digital gates and random number generators, which could be in future efficiently implemented with memristor threshold logic gates and chaotic generators.
Neural cryptography
Neural cryptography is an emerging field of study that is yet to be proven to be a useful cryptography solution. In this approach, the human is kept out of the loop, while the encryption, decryption and adversaries are all neural network machines. Given that several different types of neural networks can be implemented with memristor crossbar arrays, it is possible to built and deploy the memristive neural cryptography solutions in the upcoming years.
5 Discussions and concluding remarks
The hardware security primitives are required to provide on-chip solutions that work at high speeds and provide additional layer of security as it is difficult to physically identify the on-chip circuits, and reduces the chance of the attacker to crack such systems. However, as a caution of note, the cryptanlysis for the memristor cryptographic systems is not a developed field. The understanding for dedicated attacks needs to be further investigated. The design ’risk’, low security margin, and fewer number of components in the memristor systems offers certain room for attacks. These systems are not yet fully tested for practical use.
The use of memristor circuits in traditional lightweight cyptographic methods for edge devices is an important and open problem. Since memristor networks can serve as associative memories they could be incorporated into different algorithmic cryptographic methods. The memristor circuits are also a good source for random key generation, that can make it useful for various traditional cryptographic methods.
The memristor behaviours are hard to replicate under realistic conditions. This makes it a good candidate for the PUFs. On the other hand, the impact of reliability, number of write-erase cycles, stability and the interconnect issues are not very well studied for practical use to build memristive cryptographic chips. The cryptanalysis over such hardware issues are nearly not studied at this stage in a practical context, and a substantial progress is required for memristive chips to be of realistic use in modern cryptography.
6 Author contribution statement
All contributions in the writing of this paper is done by A.P. James.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1(1) Mohamed Ahmed Abdelraheem, Céline Blondeau, María Naya-Plasencia, Marion Videau, and Erik Zenner. Cryptanalysis of armadillo 2. In International Conference on the Theory and Application of Cryptology and Information Security , pages 308–326. Springer, 2011.
- 2(2) Isaac Abraham. The case for rejecting the memristor as a fundamental circuit element. Scientific reports , 8(1):10972, 2018.
- 3(3) Gina C Adam, Brian D Hoskins, Mirko Prezioso, Farnood Merrikh-Bayat, Bhaswar Chakrabarti, and Dmitri B Strukov. 3-d memristor crossbars for analog and neuromorphic computing applications. IEEE Transactions on Electron Devices , 64(1):312–318, 2017.
- 4(4) Martin R Albrecht, Benedikt Driessen, Elif Bilge Kavun, Gregor Leander, Christof Paar, and Tolga Yalçın. Block ciphers–focus on the linear layer (feat. pride). In International Cryptology Conference , pages 57–76. Springer, 2014.
- 5(5) Md Tanvir Arafin, Carson Dunbar, Gang Qu, N Mc Donald, and L Yan. A survey on memristor modeling and security applications. In Sixteenth International Symposium on Quality Electronic Design , pages 440–447. IEEE, 2015.
- 6(6) Md Tanvir Arafin and Gang Qu. Memristors for secret sharing-based lightweight authentication. IEEE Transactions on Very Large Scale Integration (VLSI) Systems , (99):1–13, 2018.
- 7(7) Leonid Azriel and Shahar Kvatinsky. Towards a memristive hardware secure hash function (memhash). In 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) , pages 51–55. IEEE, 2017.
- 8(8) Josep Balasch, Bariş Ege, Thomas Eisenbarth, Benoit Gérard, Zheng Gong, Tim Güneysu, Stefan Heyse, Stéphanie Kerckhof, François Koeune, Thomas Plos, et al. Compact implementation and performance evaluation of hash functions in attiny devices. In International Conference on Smart Card Research and Advanced Applications , pages 158–172. Springer, 2012.
