 Hello, I am Ziting. I want to be there to give you a presentation of PL Crypto or Symmetrical Crypto Graphic Library for Programmer Bologics Councilors. A Pro-Grammar Bologics Councilor PLC is an industrial computer that has been widely used for the council of manufacturing processes, such as assembly lines, machines, robotic devices, or any activity that requires high-end durability is of programming and process both diagnosis with the development of industrial Internet of Things. The industrial control systems are connected to the Internet, so many processes have therefore become the primary targets of detectors to compromise. However, the commercial processes may lack proper security functions, like encryption and authentication. For example, suppose detectors are somehow connected to the operational technology network. In that case, they can easily intercept and manipulate the communication between processes and gather. So, the detectors can simply send managers command to the PLC to sabotage the phasic processes. A common way to enhance the security of PLC is to use the cryptographic algorithms to protect the communication and data. To do so, it is possible to modify the firmware to implement the cryptographic algorithms. But the firmware is closed source, so this approach cannot be done by the third party. We can also buy the secure module from the manufacturer. However, it might be very expensive, or it may be not supported by some nigger-side processes. In this work, we are motivated to implement the cryptographic algorithms based on the logic counseling of PLC itself using the standard program language structured text, which is free to use and easy to program like other high-level programming language. To the best of our knowledge, PLC is the first ST best cryptographic library that is its fuel-table and commercial process. In PLC, we implemented a wide range of symmetric cryptographic schemes, which provide the most desirable security properties and functionalities, confidential entity, integrity, and pseudo-randomness. We also realized a protocol called proof-of-levelness as a case study to show how to use the implemented cryptographic algorithms. What are the challenges on security and efficiently implementing PLC? I'm going to introduce the answers of this research question. The first challenge we meet here is the programming language. The structured text consists of a series of instructions, as in high-level languages, like if-then-else, or loops, while-do, but it only supports fuel-table, at least in the table. Our experimental plan for the unknown-byed-need PLC does not support the outside integer. Also, it does not have shaped loaded operations, and low instructions can access memory addresses like, say, those limitations of ST increase the difficulty of the implementation. However, the ST also has some advantages that we could leverage. It can directly access each bit of an int variable. Later, I will show such bitwise operation can be used to optimize the implementation. The second challenge is caused by the remote monitoring capability of PLC. PLC allows one to accurately monitor things in a real-time manner, even when each is running. The administrator can read and write tags and modify the programs. The modification of a program can be easily prevented by switching the PLC to a remote. The main challenge here is how to securely deal with the tag monitor, which should be carefully studied. We formally call the tag manipulation capabilities of the advanced array as tag manipulation attacks. The TMS are unical on PLC, and the TMS would jeopardize not only the confidential entity, but also the integrity of critical tag views. For example, if we store a cryptographic key in a tag, then it might be obtained by the attackers to thoroughly break the corresponding cryptographic scheme. So, one of the major goals in the implementation of PLC is to prevent the TMA. We also know that low extra trusted hardware is used to store the cryptographic securities for PLC, since we want to propose the low-cost solution. Next, I'm going to show how to prevent TMA. Before that, let's first review an important notion of PLC, the SCAN cycle. SCAN cycle is a cycle in which the PLC gathers the inputs, runs the PLC program sequentially, and then updates the outputs. So, PLC operates by continually scanning programs and repeat these process many times. The PLC program can run different types of tasks, such as continuance, event, or periodic. We note that the event and periodic tasks cannot be interacted by the communication tasks. So, in a periodic task, low rate, right, operations can be done within a SCAN cycle. However, the adversary can still read and write tags between two SCAN cycles. So, our countermeasure for this is to design hard coding techniques in our implementation. Basically, we can use kinds of hard coding strategies. The first one is hard coding with runtime loading. Why we need this one? Because if we load the tag views once and use them across multiple SCAN cycles, then the adversary can read them at the end of each SCAN cycle. In our first hard coding strategy, an algorithm must load the concrete views of critical tags on the fly at the beginning of each SCAN cycle. We can also use a tag with the concrete view there. At the end of the execution, the algorithm should erase the tag to be zero. In this way, the adversary can only read zero views. However, the first strategy is not efficient if the number of tags is zero. This approach may become a performer's botanical of the implementation. For example, there can be over 2,000 assemblies in the implementation of a subset stack-based one-way function. So, we propose a larger hard coding strategy to a hard-coded tag view at where it is used. For Iim creation, TI equals QMI plus AI. Where AI stores a separate tag view, then we can transfer it into an equivalent statement by replacing the tag AI to be its concrete view. Another issue that we consider about is the performers. We note that it is possible to make use of the bitwise operations to optimize our implementations. First, we can obtain a bit for free, unlike the same language that needs shifting and other logic operations. What can we do with this? For example, we can directly obtain the carry bit in big integer audition, which can be done by a single variable, and erase bits with free-chip assemblies. Like this, we can also tenor the bitwise move operations to move a bit to the target position with one assemblies statement, like this. So that we can efficiently implement the basic functionalities, including shift, rotate, and permutation box. Lastly, we can merge bitwise operations of our procedure, like permutation box, into other procedures, like substitution box, instead of excluding these procedures independently. We apply this optimization in the implementation of present, that we can run the permutation box to each intermediate substitution result on the fly, rather than at the end of the substitution procedure. To avoid the steps for assembling the small intermediate substitution results to a large view, as in the implementation of present. Now, I summarized the selection query theory of cryptographic algorithms in PL-crypto as follows. Most of the snitted algorithms are standardized by either S or LIST, which are wildly accepted in practice. We also tried to say that algorithms that have good performance on PLC, such as subset sound-based runway function and spec. Specifically, algorithms that are easy to play-compute their expensive operations could reduce the computation cost, such as Beton, which can play-compute the S box and P box, related operations. Relatively, the above bitwise optimization structures can optimize algorithms that comprise of many bitwise operations, such as permutation box. Lastly, we selected algorithms with short-case and parameters SKT, since case and parameters should be hard-called due to TMA. This query would also affect the size of the code. You can have a look at the course-drawn-in selection criteria and the techniques that were used to implement the course-drawn-in algorithms in PL-crypto. Next, I'll show some examples of implementation. The first one is a subset sound-based runway function. Such one-way function has a parameter A, which consists of LN numbers, which is LN bit, an input of LN bit view X. The one-way function is computed based on following equation. Finally, each bit of X is used to determine whether the course-drawn-in parameter small ai will be added. We first study the importance of hard-coding the parameters. The big A, consider the situation that one initializes the parameter A once with a separate initialization task, but use it repeatedly across excursions, scan cycles. However, when such an initialization task is done, the network detectors are able to modify A to launch a tag manipulation attack to recover the image X. For example, to obtain J-speed X, the attacker only needs to set a J to be long zero and all other small X to be zero. It is obvious that the invaluation result of one-way function would be either AJ or zero. That could be used to infer XJ trivially. Since the LA is not small, we adopt the HCWU2 hard code, the core statement involving AIJ. Note that we cannot use the loop statement anymore due to the hard coding of A. So we use Python to pre-generate those concrete hard code statements like the following figure. We use the similar idea to realize the shaped and rotated functionalities. The left figure is the pseudo code for hard coding, and the right figure is the resulting S2 code. In the implementation of present, we combine the operations in SBOX and PBOX. From the pseudo code of the present, that way implemented base tags. We visualize the SBOX and PBOX using single-fold instruction. Let me, we implement the SBOX and PBOX together for each nibble of a state rather than a scooting thing one after another. You can say the hard coding implementation of SP layer of present. Finally, we show the benchmark results of our implementations. We use a conventional POC from Alan Whitney to run the implemented algorithms. The performance of one-way function and block ciphers can be found in the following table. We can say that the performance of those algorithms on POC is practical. And all operations only need a few milliseconds. In particular, the encryption of present is faster than statement. That is contrary to the result on other platform. Since the implementation of present can be better optimized based on bitwise operations. The performance of JSC and the corresponding PRF, PRG are practical as well. However, the performance of these hash functions are not very good on PLC. Since they require many arithmetic operations that are not very supported on PLC. That's our summary. Thank you for listening.