Comparing Performances of Cypress Block Cipher and Modern Lighweight Block Ciphers on Different Platforms

AbstractRecently, cryptographic literature has seen new block cipher designs such as , or that aim to be more lightweight than the current standard, i.e., . Even though family of block ciphers were designed two decades ago, they still remain as the de facto encryption standard, with being the most widely deployed variant. In this work, we revisit the combined one-in-all implementation of the family, namely both encryption and decryption of each as a single ASIC circuit. A preliminary version appeared in Africacrypt 2019 by Balli and Banik, where the authors design a byte-serial circuit with such functionality. We improve on their work by reducing the size of the compact circuit to 2268 GE through 1-bit-serial implementation, which achieves 38% reduction in area. We also report stand-alone bit-serial versions of the circuit, targeting only a subset of modes and versions, e.g., and . Our results imply that, in terms of area, and can easily compete with the larger members of recently designed family, e.g., , . Thus, our implementations can be used interchangeably inside authenticated encryption candidates such as , or in place of .

Download Full-text

Efficient Implementation of PRESENT and GIFT on Quantum Computers

Applied Sciences ◽

10.3390/app11114776 ◽

2021 ◽

Vol 11 (11) ◽

pp. 4776

Author(s):

Kyungbae Jang ◽

Gyeongju Song ◽

Hyunjun Kim ◽

Hyeokdong Kwon ◽

Hyunji Kim ◽

...

Keyword(s):

Block Cipher ◽

Search Algorithm ◽

Block Ciphers ◽

Quantum Circuits ◽

Security Level ◽

Symmetric Key ◽

Grover Search ◽

Target Block ◽

Symmetric Key Cryptography ◽

Grover Search Algorithm

Grover search algorithm is the most representative quantum attack method that threatens the security of symmetric key cryptography. If the Grover search algorithm is applied to symmetric key cryptography, the security level of target symmetric key cryptography can be lowered from n-bit to n2-bit. When applying Grover’s search algorithm to the block cipher that is the target of potential quantum attacks, the target block cipher must be implemented as quantum circuits. Starting with the AES block cipher, a number of works have been conducted to optimize and implement target block ciphers into quantum circuits. Recently, many studies have been published to implement lightweight block ciphers as quantum circuits. In this paper, we present optimal quantum circuit designs of symmetric key cryptography, including PRESENT and GIFT block ciphers. The proposed method optimized PRESENT and GIFT block ciphers by minimizing qubits, quantum gates, and circuit depth. We compare proposed PRESENT and GIFT quantum circuits with other results of lightweight block cipher implementations in quantum circuits. Finally, quantum resources of PRESENT and GIFT block ciphers required for the oracle of the Grover search algorithm were estimated.

Download Full-text

A New Block Cipher Based on Finite Automata Systems

International Journal on Perceptive and Cognitive Computing ◽

10.31436/ijpcc.v2i1.31 ◽

2016 ◽

Vol 2 (1) ◽

Author(s):

Gh Khaleel ◽

SHERZOD TURAEV ◽

M.I.M. Tamrin ◽

Imad F. Al-Shaikhli

Keyword(s):

Block Cipher ◽

Finite Automata ◽

Parallel Computations ◽

Block Ciphers ◽

Central Importance ◽

High Security ◽

Encryption And Decryption

The performance and security have central importance of cryptography field. Therefore, theneed to use block ciphers are become very important. This paper presents a new block cipher based on finiteautomata system. The proposed cryptosystem is executed based on parallel computations to reduce thedelay time. Moreover, to achieve high security, we use different machines (variant non-deterministicautomata accepters) as keys for encryption and decryption.

Download Full-text

Crypto-Archaeology: unearthing design methodology of DES s-boxes

10.7287/peerj.preprints.3285v1 ◽

2017 ◽

Author(s):

Sankhanil Dey ◽

Ranjan Ghosh

Keyword(s):

Boolean Function ◽

Boolean Functions ◽

Design Methodology ◽

Block Cipher ◽

Block Ciphers ◽

Public Domain ◽

Differential Cryptanalysis ◽

Linear Cryptanalysis ◽

Strict Avalanche Criterion ◽

Independence Criterion

US defence sponsored the DES program in 1974 and released it in 1977. It remained as a well-known and well accepted block cipher until 1998. Thirty-two 4-bit DES S-Boxes are grouped in eight each with four and are put in public domain without any mention of their design methodology. S-Boxes, 4-bit, 8-bit or 32-bit, find a permanent seat in all future block ciphers. In this paper, while looking into the design methodology of DES S-Boxes, we find that S-Boxes have 128 balanced and non-linear Boolean Functions, of which 102 used once, while 13 used twice and 92 of 102 satisfy the Boolean Function-level Strict Avalanche Criterion. All the S-Boxes satisfy the Bit Independence Criterion. Their Differential Cryptanalysis exhibits better results than the Linear Cryptanalysis. However, no S-Boxes satisfy the S-Box-level SAC analyses. It seems that the designer emphasized satisfaction of Boolean-Function-level SAC and S-Box-level BIC and DC, not the S-Box-level LC and SAC.

Download Full-text

Provably Quantum-Secure Tweakable Block Ciphers

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2021.i1.337-377 ◽

2021 ◽

pp. 337-377

Author(s):

Akinori Hosoyamada ◽

Tetsu Iwata

Keyword(s):

Polynomial Time ◽

Provable Security ◽

Block Cipher ◽

Block Ciphers ◽

Quantum Superposition ◽

Quantum Cryptanalysis ◽

Classical Setting ◽

Time Quantum ◽

Symmetric Key ◽

Arbitrary Quantum

Recent results on quantum cryptanalysis show that some symmetric key schemes can be broken in polynomial time even if they are proven to be secure in the classical setting. Liskov, Rivest, and Wagner showed that secure tweakable block ciphers can be constructed from secure block ciphers in the classical setting. However, Kaplan et al. showed that their scheme can be broken by polynomial time quantum superposition attacks, even if underlying block ciphers are quantum-secure. Since then, it remains open if there exists a mode of block ciphers to build quantum-secure tweakable block ciphers. This paper settles the problem in the reduction-based provable security paradigm. We show the first design of quantum-secure tweakable block ciphers based on quantum-secure block ciphers, and present a provable security bound. Our construction is simple, and when instantiated with a quantum-secure n-bit block cipher, it is secure against attacks that query arbitrary quantum superpositions of plaintexts and tweaks up to O(2n/6) quantum queries. Our security proofs use the compressed oracle technique introduced by Zhandry. More precisely, we use an alternative formalization of the technique introduced by Hosoyamada and Iwata.

Download Full-text

On the semantic security of cellular automata based pseudo-random permutation using results from the Luby-Rackoff construction

Annales Universitatis Mariae Curie-Sklodowska sectio AI – Informatica ◽

10.17951/ai.2015.15.1.21-31 ◽

2015 ◽

Vol 15 (1) ◽

pp. 21

Author(s):

Kamel Mohammed Faraoun

Keyword(s):

Cellular Automata ◽

Block Cipher ◽

Random Permutation ◽

Block Ciphers ◽

Random Permutations ◽

Semantic Security ◽

Transition Rules ◽

Reversible Cellular Automata ◽

Symmetric Block ◽

Number Of Iterations

This paper proposes a semantically secure construction of pseudo-random permutations using second-order reversible cellular automata. We show that the proposed construction is equivalent to the Luby-Rackoff model if it is built using non-uniform transition rules, and we prove that the construction is strongly secure if an adequate number of iterations is performed. Moreover, a corresponding symmetric block cipher is constructed and analysed experimentally in comparison with popular ciphers. Obtained results approve robustness and efficacy of the construction, while achieved performances overcome those of some existing block ciphers.

Download Full-text

The Area-Latency Symbiosis: Towards Improved Serial Encryption Circuits

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2021.i1.239-278 ◽

2020 ◽

pp. 239-278

Author(s):

Fatih Balli ◽

Andrea Caforio ◽

Subhadeep Banik

Keyword(s):

Block Cipher ◽

Block Ciphers ◽

Significant Loss ◽

Authenticated Encryption ◽

End User ◽

Maximum Throughput ◽

Mode Of Operation ◽

Encryption Schemes ◽

Bit Serial

The bit-sliding paper of Jean et al. (CHES 2017) showed that the smallest-size circuit for SPN based block ciphers such as AES, SKINNY and PRESENT can be achieved via bit-serial implementations. Their technique decreases the bit size of the datapath and naturally leads to a significant loss in latency (as well as the maximum throughput). Their designs complete a single round of the encryption in 168 (resp. 68) clock cycles for 128 (resp. 64) bit blocks. A follow-up work by Banik et al. (FSE 2020) introduced the swap-and-rotate technique that both eliminates this loss in latency and achieves even smaller footprints.In this paper, we extend these results on bit-serial implementations all the way to four authenticated encryption schemes from NIST LWC. Our first focus is to decrease latency and improve throughput with the use of the swap-and-rotate technique. Our block cipher implementations have the most efficient round operations in the sense that a round function of an n-bit block cipher is computed in exactly n clock cycles. This leads to implementations that are similar in size to the state of the art, but have much lower latency (savings up to 20 percent). We then extend our technique to 4- and 8-bit implementations. Although these results are promising, block ciphers themselves are not end-user primitives, as they need to be used in conjunction with a mode of operation. Hence, in the second part of the paper, we use our serial block ciphers to bootstrap four active NIST authenticated encryption candidates: SUNDAE-GIFT, Romulus, SAEAES and SKINNY-AEAD. In the wake of this effort, we provide the smallest block-cipher-based authenticated encryption circuits known in the literature so far.

Download Full-text

Correlation Distribution Analysis of a Two-Round Key-Alternating Block Cipher

Tatra Mountains Mathematical Publications ◽

10.2478/tmmp-2019-0009 ◽

2019 ◽

Vol 73 (1) ◽

pp. 109-130

Author(s):

Liliya Kraleva ◽

Vincent Rijmen ◽

Nikolai L. Manev

Keyword(s):

Block Cipher ◽

Block Ciphers ◽

Distribution Analysis ◽

Correlation Distribution ◽

Input And Output ◽

Round Function ◽

Positive Integers

Abstract In this paper we study two-round key-alternating block ciphers with round function f (x)= x(2t+1)2s, where t, s are positive integers. An algorithm to compute the distribution weight in respect to input and output masks is described. Also, in the case t = 1 the correlation distributions depending on input and output masks are completely determined for arbitrary pairs of masks.

Download Full-text

Generalized differential-linear cryptanalysis of block cipher

Radiotekhnika ◽

10.30837/rt.2021.1.204.01 ◽

2021 ◽

pp. 5-15

Author(s):

A.N. Alekseychuk

Keyword(s):

Block Cipher ◽

Block Ciphers ◽

Linear Cryptanalysis ◽

Information Complexity ◽

The Matrix ◽

First Results ◽

Scientific Substantiation ◽

The Subject ◽

Linear Attack ◽

Generalized Differential

Differential-linear cryptanalysis of block ciphers was proposed in 1994. It turns out to be more efficient in comparison with (separately) differential and linear cryptanalytic methods, but its scientific substantiation remains the subject of further research. There are several publications devoted to formalization of differential-linear cryptanalysis and clarification of the conditions under which its complexity can be mathematically accurately assessed. However, the problem of the differential-linear cryptanalytic method substantiation remains completely unresolved. This paper presents first results obtained by the author in the direction of solving this problem. The class of differential-linear attacks on block ciphers is expanded. Namely, both distinguishing attacks and attacks aimed at recovering one bit of information about a key are considered. In this case, no assumptions are made (as in well-known publications) about the possibility of representing the cipher in the form of some two components. Lower bounds of information complexity of these attacks are obtained. The expressions of these bounds depend on the averaged (by keys) values of the elements’ squares of the generalized autocorrelation table of the encryption transformation. In contrast to the known ones, the obtained bounds are not based on any heuristic assumptions about the investigated block ciphers and are valid for a wider class of attacks as compared to the traditional differential-linear attack. Relations between, respectively, differential, linear and differential-linear properties of bijective Boolean mappings are given. In contrast to the well-known works, the matrix form of the relations is used that makes it possible to clarify better their essence and simplify the proofs. A new relation is derived for the elements of the generalized autocorrelation table of the encryption transformation of the product of two block ciphers, which may be useful in further research.

Download Full-text

Efficient Length Doubling From Tweakable Block Ciphers

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2017.i3.253-270 ◽

2017 ◽

pp. 253-270 ◽

Cited By ~ 2

Author(s):

Yu Long Chen ◽

Atul Luykx ◽

Bart Mennink ◽

Bart Preneel

Keyword(s):

Block Cipher ◽

Block Ciphers ◽

Encryption Scheme ◽

Authenticated Encryption ◽

Arbitrary Length ◽

Pseudorandom Permutation ◽

Cryptographic Primitive ◽

Length Data ◽

Tweakable Block Cipher ◽

Integral Data

We present a length doubler, LDT, that turns an n-bit tweakable block cipher into an efficient and secure cipher that can encrypt any bit string of length [n..2n − 1]. The LDT mode is simple, uses only two cryptographic primitive calls (while prior work needs at least four), and is a strong length-preserving pseudorandom permutation if the underlying tweakable block ciphers are strong tweakable pseudorandom permutations. We demonstrate that LDT can be used to neatly turn an authenticated encryption scheme for integral data into a mode for arbitrary-length data.

Download Full-text