×

AKF: a key alternating Feistel scheme for lightweight cipher designs. (English) Zbl 1320.94070

Summary: In the classical Feistel structure the usage of alternating keys makes the cipher insecure against the related key attacks. In this work, we propose a new block cipher scheme, AKF, based on a Feistel structure with alternating keys but resistant against related key attacks. AKF leads constructions of lightweight block ciphers suitable for resource restricted devices such as RFID tags and wireless sensor nodes.
Using AKF we also present a software oriented lightweight block cipher, ITUbee, especially suitable for wireless sensor nodes. We show that ITUbee has a better performance than most of the ciphers which were compared in a recent work.

MSC:

94A60 Cryptography
PDF BibTeX XML Cite
Full Text: DOI

References:

[1] Bogdanov, A.; Knudsen, L. R.; Leander, G.; Paar, C.; Poschmann, A.; Robshaw, M. J.B.; Seurin, Y.; Vikkelsoe, C., PRESENT: an ultra-lightweight block cipher, (Paillier, P.; Verbauwhede, I., CHES, Lect. Notes Comput. Sci., vol. 4727, (2007), Springer), 450-466 · Zbl 1142.94334
[2] Knudsen, L. R.; Leander, G.; Poschmann, A.; Robshaw, M. J.B., Printcipher: a block cipher for IC-printing, (Mangard, S.; Standaert, F.-X., CHES, Lect. Notes Comput. Sci., vol. 6225, (2010), Springer), 16-32 · Zbl 1297.94080
[3] Guo, J.; Peyrin, T.; Poschmann, A.; Robshaw, M. J.B., The LED block cipher, (Preneel, B.; Takagi, T., CHES, Lect. Notes Comput. Sci., vol. 6917, (2011), Springer), 326-341 · Zbl 1291.94092
[4] J. Borghoff, A. Canteaut, T. Güneysu, E.B. Kavun, M. Knezevic, L.R. Knudsen, G. Leander, V. Nikov, C. Paar, C. Rechberger, P. Rombouts, S.S. Thomsen, T. Yalçin, PRINCE - a low-latency block cipher for pervasive computing applications - extended abstract, in: [41], pp. 208-225. · Zbl 1292.94035
[5] Hong, D.; Sung, J.; Hong, S.; Lim, J.; Lee, S.; Koo, B.; Lee, C.; Chang, D.; Lee, J.; Jeong, K.; Kim, H.; Kim, J.; Chee, S., HIGHT: a new block cipher suitable for low-resource device, (Goubin, L.; Matsui, M., CHES, Lect. Notes Comput. Sci., vol. 4249, (2006), Springer), 46-59 · Zbl 1307.94058
[6] Gong, Z.; Nikova, S.; Law, Y. W., KLEIN: a new family of lightweight block ciphers, (Juels, A.; Paar, C., RFIDSec, Lect. Notes Comput. Sci., vol. 7055, (2011), Springer), 1-18
[7] Leander, G.; Paar, C.; Poschmann, A.; Schramm, K., New lightweight DES variants, (Biryukov, A., FSE, Lect. Notes Comput. Sci., vol. 4593, (2007), Springer), 196-210 · Zbl 1184.94241
[8] Cannière, C. D.; Dunkelman, O.; Knezevic, M., KATAN and KTANTAN - a family of small and efficient hardware-oriented block ciphers, (Clavier, C.; Gaj, K., CHES, Lect. Notes Comput. Sci., vol. 5747, (2009), Springer), 272-288 · Zbl 1290.94060
[9] Lim, C. H.; Korkishko, T., Mcrypton - a lightweight block cipher for security of low-cost RFID tags and sensors, (Song, J.; Kwon, T.; Yung, M., WISA, Lect. Notes Comput. Sci., vol. 3786, (2005), Springer), 243-258
[10] Standaert, F.-X.; Piret, G.; Gershenfeld, N.; Quisquater, J.-J., SEA: a scalable encryption algorithm for small embedded applications, (Domingo-Ferrer, J.; Posegga, J.; Schreckling, D., CARDIS, Lect. Notes Comput. Sci., vol. 3928, (2006), Springer), 222-236 · Zbl 1333.94048
[11] Wheeler, D. J.; Needham, R. M., TEA, a tiny encryption algorithm, (Preneel, B., FSE, Lect. Notes Comput. Sci., vol. 1008, (1994), Springer), 363-366 · Zbl 0939.94550
[12] Wu, W.; Zhang, L., Lblock: a lightweight block cipher, (Lopez, J.; Tsudik, G., ACNS, Lect. Notes Comput. Sci., vol. 6715, (2011)), 327-344 · Zbl 1250.94047
[13] Carter, G.; Dawson, E.; Nielsen, L., Key schedules of iterative block ciphers, (Boyd, C.; Dawson, E., ACISP, Lect. Notes Comput. Sci., vol. 1438, (1998), Springer), 80-89 · Zbl 1097.94508
[14] A. Bogdanov, L.R. Knudsen, G. Leander, F.-X. Standaert, J.P. Steinberger, E. Tischhauser, Key-alternating ciphers in a provable setting: encryption using a small number of public permutations - (extended abstract), in: [42], pp. 45-62. · Zbl 1290.94044
[15] Even, S.; Mansour, Y., A construction of a cipher from a single pseudorandom permutation, (Imai, H.; Rivest, R. L.; Matsumoto, T., ASIACRYPT, Lect. Notes Comput. Sci., vol. 739, (1991), Springer), 210-224 · Zbl 0808.94024
[16] O. Dunkelman, N. Keller, A. Shamir, Minimalism in cryptography: the Even-Mansour scheme revisited, in: [42], pp. 336-354. · Zbl 1297.94065
[17] Dinur, I.; Dunkelman, O.; Keller, N.; Shamir, A., Key recovery attacks on 3-round even-mansour, 8-step LED-128, and full AES2, (Sako, K.; Sarkar, P., ASIACRYPT (1), Lect. Notes Comput. Sci., vol. 8269, (2013), Springer), 337-356 · Zbl 1327.94040
[18] R. Lampe, J. Patarin, Y. Seurin, An asymptotically tight security analysis of the iterated Even-Mansour cipher, in: [41], pp. 278-295. · Zbl 1293.94085
[19] Steinberger, J. P., Improved security bounds for key-alternating ciphers via Hellinger distance, IACR Cryptol. ePrint Arch., 2012, 481, (2012)
[20] Lampe, R.; Seurin, Y., Security analysis of key-alternating Feistel ciphers, IACR Cryptol. ePrint Arch., 2014, 151, (2014)
[21] Zabotin, I.; Glazkov, G.; Isaeva, V., Cryptographic protection for information processing systems. cryptographic transformation algorithm, (Government Standard of the USSR, GOST 28147-89, vol. 1989, (1989))
[22] Ko, Y.; Hong, S.; Lee, W.; Lee, S.; Kang, J.-S., Related key differential attacks on 27 rounds of XTEA and full-round GOST, (Roy, B. K.; Meier, W., FSE, Lect. Notes Comput. Sci., vol. 3017, (2004), Springer), 299-316 · Zbl 1079.68548
[23] T. Eisenbarth, Z. Gong, T. Güneysu, S. Heyse, S. Indesteege, S. Kerckhof, F. Koeune, T. Nad, T. Plos, F. Regazzoni, F.-X. Standaert, L. van Oldeneel tot Oldenzeel, Compact implementation and performance evaluation of block ciphers in ATtiny devices, in: [43], pp. 172-187. · Zbl 1304.94052
[24] Knudsen, L. R., The security of Feistel ciphers with six rounds or less, J. Cryptol., 15, 207-222, (2002) · Zbl 1013.94014
[25] Karakoç, F.; Demirci, H.; Harmanci, A. E., Itubee: a software oriented lightweight block cipher, (Avoine, G.; Kara, O., LightSec, Lect. Notes Comput. Sci., vol. 8162, (2013), Springer), 16-27 · Zbl 1356.94065
[26] Daemen, J.; Rijmen, V., The design of rijndael: AES - the advanced encryption standard, (2002), Springer · Zbl 1065.94005
[27] Kara, O., Reflection cryptanalysis of some ciphers, (Chowdhury, D. R.; Rijmen, V.; Das, A., INDOCRYPT, Lect. Notes Comput. Sci., vol. 5365, (2008), Springer), 294-307 · Zbl 1203.94106
[28] Biryukov, A.; Wagner, D., Slide attacks, (Knudsen, L. R., FSE, Lect. Notes Comput. Sci., vol. 1636, (1999), Springer), 245-259 · Zbl 0942.94020
[29] Biham, E.; Shamir, A., Differential cryptanalysis of DES-like cryptosystems, (Menezes, A.; Vanstone, S. A., CRYPTO, Lect. Notes Comput. Sci., vol. 537, (1990), Springer), 2-21 · Zbl 0787.94014
[30] Matsui, M., Linear cryptoanalysis method for DES cipher, (Helleseth, T., EUROCRYPT, Lect. Notes Comput. Sci., vol. 765, (1993), Springer), 386-397
[31] Zhu, B.; Gong, G., Multidimensional meet-in-the-middle attack and its applications to KATAN32/48/64, (2011), Cryptology ePrint Archive, Report 2011/619 · Zbl 1298.94118
[32] Bogdanov, A.; Khovratovich, D.; Rechberger, C., Biclique cryptanalysis of the full AES, (Lee, D. H.; Wang, X., ASIACRYPT, Lect. Notes Comput. Sci., vol. 7073, (2011), Springer), 344-371 · Zbl 1227.94032
[33] Biham, E.; Biryukov, A.; Shamir, A., Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials, (Stern, J., EUROCRYPT, Lect. Notes Comput. Sci., vol. 1592, (1999), Springer), 12-23 · Zbl 0927.94013
[34] J. Chen, M. Wang, B. Preneel, Impossible differential cryptanalysis of the lightweight block ciphers TEA, XTEA and HIGHT, in: [43], pp. 117-137. · Zbl 1304.94039
[35] Karakoç, F.; Demirci, H.; Harmanci, A. E., Impossible differential cryptanalysis of reduced-round lblock, (Askoxylakis, I. G.; Pöhls, H. C.; Posegga, J., WISTP, Lect. Notes Comput. Sci., vol. 7322, (2012), Springer), 179-188 · Zbl 1356.94064
[36] Liu, Y.; Gu, D.; Liu, Z.; Li, W., Impossible differential attacks on reduced-round lblock, (Ryan, M. D.; Smyth, B.; Wang, G., ISPEC, Lect. Notes Comput. Sci., vol. 7232, (2012), Springer), 97-108 · Zbl 1291.94119
[37] Liu, Y.; Gu, D.; Liu, Z.; Li, W., Improved results on impossible differential cryptanalysis of reduced-round camellia-192/256, J. Syst. Softw., 85, 2451-2458, (2012)
[38] Özen, O.; Varici, K.; Tezcan, C.; Kocair, Çelebi, Lightweight block ciphers revisited: cryptanalysis of reduced round PRESENT and HIGHT, (Boyd, C.; Nieto, J. M.G., ACISP, Lect. Notes Comput. Sci., vol. 5594, (2009), Springer), 90-107 · Zbl 1307.94084
[39] Wu, W.; Zhang, L.; Zhang, W., Improved impossible differential cryptanalysis of reduced-round camellia, (Avanzi, R. M.; Keliher, L.; Sica, F., Selected Areas in Cryptography, Lect. Notes Comput. Sci., vol. 5381, (2008), Springer), 442-456 · Zbl 1256.94069
[40] de Meulenaer, G.; Gosset, F.; Standaert, F.-X.; Pereira, O., On the energy cost of communication and cryptography in wireless sensor networks, (WiMob, (2008), IEEE), 580-585
[41] (Wang, X.; Sako, K., Proceedings of the Advances in Cryptology - ASIACRYPT 2012 - 18th International Conference on the Theory and Application of Cryptology and Information Security, Beijing, China, December 2-6, 2012, Lect. Notes Comput. Sci., vol. 7658, (2012), Springer) · Zbl 1258.94006
[42] (Pointcheval, D.; Johansson, T., Proceedings of the Advances in Cryptology - EUROCRYPT 2012 - 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cambridge, UK, April 15-19, 2012, Lect. Notes Comput. Sci., vol. 7237, (2012), Springer) · Zbl 1239.94002
[43] (Mitrokotsa, A.; Vaudenay, S., Proceedings of the Progress in Cryptology - AFRICACRYPT 2012 - 5th International Conference on Cryptology in Africa, Ifrance, Morocco, July 10-12, 2012, Lect. Notes Comput. Sci., vol. 7374, (2012), Springer) · Zbl 1241.94006
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. It attempts to reflect the references listed in the original paper as accurately as possible without claiming the completeness or perfect precision of the matching.