Bagua: a NFSR-based stream cipher constructed following confusion and diffusion principles. (English) Zbl 1479.94259

Wu, Yongdong (ed.) et al., Information security and cryptology. 16th international conference, Inscrypt 2020, Guangzhou, China, December 11–14, 2020. Revised selected papers. Cham: Springer. Lect. Notes Comput. Sci. 12612, 453-465 (2021).
Summary: Confusion and diffusion are important design principles in block ciphers. The famous structures in block ciphers such as SPN, Feistel and Misty are proposed based on them and towards provable security against differential and linear cryptanalyses. There is few structure based on the two principles in stream ciphers except for Trivium. In this paper, we generalize the design ideas of Trivium to propose a new construction of Galois structure nonlinear feedback shift registers based on confusion and diffusion principles. As an application of this construction, a stream cipher named Bagua is proposed, which is a hardware-oriented primitive of 128-bit initialization vector and 128-bit or 256-bit key. It can be implemented in parallel up to 32 iterations at once, and the maximum throughout can be up to 8 Gbps. One can choose the parallel degree in implementation according to the requirement of throughput and hardware overhead in different application environments. Its resistances against differential and linear cryptanalyses are estimated theoretically and experimentally.
For the entire collection see [Zbl 1475.94014].


94A60 Cryptography
Full Text: DOI


[1] Schneier, B., Applied Cryptography: Protocols, Algorithms, and Source Code in C (1996), New York: Wiley, New York · Zbl 0853.94001
[2] Daemen, J.; Rijmen, V., The Design of Rijndael: AES - The Advanced Encryption Standard (2002), Heidelberg: Springer, Heidelberg · Zbl 1065.94005
[3] Lidl, R.; Niederreiter, H., Introduction to Finite Fields and Their Applications (1994), Cambridge: Cambridge University Press, Cambridge · Zbl 0820.11072
[4] Bogdanov, A.; Paillier, P.; Verbauwhede, I., PRESENT: an ultra-lightweight block cipher, Cryptographic Hardware and Embedded Systems - CHES 2007, 450-466 (2007), Heidelberg: Springer, Heidelberg · Zbl 1142.94334
[5] De Cannière, C.; Dunkelman, O.; Knežević, M.; Clavier, C.; Gaj, K., KATAN and KTANTAN—a family of small and efficient hardware-oriented block ciphers, Cryptographic Hardware and Embedded Systems - CHES 2009, 272-288 (2009), Heidelberg: Springer, Heidelberg · Zbl 1290.94060
[6] Nyberg, K.; Knudsen, LR, Provable security against a differential attack, J. Cryptol., 8, 1, 27-37 (1995) · Zbl 0817.94016
[7] Lai, X.; Massey, JL; Murphy, S.; Davies, DW, Markov ciphers and differential cryptanalysis, Advances in Cryptology — EUROCRYPT ’91, 17-38 (1991), Heidelberg: Springer, Heidelberg · Zbl 0777.94013
[8] Nyberg, K.; De Santis, A., Linear approximation of block ciphers, Advances in Cryptology — EUROCRYPT’94, 439-444 (1995), Heidelberg: Springer, Heidelberg · Zbl 0885.94023
[9] Knudsen, LR; Anderson, R., Practically secure Feistel ciphers, Fast Software Encryption, 211-221 (1994), Heidelberg: Springer, Heidelberg · Zbl 0943.94535
[10] Hong, S.; Lee, S.; Lim, J.; Sung, J.; Cheon, D.; Cho, I.; Goos, G.; Hartmanis, J.; van Leeuwen, J.; Schneier, B., Provable security against differential and linear cryptanalysis for the SPN structure, Fast Software Encryption, 273-283 (2001), Heidelberg: Springer, Heidelberg · Zbl 0994.68505
[11] Kang, JS; Hong, S.; Lee, S.; Yi, O.; Park, C.; Lim, J., Practical and provable security against differential and linear cryptanalysis for substitution-permutation networks, ETRI J., 23, 4, 158-167 (2001)
[12] Park, S.; Sung, SH; Lee, S.; Lim, J.; Johansson, T., Improving the upper bound on the maximum differential and the maximum linear hull probability for SPN structures and AES, Fast Software Encryption, 247-260 (2003), Heidelberg: Springer, Heidelberg · Zbl 1254.94040
[13] Matsui, M.; Gollmann, D., New structure of block ciphers with provable security against differential and linear cryptanalysis, Fast Software Encryption, 205-218 (1996), Heidelberg: Springer, Heidelberg · Zbl 1373.94925
[14] De Cannière, C., Preneel, B.: Trivium. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 244-266. Springer, Heidelberg (2008). doi:10.1007/978-3-540-68351-3_18 · Zbl 1285.94054
[15] Hell, M.; Johansson, T.; Maximov, A.; Meier, W.; Robshaw, M.; Billet, O., The grain family of stream ciphers, New Stream Cipher Designs, 179-190 (2008), Heidelberg: Springer, Heidelberg
[16] Babbage, S.; Dodd, M.; Robshaw, M.; Billet, O., The MICKEY stream ciphers, New Stream Cipher Designs, 191-209 (2008), Heidelberg: Springer, Heidelberg
[17] Aerts, W., A practical attack on KeeLoq, J. Cryptol., 25, 1, 136-157 (2010) · Zbl 1279.94049
[18] Aumasson, J-P; Henzen, L.; Meier, W.; Naya-Plasencia, M., Quark: a lightweight hash, J. Cryptol., 26, 2, 313-339 (2012) · Zbl 1279.94053
[19] De Cannière, C.: Trivium: a stream cipher construction inspired by block cipher design principles. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 171-186. Springer, Heidelberg (2006). doi:10.1007/11836810_13 · Zbl 1156.94345
[20] Hong, D.; Goubin, L.; Matsui, M., HIGHT: a new block cipher suitable for low-resource device, Cryptographic Hardware and Embedded Systems - CHES 2006, 46-59 (2006), Heidelberg: Springer, Heidelberg · Zbl 1307.94058
[21] Wu, W.; Zhang, L.; Lopez, J.; Tsudik, G., LBlock: a lightweight block cipher, Applied Cryptography and Network Security, 327-344 (2011), Heidelberg: Springer, Heidelberg · Zbl 1250.94047
[22] Shannon, CE, Communication theory of secrecy systems, Bell Syst. Tech. J., 28, 657-715 (1949) · Zbl 1200.94005
[23] Choy, J.; Chew, G.; Khoo, K.; Yap, H.; Boyd, C.; González Nieto, J., Cryptographic properties and application of a generalized unbalanced Feistel network structure, Information Security and Privacy, 73-89 (2009), Heidelberg: Springer, Heidelberg · Zbl 1307.94048
[24] Zhang, B.: Fountain: a lightweight authenticated cipher. In: The First-Round Candidates of NIST Lightweight Cryptography (2019)
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.