LEA: Link Encryption Algorithm Proposed Stream Cipher Algorithm

Ain Shams Engineering Journal (2014) xxx, xxx–xxx

Ain Shams University Ain Shams Engineering Journal

www.elsevier.com/locate/asej www.sciencedirect.com

ELECTRICAL ENGINEERING LEA: Link Encryption Algorithm Proposed Stream Cipher Algorithm

Hadia M.S. El Hennawy a, Alaa E.A. Omar b, Salah M.A. Kholaif c,* a Electronics and Communications Department, Faculty of Engineering, Ain Shams University, Cairo, Egypt b Head of Research Development Division, Research Development Center, Cairo, Egypt c Research Development Center, Cairo, Egypt

Received 20 June 2013; revised 19 December 2013; accepted 9 August 2014

KEYWORDS Abstract Cryptographic algorithms for conﬁdentiality and authentication play a major important Link Encryption Algorithm; role in nowadays information security Sen (2012) [1]. Encryption algorithms are becoming more Stream cipher; necessary to ensure the securely transmitted data over insecure communication channels. A new Linear Feedback Shift stream cipher is proposed. The design is very simple and based on 16 shift registers, nonlinear Register; and an output function. The proposed algorithm is characterized by a high performance in software Bit organization; with measured encryption/decryption on Pentium IV processor. We have performed detailed secu- Non Linear Function rity analysis, in particular, and standard statistical randomness test of the produced ciphertext. Experimental results in terms of performance and resources are presented. 2014 Production and hosting by Elsevier B.V. on behalf of Ain Shams University.

1. Introduction ciphers have been becoming the best choice for several communication protocols especially that used in wireless field [2]. Nowadays there are many stream cipher algorithms proposed Block ciphers are memory less algorithms that permute N-bit in both academic and industrial research. Stream cipher is an blocks of plain text data under the influence of the secret key important category of symmetric encryption algorithms [1]; and generate N-bit blocks of encrypted data, whereas stream what’s more, synchronous stream ciphers do not suffer from ciphers contain internal states and typically operate serially error propagation, because each bit is independently by generating a stream of pseudo random key bits, namely encrypted/decrypted from any other. Compared with block the keystream (stream ciphers are also called keystream gener- ciphers, most stream ciphers are generally much faster and ators). The keystream is then bitwise XORed with the data to have greater software efficiency. Due to these features, stream encrypt/decrypt. LEA is a word-oriented stream cipher; it takes a 128-bit initial key and a 128-bit initial vector as input, and outputs a key- * Corresponding author. Tel.: +20 1227337460. stream of 32-bit words (where each 32-bit word is henceforth E-mail address: [email protected] (S.M.A. Kholaif). called a key word). This keystream is used to encrypt the plain Peer review under responsibility of Ain Shams University. text. To ensure the security of LEA, it is evaluated through a software implementation. Since the Linear Feedback Shift Registers (LFSRs) are pretty efficient in hardware and are Production and hosting by Elsevier http://dx.doi.org/10.1016/j.asej.2014.08.001 2090-4479 2014 Production and hosting by Elsevier B.V. on behalf of Ain Shams University.

Please cite this article in press as: El Hennawy HMS et al., LEA: Link Encryption Algorithm Proposed Stream Cipher Algorithm, Ain Shams Eng J (2014), http:// dx.doi.org/10.1016/j.asej.2014.08.001 2 H.M.S. El Hennawy et al. the main building blocks of this cipher, it is possible to imple- where (&&) is bitwise AND, || is concatenation operator, and ment LEA in hardware and achieve higher throughput. LRot8 (x, y) = cyclic rotation of 8 bits sequence x by y posi- This paper is structured as follows. In Section 2 the LEA tion left. stream cipher algorithm specifications are briefly described. The Key Loading part use four keys groups SK (SK0 || SK1 In Section 3, we explain the security analysis of the LEA algo- ||...|| SK15), MK (MK0 || MK1 ||...|| MK15), IV (IV0 || IV1 rithm. In Section 4, we discuss the algorithm performance ||...|| IV15), and BK (BK0 || BK1 ||...|| BK15), respectively, results. Finally, Section 5 concludes the paper. to produce sixteen substrings of 32-bit according to the follow- ing rule Ri =Ski || MKi || IVi || BKi, where (0 6 i 6 15). The 2. Proposed Stream Cipher Algorithm generated value Ri is used as the initial state of the LFSR layer, and the BKi will be the rightmost bit with value equal to 1 for each register for register balancing requirement. The Proposed Link Encryption Algorithm, LEA, is a stream cipher algorithm. It is cryptological concept which was devel- oped for encipher/decipher 8-bit ASCII character. For each 2.3. The Linear Feedback Shift Register (LFSR), layer step, cipher or decipher, the algorithm is performed once deliv- ering an 8-bit key character. This character is combined with The Linear Feedback Shift Register (LFSR), illustrated in the plain (or cipher) character by bitwise addition to give the Fig. 2, has sixteen Registers of 32-bit (R0 to R15), each register 32 cipher (or plain) character. Thus there is no difference between is restricted to take values from the (1 to 2 – 1). The LFSR encipher/decipher and this meaningful to explain only the pro- layer has two stages of operations: the initialization stage of cess of encipherment. The algorithm is offering highest security sixteen register and the working stage. level achieved through the high nonlinear complexity and the In the initialization mode, each register LFSR receives a 32- complete re-initialization before every encryption process. bit input, which is obtained from key loading process. In the The idea of this algorithm is building up the key character working mode, the LFSR receives two 32-bit word inputs, sequence of combination of two different sequences, where the one word N, which is obtained from the 32-bit output M of first one has probable long period and the second one is high the nonlinear function F, and the other word R, from output complexity by using nonlinear functions. Moreover, both of feedback operation of LFSR. The output of the LFSR layer these sequences are statistically flat. The good statistical prop- stage supplies four 32-bit (128-bit) as input to the bit compres- erties of the first sequence are in principle that of Liner Feed- sion layer, and the last register R15 are used in producing key back Shift Registers (LFSRs) with primitive characteristic stream. polynomials to achieve maximal-length period. Also, those of Informative note: Since the multiplication of a 32-bit string i 32 the second part are achieved by using well distributed gener- R by 2 over GF (2 – 1) can be implemented by a cyclic shift 32 ated substitution boxes, confusion, and diffusion. The LEA of R to the left by i bits, only addition modulo 2 –1is encryption algorithm can be divided into a driving part and needed. a combining part. The driving part consists of a set of maximum length Linear Feedback Shift Registers. It mainly gov- 2.4. The bit-compression layer erns the state sequence of the generator and is responsible for providing sequences of large periods and good statistics. The middle layer of the LEA algorithm is the bit-compression The combining part is essentially nonlinear. It has the task (BC). It receives four 32 bits (128-bit) from the four distinct to make the cipher stream generation to be mathematically registers of the LFSR layer and combine them using addition complex [3]. modulo 232, and bitwise XOR operations, as shown in Fig. 3. Finally it produces 32-bit word, which will be used as the input 2.1. General structure of algorithm of the nonlinear function F in the bottom layer.

LEA is a word-oriented stream cipher that takes a 128-bit Key 2.5. The Nonlinear Function F layer and a 128-bit Initial Vector (IV) as input, and outputs a key stream of 32-bit words, see Fig. 1. LEA has three logical layers. The Non Linear Function or Finite state machine (FSM) func- The top layer is a Linear Feedback Shift Register (LFSR) of tion, as shown in Fig. 4, used as a non linear core, needs to sat- sixteen Registers, each cell of 32-bit, the middle layer is for isfy various cryptographic criteria. They must be balanced [4], bit compression (BC), and the bottom layer is a nonlinear possess high nonlinearity to resist fast correlation attacks [5], function (F). and must possess high algebraic degree:

2.2. Key loading To resist the Ronjom–Helleseth attack [6]. To resist the Berlekamp–Massey attack [5]. The Initialization key procedure has four main parts, a 128-bit As a necessary but not sufﬁcient condition to resist fast secret key (SK), 128-bit initialization value (IV), 240-bit Mas- algebraic attacks [7]. ter Key (MK), and 16-bit balance Key (BK). MK is combination of SK and IV. In the case of FSM functions, a high order of correlation immunity is also necessary [8]. The nonlinear function F has 32-bit input comes from bit-compression stage. The construc- MK ¼ðLRot ðSK;2Þ&&ð0xFFFFFFFÞÞk 8 tion of nonlinear function sequences was designed for crypto- ðLRot8ðIV;5Þ&&ð0xFFFFFFFÞÞ: graphic robustness, efﬁciency when implemented in software.

Figure 1 General structure of Link Encryption Algorithm (LEA). Fig. 1, describes the general structure of LEA encryption algorithm, which is a word-oriented stream cipher that takes a 128-bit Key and a 128-bit Initial Vector (IV) as input, and outputs a key stream of 32- bit words. LEA has three logical layers. The top layer is a Linear Feedback Shift Register (LFSR) of 16 registers, each cell of 32-bit, the middle layer is for bit compression (BC), and the bottom layer is a nonlinear function F.

Figure 2 Linear Feedback Shift Register (LFSR) Layer of LEA Algorithm. The LFSR layer has sixteen Registers of 32-bit (R0 to R15), operating over Galois Field GF (232). The LFSR layer has two stages of operations: the initialization stage of sixteen register and the working stage. LFSR layer gives four of 32-bit (128-bit) as input to the bit compression layer, and the last register are used in producing key stream.

Two substitution boxes are used in the non-linear function F, of the substitution boxes. The implementations require the named S and Q respectively. Because the LFSR is shown to so-called secret constant, the values of both substitution box have good resistance against algebraic attacks over GF (2), (S-box and Q-box), which are kept secret and might be con- algebraic immunity was not the highest priority in the design sider as part of the secret key, also gives higher resistance

LRot32 (x, y) ! cyclic rotation of 32 bits sequence x by y position left.

3. Security analysis of the LEA algorithm

This section contains two main parts, security attacks, and Figure 3 Bit compression (BC) Layer of LEA Algorithm. The measuring the statistical randomness properties of LEA algo- bit-compression layer extracts 128-bit from four different registers rithm output. of the LFSR Layer and forms a new 32-bit word, which will be used as the input for the nonlinear function F in the next stage. 3.1. Security attacks

We present in this sub-section three different attacks with LEA algorithm.

3.1.1. Guess and determine attack The general idea of guess-and-determine attacks [9,10] is to guess part of the internal state of the target algorithm, and then, by combining with some known mathematical relations for the algorithm, to deduce the remaining unknown internal state. The LEA Algorithm appears to have strong resistance against guess-and-determine attacks. It is seen that the LEA Algorithm has 16 · 32+2· 32 = 576 bits of internal states. Assume that an attacker tries to ﬁnd these internal states at some time instant, and he tries to guess r bits of these states to determine the remaining 576 - r states. Assume that the 528 bits of internal states have uniform probability distribution. Then the attacker needs at least d(576 - r)/32e key-words (the 32-bit words from the keystream) to establish algebraic equations, so as to possibly determine all the remaining unknown bits. For a successful guess-and-determine attack, it must be true that r < 128. In this case the attacker needs at least 14 words of keystream. In this sense the LEA Algo- rithm has good resistance against the guess-and-determine attack. Figure 4 Non Linear Function (F) of LEA Algorithm. The nonlinear function (NLF) F has 32-bit input, and 32-bit output. 3.1.2. BDD attack The F Function can be considered as nonlinear transformations In 2002, Krause proposed a Binary Decision Diagram (BDD) from 32-bit words to 32-bit words using two secret S-box, and Q- attack [11], which is the best short key stream attack known so box of with 8-bit, and some mathematical notations like bitwise far, and it has a very low data complexity. In view of the large XOR and cyclic rotations. Its output is split into two directions, state size (576 bits), a straightforward application of this attack one as a feedback to the LFSR stage, while the other is used in has no chance to succeed. We have not been able to identify a producing output key stream. way that would optimize the attack so that it would approach the 2128 limit. We think that a BDD attack is no better than exhaustive search. against possible future advances in algebraic cryptanalysis. 3.1.3. Timing attack The Nonlinear function can be described as: It is well known that many cryptographic algorithms may Z X LRot Q X ; Z ; Z 0!7 ¼ 0!7 8ð ð 8!15Þ 0Þ 8!15 be subject to side channel attacks [12]. One class of side channel attack is the timing attack, in which the attacker ¼ QðX8!15ÞLRot8ðX0!7Þ; Z0Þ attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms. Informa- Z16!23 ¼ X24!31 LRot8ðSðX16!23Þ; Z2Þ; Z24!31 tion can leak from a system through measurement of the ¼ SðX ÞLRot ðX Þ; Z Þ 16!23 8 24!31 3 time it takes to respond to certain input. How much such information can help an attacker depends on cryptosystem M ¼ Z LRot ðZ ; 9ÞLRot ðZ ; 22Þ i i 32 i 32 i design details, the CPU running the system, and the accu- where racy of the timing measurements. The software implemen- =! The assignment operator. tation in C code can be designed to protect against ¯! The bitwise exclusive-OR operator. timing attacks.

3.2. Statistical random tests were compared with the stream cipher output of LEA algorithm, using the same input plaintext and key files. Key streams generated by LEA-128 have been analyzed using We apply a different stream cipher samples of string length, the CRYPTX’98 statistical analysis program [13]. This pro- N, 400,000 bits generated by software implementation of LEA gram is used to examine whether the binary stream cipher and other four stream cipher algorithms, using C++ pro- sequence possesses those unique features of randomness to gramming language, to a CRYPTX’98 tool which includes prevent deception from unauthorized receivers. Seven tests seven randomness statistical tests and it produces a Signifi- are conducted; frequency test, binary derivative test, change cance probability p-value for each input type. point test, subblock test, sequence complexity test. Test results The p-values obtained from a CRYPTX’98 test represents are shown in Tables 1–7 and briefly described. CRYPTX’98 the probability of obtaining a result further than the test statis- reported that the LEA-128 key streams tested have the proper- tic lies from the expected, if the algorithm produces a random ties of random bit streams. Other CRYPTX’98 tests look for a stream. Very small p-values would support non-randomness class of statistical properties than can be exploited by various for the given measure. classes of attacks. The analysis reported that LEA-128 key streams had none of these properties. This encourages us to 3.2.1. Frequency test believe that LEA-128 has no glaring weaknesses. Test for an equal number of ones and zeros in the bit stream. The popular symmetric stream cipher algorithms including The number of ones in a large random sequence is approxi- A5 (Actual Encryption Algorithm) [14], RC4 (Rivest Cipher mately normally distributed. The frequency test determines number four) [15], Rabbit [16], and Sober [17], were adapted the tail end probability for the number of ones in the sample for testing with the same CRYPTX’98 tool and their results stream. The result is displayed in Table 1.

Table 1 Combined table comparing the results of frequency test. Algorithm Test parameters Number of ones (X) Expected ones (mean) Proportion of ones Significance probability (p) Satisfy LEA 199,845 20,000 0.4996 0.6240 Yes A5 199,754 20,000 0.4994 0.4366 Yes RC4 200,067 20,000 0.5002 0.8322 Yes Rabbit 200,393 20,000 0.5010 0.2140 Yes Sober 200,438 20,000 0.5011 0.1660 Yes Frequency test comparison applied to LEA stream cipher output and other known algorithms are shown in Table 1. It can be derived from the results given in Table 1, none of the sequences fail the frequency test because all of the significance probabilities are all greater than 0.001. It signifies that there are an equal proportion of ones and zeros in each stream. Therefore, the sequences are considered balance and randomness. The steam cipher RC4 algorithm and then LEA, and A5, algorithms results seems to have better distributions, for their larger significant, than the others. Binary derivative tests should be further conducted to assess whether are patterns existing in these streams.

Table 2 Results of Binary Derivative test. Algorithm type Number of ones (X) Expected ones (mean) Proportion of ones Significance probability (p) Satisfy First binary derivative (D1) test (N = 399,999) LEA 200,189 199999.5 0.5005 0.5490 Yes A5 200,301 199999.5 0.5008 0.3404 Yes RC4 200,099 199999.5 0.5002 0.7530 Yes Rabbit 200,744 199999.5 0.4995 0.5158 Yes Sober 199,794 199999.5 0.5002 0.8409 Yes Second binary derivative (D2) test (N = 399,998) LEA 200,188 199,999 0.5005 0.5501 Yes A5 200,155 199,999 0.5004 0.6218 Yes RC4 199,851 199,999 0.4996 0.6398 Yes Rabbit 199,717 199,999 0.4993 0.3725 Yes Sober 199,705 199,999 0.4993 0.3525 Yes Binary Derivative test comparison applied to LEA stream cipher output and other known algorithms are shown in Table 2. It can be derived from the results given in Table 2, none of the sequences fail the first and second binary derivative test because all of the significance probabilities are all greater than 0.001. The equal number of ones and zeros in the first binary derivative stream indicates that the original stream contains an equal proportion of overlapping four 2-tuples, (00), (01), (10), (11). It can be observed from Table xx, the stream ciphers RC4 and Sober then LEA and Rabbit results seems to be less patterned than the others. The equal number of ones and zeros in the second binary derivative stream indicates that the original stream contains an equal proportion of overlapping eight 3-tuples, (000), (001), (100), (110), (011), (010), (101), (111). Also, it can be observed from Table xx, the stream ciphers RC4 and then LEA results seems to be less patterned than the others.

Table 3 Results of change point test. Algorithm Test parameters Change point Number of Proportion of Proportion of Signiﬁcance Satisfy ones before ones before ones after probability (p) LEA 222,886 111,150 0.4987 0.5008 0.4257 Yes A5 265,864 132,539 0.4985 0.5011 0.3488 Yes RC4 129,267 64,849 0.5017 0.4995 0.4716 Yes Rabbit 215,662 107,625 0.4990 0.5032 0.0304 Yes Sober 229,480 115,303 0.5025 0.4993 0.1432 Yes Change point test comparison applied to LEA stream cipher output and other known algorithms are shown in Table 3. It can be derived from the results given in Table 3, all of the sequences satisfy the change point test. The proportion of ones and zeros are almost equal before and after the maximum change point. There is no change in the proportion of ones throughout the whole stream. These sequences give satisfactory results to the frequency test, First Binary derivative test, second Binary derivative test, and also the change point test. They are considered to generate equal number of the overlapping 3-tuples.

Table 4 Results of sub-block test. Algorithm Test parameters Sub-block size Chi-square value Degree of freedom Signiﬁcance probability (p) Satisfy LEA 2 0.5600 3 0.9055 Yes A5 2 2.1209 3 0.5477 Yes RC4 2 1.4407 3 0.6960 Yes Rabbit 2 9.1120 3 0.0278 Yes Sober 2 3.1295 3 0.3721 Yes Sub-block test comparison applied to LEA stream cipher output and other known algorithms are shown in Table 4. It can be observed from the results given in Table 4, all of the sequences satisfy the sub-block test. For the sub-block size 2, a test of uniformity is applied. The proportion of non-overlapping 01, 11, 10, 00 are equal. It indicates that there is no uniformity or such patterns in these streams.

Table 5 Results of Runs test. Algorithm Test parameters Number of Number of Number of Chi-square Degree of Signiﬁcance Satisfy runs blocks gaps value Freedom probability (p) LEA 200,190 100,095 100,095 21.0619 30 0.8859 Yes A5 200,302 100,151 100,151 24.0537 30 0.7696 Yes RC4 200,100 100,050 100,050 23.8395 30 0.7792 Yes Rabbit 200,745 100,373 100,372 33.3319 30 0.3083 Yes Sober 199,795 99,898 99,897 21.2072 30 0.8813 Yes Runs test comparison applied to LEA stream cipher output and other known algorithms are shown in Table 5. It can be observed from the results given in Table 5, all of the sequences satisfy the Runs test. The number of blocks, consecutive ones, and the number of gaps consecutive zeros, is almost equal. It indicates that there is no uniformity or such patterns in these streams.

3.2.2. Binary derivative test number of the eight overlapping three-tuples in the original The binary derivative is a new stream formed by the stream. exclusive-or operation on successive bits in the stream. The result is displayed in Table 2. Successive binary derivative streams may be obtained from each new binary derivative, each one being of length one less 3.2.3. Change point test than its predecessor. Test for a significant change in the proportion of ones The frequency test applied to the original stream and its throughout the stream. At each bit position in the stream the first binary derivative is equivalent to testing for an equal proportion of ones to that point is compared to the proportion number of the four overlapping two-tuples in the original of ones in the remaining stream. stream. The frequency test applied to the original stream, The bit where the maximum change occurs is called the its first and second binary derivatives, along with the ‘change point’. This test determines whether this ‘change’ is change point test is equivalent to testing for an equal significant. This checks that there is an equal number of

Table 6 Results of sequence complexity test. Algorithm Test parameters Sequence complexity Threshold Value Mean value Satisfy LEA 1440 1400 1415 Yes A5 1438 1400 1415 Yes RC4 1437 1400 1415 Yes Rabbit 1438 1400 1415 Yes Sober 1440 1400 1415 Yes Sequence complexity test comparison applied to LEA stream cipher output and other known algorithms are shown in Table 6. It can be observed from the results given in Table 6, all of the sequences satisfy the sequence complexity test. The numbers of sequence complexity are considered as the number needed to recover the original sequence. It should be greater than threshold value and close to the mean value.

Table 7 Results of linear complexity test (N = 20,000). Algorithm LEA A5 RC4 Rabbit Sober Test parameters Linear complexity LC 10,002 10,001 10,000 10,001 10,000 Expected LC 10,000 10,000 10,000 10,000 10,000 Significant Probability P 0.9739 0.8341 0.5000 0.8341 0.5000 Linear complexity number of jumps Number of Jumps 5030 4988 5047 5029 4931 Expected Number of Jumps 5000 5000 5000 5000 5000 Significant Probability P 0.7257 0.4052 0.8264 0.7190 0.0838 Linear complexity jump size Chi-square value 9.1323 9.6196 8.1244 14.5572 6.2324 Degree of freedom 8 8 8 8 8 Significant Probability P 0.3313 0.2927 0.4214 0.0683 0.6212 Satisfy Yes Yes Yes Yes Yes Linear complexity test comparison applied to LEA stream cipher output and other known algorithms are shown in Table 7. It can be observed from the results given in Table 7, all of the sequences satisfy the linear complexity test, all of the sequences satisfy the linear complexity-number of jumps test, and all of the sequences satisfy the linear complexity-jump size test. The expected numbers of linear complexity are considered as the half numbers of the sequence. The observed numbers of linear complexity should be as large as possible. It is derived from Table 7, that, the stream cipher LEA is more complex and difficult to be detected.

Table 8 Link Encryption Algorithm (LEA), performance comparison results. Input size (bytes) DES 3DES AES BF LEA 20,527 2 7 4 2 2 36,002 4 13 6 3 4 45,911 5 17 8 4 5 51.200 6 20 10 5 6 59,852 7 23 11 6 7 69,545 9 26 13 7 8 79,776 10 31 15 7 8 87,968 11 34 17 8 8 96,160 12 37 18 8 8 103.056 13 40 19 10 12 Average time/samples 8 26 12 6 7 Figure 5 Design Implementation performance, Comparative Bytes/s 7988 2663 5320 10,167 9.285 execution times of LEA encryption algorithm and popular secret Table 8 proves the superiority of Blowfish algorithm over other key algorithms. It displays the performance comparison results of algorithms in terms of processing time, and secondly LEA con- LEA algorithm and four other well-known public algorithms. It sumes less time just after Blowfish algorithm. Another point can be proves that the LEA encryption algorithm achieves competitive noticed here that 3DES requires always more time than other performance compared with the others in terms of throughput algorithms because of its triple phase encryption characteristic. The ðBytes n SÞ. performance results of Table 8 prove that the implementation of LEA encryption algorithm in software achieves competitive performance and some times better performance compared with the overlapping three-tuples for streams which have passed the fre- others in terms of throughput. quency test on the original stream and also on the first two binary derivatives. Change point test result is displayed in Table 3.

3.2.4. Sub-block test time for each algorithm in seconds. As the throughput value Test for the uniformity of non-overlapping sub-blocks of a is increased, the power consumption of this encryption tech- chosen length. For sub-block sizes up to 16 the ‘uniformity nique is decreased. All the implementations were exact to make test’ requires a sample of at least 5 * b * 2^ (b) bits, where b sure that the results will be relatively fair and accurate. is the sub-block size. For sub-block sizes bigger than 16 the The Simulation program accepts three inputs: Algorithm, ‘repetition test’ is applied. This test requires a sample of Encryption keys, and Plaintext. After a successful execution, b * 2^ (b/2 + 3) bits. Consult the manual for recommended the performance results of data generated, encrypted and upper limits on the sub-block size. Sub-block test result is dis- decrypted are shown in Table 8. Table 8 proves the superiority played in Table 4. of Blowfish algorithm over other algorithms in terms of processing time, and secondly LEA consumes less time just after 3.2.5. Runs test Blowfish algorithm. The performance results of Table 8 are displayed in Fig. 5 Test the distribution of run lengths, assuming the data satisfies proves that the implementation of LEA encryption algorithm the frequency test. A ‘block’ is a run of ones and a ‘gap’ is a in software achieves competitive performance and some times run of zeros. The runs test compares the distribution of block better performance compared with the others in terms of and gap lengths with that expected for a binomial population throughput ðbytes n sÞ. in which the probability of a one is a half. This supports Golomb’s postulates for which half the runs have length 1, a quarter has length 2, and an eighth has length 3, and so on. 5. Conclusions Runs test result is displayed in Table 5. In this paper, we proposed a new software-efficient stream 3.2.6. Sequence complexity test cipher with 128-bit key length. As illustrates, the proposed Test that there is a sufficient number of new patterns encoun- cipher implementation achieves competitive performance and tered throughout the stream. A stream with a sequence com- some times better performance compared with the others. plexity measure below a given ‘threshold’ value is considered The complete diffusion requirement is satisfied after a single non-random. An average value of sequence complexity for a round. The influence of individual plaintext or key bits stream of this length is also calculated. should spread over all the ciphertext bits, so that the change Sequence complexity test result is displayed in Table 6. in one plaintext or key bit causes the change of about 50% of the ciphertext bits, uniformly distributed all along the 3.2.7. Linear complexity test ciphertext. The similarity of encryption and decryption means that in Every finite stream can be produced by a Linear Feedback Shift order to decrypt LEA cipher it is enough to repeat the same Register (LFSR). The linear complexity test checks for the min- transformations performed throughout the encryption process. imum amount of knowledge (bits) needed to reconstruct the As we are dealing with an involution, its repeated application whole stream. Tests are applied to the linear complexity of with suitable keys, leads to the original data. the stream, and on the ‘‘’linear complexity profile’’ which fol- A complete description of the algorithm structure, an eval- lows the change in linear complexity as each new bit is added. uation of its security properties and software performance Linear complexity test result is displayed in Table 7. comparison were given. From security analysis, we are sure that proposed cipher has enough security. Further, algorithm 4. Design implementation performance provides a good combination of security features. However, the extensive security analysis of any new cipher requires a Nowadays, the computational approach is widely recognized lot of efforts from many researchers. We thus invite and as the complement to the scientific analysis [2]. The LEA encourage the readers to analyze the security of our algorithm. stream cipher has been designed with dedicated software Intriguingly present has implementation requirements sim- implementation. The popular secret key algorithms including ilar to many compact stream ciphers. As such, we believe it to DES (Data Encryption Standard), 3DES (Triple Data Encryp- be of both theoretical and practical interest. Like all new pro- tion Standard), AES (Advanced Encryption Standard), BF posals, we discourage the immediate deployment of present (Blowfish), were implemented, and their performance was but strongly encourage its analysis. Finally we explicitly state compared with our LEA algorithm by encrypting input files that LEA algorithm is available and not covered by any patent with varying contents and sizes. in the world. Algorithms were implemented in a uniform language (C), C++ programming language, where they have conducted it References on a 2.4 GHz Pentium 4 PC processor using 512 Mbyte RAM, using their standard specifications, to compare LEA [1] Sen Jaydip. Applied cryptography and network security, by algorithm with other algorithms performance. InTech; 2012. Here, our goal is to measure the Encryption and Decryp- [2] Zoran Constantinescu. Advances in grid computing, by NC-SA 3.0; 2011. tion speed of LEA algorithm and compare it with most popu- [3] Hu Qi. Stream ciphers and linear complexity. Master thesis, lar symmetric key algorithm with different packet sizes. University of Singapore; April 2007. Encryption time is used to calculate the throughput of an [4] Crama Y, Hammer P, editors. Boolean models and methods in encryption scheme, it indicates the speed of encryption. The mathematics, computer science, and engineering. Cambridge throughput of the encryption scheme is calculated by dividing University Press; 2010. .

[5] Pieprzyk J, editor. Advances in cryptology – Asiacrypt 2008, vol. Hadia Mohamed Said Hamed El Hennawy 5350 of lecture notes in computer science. IACR, Springer; completed his bachelor’s degree in June 1972, December 2008. master’s in September 1976 and doctoral in [6] Helleseth T, Ronjom S. A new attack on the ﬁlter generator. IEEE April 1982. He was working as Dean from Trans Inform Theory 2007;53(5):1752–8, May. August 2005 to July 2008. [7] Courtois NT. Fast algebraic attacks on stream ciphers with linear feedback. In: Boneh D, editor. Advances in cryptology – Crypto 2003, vol. 2729 of lecture notes in computer science. IACR, Springer; August 2003. [8] Siegenthaler T. Decrypting a class of stream ciphers using ciphertext only. IEEE Trans Comput 1985;C-34(1):81–5. [9] Hawkes P, Rose G. Guess and determine attacks on SNOW. In: Selected area of cryptography. SAC2002, LNCS 2595; 2002. [10] Ahmadi H, Eghlidos T, Khazaei S. Improved guess and determine Attack on SOSEMANUK, Tehran, Iran; 2006. . master’s degree in April 1990, M.Phil. in April [11] Krause M. BDD-based cryptanalysis of Keystream generators. In: 1993 and doctoral in January 1994. Knudsen L, editor, Advances in cryptology – EUROCRYPT 2002, vol. 2332 of lecture notes in computer science. Springer- Verlag; 2002. [12] Cao Yuchen, Zhou Yongbin, Yu Zhenmei. On the negative effects of trend noise and its applications in side-channel cryptanalysis. Cryptology ePrint Archive, Report 2013/102; 2013. . [13] Dawson E, Clark A, Gustafson H, May L. CRYPT-X’98, User Manual. Queensland University of Technology; 1999. [14] Hawkes P, Rose G. The T-class of SOBER stream ciphers. Technical report, QUALCOMM Australia, Suite 410 Birkenhead Salah Mohamed Kholaif completed his mas- Point, Drummoyne, NSW 2047 Australia; 1999. . [15] Boesgaard Martin, Pedersen Thomas, Vesterager Mette, Zenner Erik. The Rabbit stream cipher, design and security analysis. Cryptology ePrint Archive, Report 2004/291; 2004. . [16] Basu Riddhipratim, Ganguly Shirshendu, Maitra Subhamoy, Paul Goutam. A complete characterization of the evolution of RC4 pseudo random generation algorithm. J Math Cryptol 2008:257–89. [17] Amiri M, Mahdavi M, Mirzakuchaki MS. QCA implementation of A5/1 stream cipher. In: Proceedings of the second international conference on advances in circuits. Electronics and micro- electronics; 2009. p. 48–51.

Please cite this article in press as: El Hennawy HMS et al., LEA: Link Encryption Algorithm Proposed Stream Cipher Algorithm, Ain Shams Eng J (2014), http:// dx.doi.org/10.1016/j.asej.2014.08.001