DOCSLIB.ORG

Data Encryption Using DES/Triple-DES Functionality in Spartan-II Fpgas WP115 (V1.0) March 9, 2000 Author: Amit Dhir

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Data Encryption Using DES/Triple-DES Functionality in Spartan-II Fpgas WP115 (V1.0) March 9, 2000 Author: Amit Dhir White Paper: Spartan-II FPGAs R Data Encryption using DES/Triple-DES Functionality in Spartan-II FPGAs WP115 (v1.0) March 9, 2000 Author: Amit Dhir Summary Today’s connected society requires secure data encryption devices to preserve data privacy and authentication in critical applications. Of the several data encryption types, Data Encryption Standard (DES) and its variant Triple-DES (TDES) have emerged to be the most commonly used in varying applications. The Spartan™-II devices with their extensive features and cost effectiveness compete effectively against ASICs and ASSPs. Through the value proposition of the DES/TDES IP in a Spartan-II FPGA, the programmable ASSP message is further confirmed. There is an immense value in integrating critical IP solutions like Discrete Cosine Transform/Inverse DCT (DCT/IDCT) and DES within a Xilinx FPGA to enhance performance and security in communication applications. A FPGA-based DES/TDES solution provides the necessary scalability and flexibility to handle all these applications and allows for tracking of new standards. Introduction Data encryption is used pervasively in today’s connected society. The two most basic facets of modern day data encryption are data privacy and authentication. As modern society becomes more connected, and more information becomes available there is a need for safeguards which bring data integrity and data secrecy. In addition, authenticating the source of information gives the recipient, with complete certainty that the information came from the original source and that it has not been altered from its original state. Both, the needs for information privacy and data authentication has motivated cryptography. • Cryptosystem or cipher system - A method of disguising messages so that only certain people can see through the disguise. • Cryptography - The art of creating and using cryptosystems. • Cryptanalysis - The art of breaking cryptosystems, and seeing through the disguise even when you are not supposed to be able to. • Cryptology - The study of both cryptography and cryptanalysis. • Plaintext - The original message • Ciphertext - The disguised message • Encryption - A fundamental security mechanism in which the ordinary data (plaintext) are transformed by the encryption process into ciphertext. • Decryption - A procedure to convert ciphertext back into plaintext. Encryption techniques are used to safeguard information while it is stored within a network node or while it is in transit across communications media between nodes. A cryptosystem is usually a whole collection of algorithms. The algorithms are labeled; and the labels are called keys. The people who are supposed to be able to see through the disguise are called recipients. Other people are enemies, opponents, interlopers, eavesdroppers, or third parties. As an example, for a plaintext message being sent, if every A is replaced with a D, every B is replaced with an E, and so on through the alphabet, only someone who knows the "shift by 3" rule can decipher the messages. Hence a "shift by n’’ encryption technique can be performed for several different values of n. Therefore, n is the key here. © 2000 Xilinx, Inc. All rights reserved. All Xilinx trademarks, registered trademarks, patents, and disclaimers are as listed at http://www.xilinx.com/legal.htm. All other trademarks and registered trademarks are the property of their respective owners. WP115 (v1.0) March 9, 2000 www.xilinx.com 1 1-800-255-7778 Data Encryption using DES/Triple-DES Functionality in Spartan-II FPGAs R With the expansion of applications requiring data encryption, the number of different encrypting methods have also increased. Each method has its strengths and weaknesses. Some of the encryption methods are RSA (Rivest-Shamir-Adleman), Data Encryption Standard (DES), Diffie-Hellman, Secure Hashing Algorithm (SHA), Blowfish, RC4/RC5, Elliptic Curves, ElGamal, LUC (Lucas Sequence) and so on. This white paper discusses DES and its variant Triple-DES (TDES). The Spartan-II family, combined with a vast soft IP (Intellectual Property) portfolio is the first programmable logic solution to effectively penetrate the ASSP (Application Specific Standard Products) marketplace. The DES and TDES solutions presented from Xentec, when ported on a Spartan-II device are good examples highlighting the concept of a programmable ASSP. Xentec is a member of the Xilinx AllianceCORE™ program and has a wealth of IP cores in other applications. Xentec, Inc., founded in 1995, provides solutions for the design and development of analog/ digital ASICs and FPGAs. The FPGA and ASIC solutions developed by Xentec are being used in multimedia, telecommunications, and cryptoprocessor designs. The company has over 50 analog and digital projects to its credit, ranging from developing test programs to full turnkey IC designs. Xentec provides cores in Xilinx-specific formats as well as in RTL HDL to suit customers' needs. Xentec also offers comprehensive design services and support. For more information regarding Xentec and their IP portfolio for Xilinx products please visit http:// www.xilinx.com/products/logicore/alliance/xentec/xentecinc.htm. The X_DES Cryptoprocessor and X_3DES Triple DES Cryptoprocessor cores are developed, sold, and supported by Xentec. The Spartan-II devices which implement these cores support the X9.52 standard and are NIST (National Institute of Standards and Technology) certified. These cores are available immediately for use in Spartan-II FPGAs and can be purchased directly from Xentec. The X_DES application note can be obtained from http://www.xilinx.com/ products/logicore/alliance/xentec/xdes.pdf. The X_3DES application note can be obtained from http://www.xilinx.com/products/logicore/alliance/xentec/x3des.pdf. Data Encryption The DES is based on the work of IBM Corporation, and was adopted as the American National Standard Standard (ANSI) X3.92-1981/R1987. The DES algorithm was adopted by the U.S. government in 1977, as the federal standard for the encryption of commercial and sensitive-yet-unclassified government computer data and is defined in FIPS 46 (1977). (FIPS are Federal Information Processing Standards published by NIST). A "block cipher" refers to a cipher that encrypts a block of data all at once, and then goes on to the next block. The DES, which is a block cipher, is the most widely known encryption algorithm. In block encryption algorithms, the plaintext is divided into blocks of fixed length which are then enciphered using the secret key. The DES is the algorithm in which a 64-bit block of plaintext is transformed (encrypted/enciphered) into a 64-bit ciphertext under the control of a 56-bit internal key, by means of permutation and substitution. It has been mathematically proven that block ciphers are completely secure. The DES block cipher is highly random, nonlinear, and produces ciphertext which functionally depends on every bit of the plaintext and the key. At least five rounds of DES are required to guarantee such dependence. In this sense, a product cipher should act as a "mixing" function which combines the plaintext, key, and ciphertext in a complex nonlinear fashion. The DES has more than 72 quadrillion (72 x 1015) possible encryption keys that can be used. For each given message, the key is chosen at random, from among this enormous number of keys. Like other private key cryptographic methods, both the sender and the receiver must know and use the same private key. The process can run in several modes and involves 16 rounds or operations. The DES algorithm is widely used and is still considered reasonably dependable but a more secure variant, which applies DES three times with different keys in succession called Triple-DES (TDES). The Xilinx Spartan-II FPGAs and Xentec soft IP present a solution for both DES and TDES. 2 www.xilinx.com WP115 (v1.0) March 9, 2000 1-800-255-7778 Data Encryption using DES/Triple-DES Functionality in Spartan-II FPGAs R The DES cryptographic algorithm converts plaintext to ciphertext using the 56-bit key in the encryption process. The same algorithm is reused with the same key to convert ciphertext back to plaintext, in the decryption process. The key is given in a 64-bit word, of which eight are parity bits, at locations 8, 16, 24,…, 64. The algorithm consists of 16 "rounds" of operations that mix the data and key together in a prescribed manner using the fundamental operations of permutation and substitution. The goal is to completely scramble the data and key so that every bit of the ciphertext depends on every bit of the data plus every bit of the key. Authorized users of encrypted computer data must have the key that was used to encrypt the data in order to decrypt it. The unique key chosen for use in a particular application makes the results of encrypting data using the algorithm unique. Using a different key causes different results. The cryptographic security of the data depends on the security provided for the key used to encrypt and decrypt the data. FIPS 171 (Key Management Using ANSI X9.17) provides approved methods for managing the keys used by the DES. There are four official DES operating modes (provided in FIPS 81) to encrypt or decrypt data: ECB (Electronic Codebook), CBC (Cipher Block Chaining), OFB (Output Feedback) and CFB (Cipher Feedback). The security provided by a cryptographic system depends on the mathematical soundness of the algorithm, length of the keys, key management, mode of operation, and implementation. The DES was originally developed to protect unclassified computer data in federal computer systems against a number of (passive and active) attacks in communications and computer systems. It was assumed that a knowledgeable person might seek to compromise the security system by employing resources commensurate with the value of the protected information. Agencies determining that cryptographic protection is needed based on an analysis of risks and threats can use the DES for applications such as electronic funds transfer, privacy protection of personal information, personal authentication, password protection, and access control.
Load more

Recommended publications
  • A Quantitative Study of Advanced Encryption Standard Performance
    United States Military Academy USMA Digital Commons West Point ETD 12-2018 A Quantitative Study of Advanced Encryption Standard Performance as it Relates to Cryptographic Attack Feasibility Daniel Hawthorne United States Military Academy, [email protected] Follow this and additional works at: https://digitalcommons.usmalibrary.org/faculty_etd Part of the Information Security Commons Recommended Citation Hawthorne, Daniel, "A Quantitative Study of Advanced Encryption Standard Performance as it Relates to Cryptographic Attack Feasibility" (2018). West Point ETD. 9. https://digitalcommons.usmalibrary.org/faculty_etd/9 This Doctoral Dissertation is brought to you for free and open access by USMA Digital Commons. It has been accepted for inclusion in West Point ETD by an authorized administrator of USMA Digital Commons. For more information, please contact [email protected]. A QUANTITATIVE STUDY OF ADVANCED ENCRYPTION STANDARD PERFORMANCE AS IT RELATES TO CRYPTOGRAPHIC ATTACK FEASIBILITY A Dissertation Presented in Partial Fulfillment of the Requirements for the Degree of Doctor of Computer Science By Daniel Stephen Hawthorne Colorado Technical University December, 2018 Committee Dr. Richard Livingood, Ph.D., Chair Dr. Kelly Hughes, DCS, Committee Member Dr. James O. Webb, Ph.D., Committee Member December 17, 2018 © Daniel Stephen Hawthorne, 2018 1 Abstract The advanced encryption standard (AES) is the premier symmetric key cryptosystem in use today. Given its prevalence, the security provided by AES is of utmost importance. Technology is advancing at an incredible rate, in both capability and popularity, much faster than its rate of advancement in the late 1990s when AES was selected as the replacement standard for DES. Although the literature surrounding AES is robust, most studies fall into either theoretical or practical yet infeasible.
    [Show full text]
  • FIPS 140-2 Non-Proprietary Security Policy Oracle Linux 7 NSS
    FIPS 140-2 Non-Proprietary Security Policy Oracle Linux 7 NSS Cryptographic Module FIPS 140-2 Level 1 Validation Software Version: R7-4.0.0 Date: January 22nd, 2020 Document Version 2.3 © Oracle Corporation This document may be reproduced whole and intact including the Copyright notice. Title: Oracle Linux 7 NSS Cryptographic Module Security Policy Date: January 22nd, 2020 Author: Oracle Security Evaluations – Global Product Security Contributing Authors: Oracle Linux Engineering Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Worldwide Inquiries: Phone: +1.650.506.7000 Fax: +1.650.506.7200 oracle.com Copyright © 2020, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. Oracle specifically disclaim any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. This document may reproduced or distributed whole and intact including this copyright notice. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Oracle Linux 7 NSS Cryptographic Module Security Policy i TABLE OF CONTENTS Section Title
    [Show full text]
  • Chapter 2 the Data Encryption Standard (DES)
    Chapter 2 The Data Encryption Standard (DES) As mentioned earlier there are two main types of cryptography in use today - symmet- ric or secret key cryptography and asymmetric or public key cryptography. Symmet- ric key cryptography is the oldest type whereas asymmetric cryptography is only being used publicly since the late 1970’s1. Asymmetric cryptography was a major milestone in the search for a perfect encryption scheme. Secret key cryptography goes back to at least Egyptian times and is of concern here. It involves the use of only one key which is used for both encryption and decryption (hence the use of the term symmetric). Figure 2.1 depicts this idea. It is necessary for security purposes that the secret key never be revealed. Secret Key (K) Secret Key (K) ? ? - - - - Plaintext (P ) E{P,K} Ciphertext (C) D{C,K} Plaintext (P ) Figure 2.1: Secret key encryption. To accomplish encryption, most secret key algorithms use two main techniques known as substitution and permutation. Substitution is simply a mapping of one value to another whereas permutation is a reordering of the bit positions for each of the inputs. These techniques are used a number of times in iterations called rounds. Generally, the more rounds there are, the more secure the algorithm. A non-linearity is also introduced into the encryption so that decryption will be computationally infeasible2 without the secret key. This is achieved with the use of S-boxes which are basically non-linear substitution tables where either the output is smaller than the input or vice versa. 1It is claimed by some that government agencies knew about asymmetric cryptography before this.
    [Show full text]
  • New Comparative Study Between DES, 3DES and AES Within Nine Factors
    JOURNAL OF COMPUTING, VOLUME 2, ISSUE 3, MARCH 2010, ISSN 2151-9617 152 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFCOMPUTING/ New Comparative Study Between DES, 3DES and AES within Nine Factors Hamdan.O.Alanazi, B.B.Zaidan, A.A.Zaidan, Hamid A.Jalab, M.Shabbir and Y. Al-Nabhani ABSTRACT---With the rapid development of various multimedia technologies, more and more multimedia data are generated and transmitted in the medical, also the internet allows for wide distribution of digital media data. It becomes much easier to edit, modify and duplicate digital information .Besides that, digital documents are also easy to copy and distribute, therefore it will be faced by many threats. It is a big security and privacy issue, it become necessary to find appropriate protection because of the significance, accuracy and sensitivity of the information. , which may include some sensitive information which should not be accessed by or can only be partially exposed to the general users. Therefore, security and privacy has become an important. Another problem with digital document and video is that undetectable modifications can be made with very simple and widely available equipment, which put the digital material for evidential purposes under question. Cryptography considers one of the techniques which used to protect the important information. In this paper a three algorithm of multimedia encryption schemes have been proposed in the literature and description. The New Comparative Study between DES, 3DES and AES within Nine Factors achieving an efficiency, flexibility and security, which is a challenge of researchers. Index Terms—Data Encryption Standared, Triple Data Encryption Standared, Advance Encryption Standared.
    [Show full text]
  • Cryptography Overview Cryptography Basic Cryptographic Concepts Five
    CS 155 Spring 2006 Cryptography Is A tremendous tool Cryptography Overview The basis for many security mechanisms Is not John Mitchell The solution to all security problems Reliable unless implemented properly Reliable unless used properly Something you should try to invent yourself unless you spend a lot of time becoming an expert you subject your design to outside review Basic Cryptographic Concepts Five-Minute University Encryption scheme: functions to encrypt, decrypt data key generation algorithm Secret key vs. public key -1 Public key: publishing key does not reveal key -1 Father Guido Sarducci Secret key: more efficient, generally key = key Hash function, MAC Everything you could remember, five Map input to short hash; ideally, no collisions MAC (keyed hash) used for message integrity years after taking CS255 … ? Signature scheme Functions to sign data, verify signature Web Purchase Secure communication 1 Secure Sockets Layer / TLS SSL/TLS Cryptography Standard for Internet security Public-key encryption Key chosen secretly (handshake protocol) Originally designed by Netscape Key material sent encrypted with public key Goal: “... provide privacy and reliability between two communicating applications” Symmetric encryption Two main parts Shared (secret) key encryption of data packets Signature-based authentication Handshake Protocol Client can check signed server certificate Establish shared secret key using public-key cryptography Signed certificates for authentication And vice-versa, in principal Record
    [Show full text]
  • AES and 3-DES Encryption Support for SNMP Version 3
    AES and 3-DES Encryption Support for SNMP Version 3 The AES and 3-DES Encryption Support for SNMP Version 3 feature enhances the encryption capabilities of Simple Network Management Protocol (SNMP) Version 3. The AES and 3-DES Encryption Support for SNMP Version 3 feature adds Advanced Encryption Standard (AES) 128-bit encryption in compliance with RFC 3826. • Finding Feature Information, on page 1 • Prerequisites for AES and 3-DES Encryption Support for SNMP Version 3, on page 1 • Information About AES and 3-DES Encryption Support for SNMP Version 3, on page 2 • How to Configure AES and 3-DES Encryption Support for SNMP Version 3, on page 3 • Additional References , on page 5 • Feature Information for AES and 3-DES Encryption Support for SNMP Version 3, on page 6 Finding Feature Information Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/. An account on Cisco.com is not required. Prerequisites for AES and 3-DES Encryption Support for SNMP Version 3 • The network management station (NMS) must support Simple Network Management Protocol (SNMP) Version 3 to be able to use this feature.
    [Show full text]
  • Camellia: a 128-Bit Block Cipher Suitable for Multiple Platforms – Design Andanalysis
    Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms – Design andAnalysis Kazumaro Aoki1, Tetsuya Ichikawa2, Masayuki Kanda1, Mitsuru Matsui2, Shiho Moriai1, Junko Nakajima2, and Toshio Tokita2 1 Nippon Telegraph and Telephone Corporation, 1-1 Hikarinooka, Yokosuka, Kanagawa, 239-0847Japan {maro,kanda,shiho}@isl.ntt.co.jp 2 Mitsubishi Electric Corporation, 5-1-1 Ofuna, Kamakura, Kanagawa, 247-8501 Japan {ichikawa,matsui,june15,tokita}@iss.isl.melco.co.jp Abstract. We present a new 128-bit block cipher called Camellia. Camellia supports 128-bit block size and 128-, 192-, and 256-bit keys, i.e., the same interface specifications as the Advanced Encryption Stan- dard (AES). Efficiency on both software and hardware platforms is a remarkable characteristic of Camellia in addition to its high level of se- curity. It is confirmed that Camellia provides strong security against differential and linear cryptanalyses. Compared to the AES finalists, i.e., MARS, RC6, Rijndael, Serpent, and Twofish, Camellia offers at least comparable encryption speed in software and hardware. An optimized implementation of Camellia in assembly language can encrypt on a Pen- tium III (800MHz) at the rate of more than 276 Mbits per second, which is much faster than the speed of an optimized DES implementation. In addition, a distinguishing feature is its small hardware design. The hard- ware design, which includes encryption and decryption and key schedule, occupies approximately 11K gates, which is the smallest among all ex- isting 128-bit block ciphers as far as we know. 1 Introduction This paper presents a 128-bit block cipher called Camellia, which was jointly developed by NTT and Mitsubishi Electric Corporation.
    [Show full text]
  • A Comparison of Cryptographic Algorithms: DES, 3DES, AES, RSA
    www.symbiosisonline.org www.symbiosisonlinepublishing.com Symbiosis ISSN Online: 2474-9257 Research Article Journal of Computer Science Applications and Information Technology Open Access A Comparison of Cryptographic Algorithms: DES, 3DES, AES, RSA and Blowfish for Guessing Attacks Prevention Mohammed Nazeh Abdul Wahid*, Abdulrahman Ali, Babak Esparham and Mohamed Marwan Limkokwing University of Creative and Technology, Post Graduate Centre, Cyberjaya, Malaysia Received: June 22, 2018; Accepted: July 12, 2018; Published: August 10, 2018 *Corresponding author: Mohammed Nazeh Abdul Wahid, Senior Lecturer, Limkokwing university of creative technology, Post Graduate Centre, Cyberjaya, Malaysia, Tel: +60104339985; E-mail: [email protected] Abstract Encryption is the process of encoding information or data in key (also called secret-key) and Asymmetric-key (called public- order to prevent unauthorized access. These days we need to secure key) encryption [2]. the information that is stored in our computer or is transmitted via evaluation is a network security system for an application using internet against attacks. There are different types of cryptographic the Aproposed secure Wi-Fi algorithm. system As for for wireless some cryptographicnetworks: experimental system, it methods that can be used. Basically, the selecting cryptographic is commonly used to secure communication channels by using method depends on the application demands such as the response public key exchanges based on algorithms such as RSA, DES, AES, cryptographic algorithms has its own weak and strong points. In this paper,time, bandwidth,we will present confidentiality the result of and the implementationintegrity. However, and analysiseach of the key used to encrypt data sent over an unsecured Internet that applied on several cryptographic algorithms such as DES, 3DES, channel.Triple DES In andaddition, Blowfish.
    [Show full text]
  • TS 135 202 V7.0.0 (2007-06) Technical Specification
    ETSI TS 135 202 V7.0.0 (2007-06) Technical Specification Universal Mobile Telecommunications System (UMTS); Specification of the 3GPP confidentiality and integrity algorithms; Document 2: Kasumi specification (3GPP TS 35.202 version 7.0.0 Release 7) 3GPP TS 35.202 version 7.0.0 Release 7 1 ETSI TS 135 202 V7.0.0 (2007-06) Reference RTS/TSGS-0335202v700 Keywords SECURITY, UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice Individual copies of the present document can be downloaded from: http://www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http://portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http://portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission.
    [Show full text]
  • Miss in the Middle Attacks on IDEA and Khufu
    Miss in the Middle Attacks on IDEA and Khufu Eli Biham? Alex Biryukov?? Adi Shamir??? Abstract. In a recent paper we developed a new cryptanalytic techni- que based on impossible differentials, and used it to attack the Skipjack encryption algorithm reduced from 32 to 31 rounds. In this paper we describe the application of this technique to the block ciphers IDEA and Khufu. In both cases the new attacks cover more rounds than the best currently known attacks. This demonstrates the power of the new cryptanalytic technique, shows that it is applicable to a larger class of cryptosystems, and develops new technical tools for applying it in new situations. 1 Introduction In [5,17] a new cryptanalytic technique based on impossible differentials was proposed, and its application to Skipjack [28] and DEAL [17] was described. In this paper we apply this technique to the IDEA and Khufu cryptosystems. Our new attacks are much more efficient and cover more rounds than the best previously known attacks on these ciphers. The main idea behind these new attacks is a bit counter-intuitive. Unlike tra- ditional differential and linear cryptanalysis which predict and detect statistical events of highest possible probability, our new approach is to search for events that never happen. Such impossible events are then used to distinguish the ci- pher from a random permutation, or to perform key elimination (a candidate key is obviously wrong if it leads to an impossible event). The fact that impossible events can be useful in cryptanalysis is an old idea (for example, some of the attacks on Enigma were based on the observation that letters can not be encrypted to themselves).
    [Show full text]
  • Meet-In-The-Middle Attacks on Reduced-Round XTEA*
    Meet-in-the-Middle Attacks on Reduced-Round XTEA⋆ Gautham Sekar⋆⋆, Nicky Mouha⋆ ⋆ ⋆, Vesselin Velichkov†, and Bart Preneel 1 Department of Electrical Engineering ESAT/SCD-COSIC, Katholieke Universiteit Leuven, Kasteelpark Arenberg 10, B-3001 Heverlee, Belgium. 2 Interdisciplinary Institute for BroadBand Technology (IBBT), Belgium. {Gautham.Sekar,Nicky.Mouha,Vesselin.Velichkov, Bart.Preneel}@esat.kuleuven.be Abstract. The block cipher XTEA, designed by Needham and Wheeler, was published as a technical report in 1997. The cipher was a result of fixing some weaknesses in the cipher TEA (also designed by Wheeler and Needham), which was used in Microsoft’s Xbox gaming console. XTEA is a 64-round Feistel cipher with a block size of 64 bits and a key size of 128 bits. In this paper, we present meet-in-the-middle attacks on twelve vari- ants of the XTEA block cipher, where each variant consists of 23 rounds. Two of these require only 18 known plaintexts and a computational ef- fort equivalent to testing about 2117 keys, with a success probability of 1−2 −1025. Under the standard (single-key) setting, there is no attack re- ported on 23 or more rounds of XTEA, that requires less time and fewer data than the above. This paper also discusses a variant of the classical meet-in-the-middle approach. All attacks in this paper are applicable to XETA as well, a block cipher that has not undergone public analysis yet. TEA, XTEA and XETA are implemented in the Linux kernel. Keywords: Cryptanalysis, block cipher, meet-in-the-middle attack, Feis- tel network, XTEA, XETA.
    [Show full text]
  • Designing Encryption Algorithms for Optimal Software Speed on the Intel Pentium Processor
    Fast Software Encryption: Designing Encryption Algorithms for Optimal Software Speed on the Intel Pentium Processor Bruce Schneier Doug Whiting Counterpane Systems Stac Electronics 101 E Minnehaha Parkway 12636 High Bluff Drive Minneapolis, MN 55419 San Diego, CA 92130 [email protected] [email protected] Abstract. Most encryption algorithms are designed without regard to their performance on top-of-the-line microprocessors. This paper dis- cusses general optimization principles algorithms designers should keep in mind when designing algorithms, and analyzes the performance of RC4, SEAL, RC5, Blowfish, and Khufu/Khafre on the Intel Pentium with respect to those principles. Finally, we suggest directions for algo- rithm design, and give example algorithms, that take performance into account. 1 Overview The principal goal guiding the design of any encryption algorithm must be se- curity. In the real world, however, performance and implementation cost are always of concern. The increasing need for secure digital communication and the incredible processing power of desktop computers make performing software bulk encryption both more desirable and more feasible than ever. The purpose of this paper is to discuss low-level software optimization tech- niques and how they should be applied in the design of encryption algorithms. General design principles are presented that apply to almost all modern CPUs, but specific attention is also given to relevant characteristics of the ubiquitous Intel X86 CPU family (e.g., 486, Pentium, Pentium Pro). Several well-known algorithms are examined to show where these principles are violated, leading to sub-optimal performance. This paper concerns itself with number of clock cy- cles per byte encrypted|given a basic encryption algorithm \style." Factors of two, three, four, or more in speed can be easily obtained by careful design and implementation, and such speedups are very significant in the real world.
    [Show full text]