DOCSLIB.ORG

A New Stream Cipher Inspired by Trivium

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

1278 JOURNAL OF COMPUTERS, VOL. 7, NO. 5, MAY 2012 Quavium - A New Stream Cipher Inspired by Trivium Yun Tian* Shanghai Jiaotong University/ School of Information Security Engineering, Shanghai, China Email: [email protected] Gongliang Chen and Jianhua Li Shanghai Jiaotong University/ School of Information Security Engineering, Shanghai, China Email: {chengl, lijh888}@sjtu.edu.cn Abstract—This paper is concerned with an extensive form of design secure stream ciphers. stream cipher Trivium. Trivium is extended to a scalable The original Trivium is a stream cipher with three form by the coupling connection of Trivium-like shift Trivium-like shift registers in series connection. We registers. The characteristic polynomial of k Trivium-like extend it to a scalable form and propose a new stream shift registers in coupling connection is proved to have a factor of (1+x)k. So k-order primitive polynomials are cipher - Quavium. Quavium is a stream cipher with four defined in this paper. As the main contribution, a new Trivium-like shift registers in coupling connection. But it stream cipher Quavium is proposed based on 4-round can also be used with three or even two Trivium-like shift Trivium-like shift registers and k-order primitive registers because the coupling connection keeps the polynomials. Quavium can also be used with 3 rounds. primitiveness of characteristic polynomials. The Experimental results show that Quavium is nearly as fast as experimental results on software using C++ code show Trivium and 3-round Quavium has a better performance. that the speed of keystream generation of Quavium is nearly the same as that of Trivium and 3-round Quavium Index Terms—stream cipher, Trivium, k-order primitive has a better performance. polynomials, Quavium, Trivium-like shift registers The rest of this paper is organized as follows: in Section II, we briefly review Trivium. Then, Trivium-like shift registers and k-order primitive polynomials are I. INTRODUCTION proposed in Section III. In Section IV, the specification of A stream cipher is a symmetric encryption algorithm Quavium is presented. The implementation performance which takes a stream of plaintext, a secret key and an IV and security analysis of Quavium and 3-round Quavium as input and then operates the plaintext with key stream are shown in Section V. Finally, some conclusions are generated by the key and IV, typically bit by bit. drawn in Section VI. Although block ciphers seem to be perfectly adequate for use in nearly all areas, stream ciphers are still desirable in II. TRIVIUM a few niche areas, which is pointed out by Adi Shamir at Trivium is a lightweight stream cipher designed to the first ECRYPT State of the Art of Stream Ciphers 64 workshop in October 2004[1]. These niche areas were generate up to 2 bits of key stream from an 80-bit secret identified as: key and an 80-bit initial value (IV). The process consists 1) Exceptional encryption performance in software, of two phases: first the internal state of the cipher is where the luxury of additional hardware is not available initialized using the key and the IV, then the state is to speed up encryption; repeatedly updated and used to generate key stream bits. 2) Any reasonable kind of encryption performance in There are 288 bits in the internal state. hardware environments where the available resources A. Brief Description of Trivium[2] such as gate count or power might be heavily restricted. Let s1, …, s288 be the 288 internal bits. zi is the Trivium[2] is one of the promising new stream ciphers keystream generated at time i (i = 0, 1, …). A complete proposed in the ECRYPT Stream Cipher description of the generation keystream phase is given by Project(eSTREAM). It has got high scores in evaluation the following simple pseudo-code: due to its good performance and high security. Its for i = 1 to N do simplicity and clarity perfectly demonstrate a new way to ←+ tss16693 ←+ tss2 162 177 * Corresponding author. ←+ tss3 243 288 © 2012 ACADEMY PUBLISHER doi:10.4304/jcp.7.5.1278-1283 JOURNAL OF COMPUTERS, VOL. 7, NO. 5, MAY 2012 1279 ←++ These attacks are state recovering and statistical tests. zttti 123 ←+ ⋅ + Although the analysis is applied to Bivium (a reduced ttsss1 1 91 92 171 version of Trivium from 3 to 2 rounds) is quite successful, ttsss←+ ⋅ + the results on Trivium are not good since the attacks are 2 2 175 176 264 no faster than exhaustive search. Raddum[6] presents a ←+ ⋅ + ttsss3 3 286 287 69 new technique to solve systems of equations associated ss"" s← ts s with Trivium and successfully breaks a reduced version (,1 2 , , 93 ) (,, 3 1 , 92 ) of Trivium, named Bivium-A in a day. But his attack is ← very complex when applied to the full cipher and is no (,,,ss94 95"" s 177 ) (,,, ts 1 94 s 176 ) ← faster than exhaustive search. Borghoff et al.[7] presents (,,,)(,,,)ss178 179"" s 288 ts 2 178 s 287 a numerical attack on Biviums. The estimated time 63.7 The initialization phase operates exactly the same as complexity of this attack on Bivium-B is about 2 the keystream generation phase except that it doesn't seconds. But the paper doesn’t show the application of generate keystream. The state is rotated over 4 full cycles the attack on the full version of Trivium. after the loading of key and IV. 4 full cycles means 4× 288 = 1152 clock cycles. III. TRIVIUM-LIKE SHIFT REGISTERS AND K-ORDER The design of Trivium is inspired by the block cipher PRIMITIVE POLYNOMIALS design principles[3]. S-box in a block cipher is Trivium has three rounds with similar structure. This substituted by a non-linear one-bit-output function. The inspires us to extend the structure to a scalable form. We diffusion matrix is changed to linear feedforward taps. In decompose the structure of Trivium and introduce order to generate keystream, output feedback (OFB) Trivium-like shift registers. After observing the mode of block ciphers is used and constructs the feedback characteristic polynomials of Trivium-like shift registers, taps in Trivium. we define k-order primitive polynomials. Unlike the B. Research on Trivium series connection of LFSRs, the series connection of Trivium-like shift registers will ensure the characteristic Trivium is designed to be both efficient and secure. polynomial to be a k-order primitive polynomial. During 3 phases of eSTREAM evaluation on the stream Quavium is an instantiated stream cipher based on cipher proposals, the performance of Trivium is Trivium-like shift registers and k-order primitive outstanding compared with other stream ciphers such as polynomials. A5/1 (e.g. [4]). Ref.[4] points out that Trivium Fig. 1 (a), (b), (c) illustrates the processes of 1, 2, 3- outperforms other eSTREAM candidates considered in round Trivium-like shift registers respectively. the paper in terms of the two most important optimization A 3-round Trivium-like shift register updates as criteria, minimum area and maximum throughput to area follows: ratio, by a factor of at least two. Until now, no attack has been successfully applied to Trivium. Maximov[5] studies two attacks on Trivium. Figure 1. 1, 2, 3-round Trivium-like shift registers. © 2012 ACADEMY PUBLISHER 1280 JOURNAL OF COMPUTERS, VOL. 7, NO. 5, MAY 2012 ssss+ ←++ char() y mmmm31351 A =++++++++96 73 70 67 47 44 41 29 ssss+ ←++ yyyyyyyy mmmm64681 ←++ 24+ 20 + 18 + 15 + 14 +++ 9 5 ssss yyyyyyy1 1 mmm279 We can get a 2-round Trivium-like shift register by =+(1)(1y 3 +++++yy 6 y 9 y 8 y 25 + y 17 + y 19 reducing one round in 3-round Trivium-like shift register. ++++++++44 35 41 38 34 31 67 77 It updates as follows: y yyyyyyy ssss+ ←++ ++++++++70 88 43 39 93 84 81 80 mmmm31351 y yyyyyyy ssss←++ +++++72 27 20 14 4 1 mmm246 yyyyy) Similarly, a 1-round Trivium-like shift register = (y +1)3 gy ( ) , updates as follows: ←++ (2) ssss1 mm m 123 where g(y) is a primitive polynomials in F2[y]. The Trivium-like shift registers can be extended to k- Theorem 3.1 The characteristic polynomial of a k- round. A k-round Trivium-like shift register updates as round Trivium-like shift register chark(x) ∈F2[x] has a k follows: factor (x+1) , i.e. chark(x) can be written as: sss←+ + s =+k 1 mm23(1)13kk−+ m chark () x ( x 1)() g x , ←++ where g(x) ∈F2[x]. ssssmmmm+1 3135 Proof. We just prove the condition in which k = 3 and " proofs of other conditions are similar. ←++ The transformation matrix of a 3-round Trivium-like ssssmmmm+ 3(kkkk−−−−−+ 1)1 3( 1) 2 3( 1) 3( 1) 2 = shift register Aa()ij m× m satisfies that In Trivium, the 3-round Trivium-like shift register 99 =− ≤≤ updates as follows: ⎧1, ji1, 1 im9 , ←++ ⎪ ssss94 66 93 171 ijmmm==1, , , , ⎪ 279 ssss←++ = =+ = 178 162 177 264 aij ⎨ im3151, jmm, , . ←++ ⎪ ss1 243 s 288 s 69 im=+1, jmm =, ⎪ 648 Denote the internal state bits at time t (t = 0, 1, …) as ⎩⎪0, otherwise (s1(t), s2(t), … , s288(t)). Thus, the internal bits from time t to time t+1 is a linear transformation as (1). The characteristic polynomial chark(x) is T =−== ++ + charkij() x | xI A || B || b |, where (st12 ( 1), st ( 1)," , s 288 ( t 1)) (1) T −=−≤≤ji im =⋅Astst( ( ), ( )," , s ( t )) , ⎧ 1, 1, 19 , 1 2 288 ⎪ T ijmmm== where means transposition of the vector. ⎪ 1, 279, , , =+ = Aa= × is the transformation matrix of this ⎪ im1, jmm, , ()ij 288 288 = 315 bij ⎨ .
Recommended publications
  • High Performance Architecture for LILI-II Stream Cipher

    High Performance Architecture for LILI-II Stream Cipher

    International Journal of Computer Applications (0975 – 8887) Volume 107 – No 13, December 2014 High Performance Architecture for LILI-II Stream Cipher N. B. Hulle R. D. Kharadkar, Ph.D. S. S. Dorle, Ph.D. GHRIEET, Pune GHRIEET, Pune GHRCE, Nagpur Domkhel Road Domkhel Road Hingana Road Wagholi, Pune Wagholi, Pune Nagpur ABSTRACT cipher. This architecture uses same clock for both LFSRs. It is Proposed work presents high performance architecture for capable of shifting LFSRD content by one to four stages, LILI-II stream cipher. This cipher uses 128 bit key and 128 bit depending on value of function FC in single clock cycle IV for initialization of two LFSR. Proposed architecture uses without losing any data from function FC. single clock for both LFSRs, so this architecture will be useful in high speed communication applications. Presented 2. LILI-II STREAM CIPHER architecture uses four bit shifting of LFSR in single clock LILI-II is synchronous stream cipher developed by A. Clark et D al. in 2002 by removing existing weaknesses of LILI-128 cycle without losing any data items from function FC. Proposed architecture is coded by using VHDL language with stream cipher. It consists of two subsystems, clock controlled CAD tool Xilinx ISE Design Suite 13.2 and targeted hardware subsystem and data generation subsystem as shown in Fig. 1. is Xilinx Virtex5 FPGA having device xc4vlx60, with KEY IV package ff1148. Proposed architecture achieved throughput of 127 128 128 224.7 Mbps at 224.7 MHz frequency. 127 General Terms Hardware implementation of stream ciphers LFSRc LFSRd ... Keywords X0 X126 X0 X1 X96 X122 LILI, Stream cipher, clock controlled, FPGA, LFSR.
  • Breaking Crypto Without Keys: Analyzing Data in Web Applications Chris Eng

    Breaking Crypto Without Keys: Analyzing Data in Web Applications Chris Eng

    Breaking Crypto Without Keys: Analyzing Data in Web Applications Chris Eng 1 Introduction – Chris Eng _ Director of Security Services, Veracode _ Former occupations . 2000-2006: Senior Consulting Services Technical Lead with Symantec Professional Services (@stake up until October 2004) . 1998-2000: US Department of Defense _ Primary areas of expertise . Web Application Penetration Testing . Network Penetration Testing . Product (COTS) Penetration Testing . Exploit Development (well, a long time ago...) _ Lead developer for @stake’s now-extinct WebProxy tool 2 Assumptions _ This talk is aimed primarily at penetration testers but should also be useful for developers to understand how your application might be vulnerable _ Assumes basic understanding of cryptographic terms but requires no understanding of the underlying math, etc. 3 Agenda 1 Problem Statement 2 Crypto Refresher 3 Analysis Techniques 4 Case Studies 5 Q & A 4 Problem Statement 5 Problem Statement _ What do you do when you encounter unknown data in web applications? . Cookies . Hidden fields . GET/POST parameters _ How can you tell if something is encrypted or trivially encoded? _ How much do I really have to know about cryptography in order to exploit implementation weaknesses? 6 Goals _ Understand some basic techniques for analyzing and breaking down unknown data _ Understand and recognize characteristics of bad crypto implementations _ Apply techniques to real-world penetration tests 7 Crypto Refresher 8 Types of Ciphers _ Block Cipher . Operates on fixed-length groups of bits, called blocks . Block sizes vary depending on the algorithm (most algorithms support several different block sizes) . Several different modes of operation for encrypting messages longer than the basic block size .
  • Key Differentiation Attacks on Stream Ciphers

    Key Differentiation Attacks on Stream Ciphers

    Key differentiation attacks on stream ciphers Abstract In this paper the applicability of differential cryptanalytic tool to stream ciphers is elaborated using the algebraic representation similar to early Shannon’s postulates regarding the concept of confusion. In 2007, Biham and Dunkelman [3] have formally introduced the concept of differential cryptanalysis in stream ciphers by addressing the three different scenarios of interest. Here we mainly consider the first scenario where the key difference and/or IV difference influence the internal state of the cipher (∆key, ∆IV ) → ∆S. We then show that under certain circumstances a chosen IV attack may be transformed in the key chosen attack. That is, whenever at some stage of the key/IV setup algorithm (KSA) we may identify linear relations between some subset of key and IV bits, and these key variables only appear through these linear relations, then using the differentiation of internal state variables (through chosen IV scenario of attack) we are able to eliminate the presence of corresponding key variables. The method leads to an attack whose complexity is beyond the exhaustive search, whenever the cipher admits exact algebraic description of internal state variables and the keystream computation is not complex. A successful application is especially noted in the context of stream ciphers whose keystream bits evolve relatively slow as a function of secret state bits. A modification of the attack can be applied to the TRIVIUM stream cipher [8], in this case 12 linear relations could be identified but at the same time the same 12 key variables appear in another part of state register.
  • Optimizing the Placement of Tap Positions and Guess and Determine

    Optimizing the Placement of Tap Positions and Guess and Determine

    Optimizing the placement of tap positions and guess and determine cryptanalysis with variable sampling S. Hodˇzi´c, E. Pasalic, and Y. Wei∗† Abstract 1 In this article an optimal selection of tap positions for certain LFSR-based encryption schemes is investigated from both design and cryptanalytic perspective. Two novel algo- rithms towards an optimal selection of tap positions are given which can be satisfactorily used to provide (sub)optimal resistance to some generic cryptanalytic techniques applicable to these schemes. It is demonstrated that certain real-life ciphers (e.g. SOBER-t32, SFINKS and Grain-128), employing some standard criteria for tap selection such as the concept of full difference set, are not fully optimized with respect to these attacks. These standard design criteria are quite insufficient and the proposed algorithms appear to be the only generic method for the purpose of (sub)optimal selection of tap positions. We also extend the framework of a generic cryptanalytic method called Generalized Filter State Guessing Attacks (GFSGA), introduced in [26] as a generalization of the FSGA method, by applying a variable sampling of the keystream bits in order to retrieve as much information about the secret state bits as possible. Two different modes that use a variable sampling of keystream blocks are presented and it is shown that in many cases these modes may outperform the standard GFSGA mode. We also demonstrate the possibility of employing GFSGA-like at- tacks to other design strategies such as NFSR-based ciphers (Grain family for instance) and filter generators outputting a single bit each time the cipher is clocked.
  • MTH6115 Cryptography 4.1 Fish

    MTH6115 Cryptography 4.1 Fish

    MTH6115 Cryptography Notes 4: Stream ciphers, continued Recall from the last part the definition of a stream cipher: Definition: A stream cipher over an alphabet of q symbols a1;:::;aq requires a key, a random or pseudo-random string of symbols from the alphabet with the same length as the plaintext, and a substitution table, a Latin square of order q (whose entries are symbols from the alphabet, and whose rows and columns are indexed by these symbols). If the plaintext is p = p1 p2 ::: pn and the key is k = k1k2 :::kn, then the ciphertext is z = z1z2 :::zn, where zt = pt ⊕ kt for t = 1;:::;n; the operation ⊕ is defined as follows: ai ⊕a j = ak if and only if the symbol in the row labelled ai and the column labelled a j of the substitution table is ak. We extend the definition of ⊕ to denote this coordinate-wise operation on strings: thus, we write z = p ⊕ k, where p;k;z are the plaintext, key, and ciphertext strings. We also define the operation by the rule that p = z k if z = p ⊕ k; thus, describes the operation of decryption. 4.1 Fish (largely not examinable) A simple improvement of the Vigenere` cipher is to encipher twice using two differ- ent keys k1 and k2. Because of the additive nature of the cipher, this is the same as enciphering with k1 + k2. The advantage is that the length of the new key is the least common multiple of the lengths of k1 and k2. For example, if we encrypt a message once with the key FOXES and again with the key WOLVES, the new key is obtained by encrypting a six-fold repeat of FOXES with a five-fold repeat of WOLVES, namely BCIZWXKLPNJGTSDASPAGQJBWOTZSIK 1 The new key has period 30.
  • State Convergence and Keyspace Reduction of the Mixer Stream Cipher

    State Convergence and Keyspace Reduction of the Mixer Stream Cipher

    State convergence and keyspace reduction of the Mixer stream cipher Sui-Guan Teo1, Kenneth Koon-Ho Wong1, Leonie Simpson1;2, and Ed Dawson1 1 Information Security Institute, Queensland University of Technology fsg.teo,kkwong,[email protected] 2 Faculty of Science and Technology, Queensland University of Technology GPO Box 2434, Brisbane Qld 4001, Australia [email protected] Keywords: Stream cipher, initialisation, state convergence, Mixer, LILI, Grain Abstract. This paper presents an analysis of the stream cipher Mixer, a bit-based cipher with structural components similar to the well-known Grain cipher and the LILI family of keystream generators. Mixer uses a 128-bit key and 64-bit IV to initialise a 217-bit internal state. The analysis is focused on the initialisation function of Mixer and shows that there exist multiple key-IV pairs which, after initialisation, produce the same initial state, and consequently will generate the same keystream. Furthermore, if the number of iterations of the state update function performed during initialisation is increased, then the number of distinct initial states that can be obtained decreases. It is also shown that there exist some distinct initial states which produce the same keystream, re- sulting in a further reduction of the effective key space. 1 Introduction Many keystream generators for stream ciphers are based on shift registers, partic- ularly Linear Feedback Shift Registers (LFSRs). Using the output of a regularly- clocked LFSR directly as keystream is cryptographically weak due to the linear properties of LFSR sequences. To mask this linearity, stream cipher designers use LFSRs and introduce non-linearity either explicitly through the use of nonlinear Boolean functions or implicitly through through the use of irregular clocking.
  • Stream Ciphers (Contd.)

    Stream Ciphers (Contd.)

    Stream Ciphers (contd.) Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives • Non-linear feedback shift registers • Stream ciphers using LFSRs: – Non-linear combination generators – Non-linear filter generators – Clock controlled generators – Other Stream Ciphers Low Power Ajit Pal IIT Kharagpur 1 Non-linear feedback shift registers • A Feedback Shift Register (FSR) is non-singular iff for all possible initial states every output sequence of the FSR is periodic. de Bruijn Sequence An FSR with feedback function fs(jj−−12 , s ,..., s jL − ) is non-singular iff f is of the form: fs=⊕jL−−−−+ gss( j12 , j ,..., s jL 1 ) for some Boolean function g. The period of a non-singular FSR with length L is at most 2L . If the period of the output sequence for any initial state of a non-singular FSR of length L is 2L , then the FSR is called a de Bruijn FSR, and the output sequence is called a de Bruijn sequence. Low Power Ajit Pal IIT Kharagpur 2 Example f (,xxx123 , )1= ⊕⊕⊕ x 2 x 3 xx 12 t x1 x2 x3 t x1 x2 x3 0 0 0 0 4 0 1 1 1 1 0 0 5 1 0 1 2 1 1 0 6 0 1 0 3 1 1 1 3 0 0 1 Converting a maximal length LFSR to a de-Bruijn FSR Let R1 be a maximum length LFSR of length L with linear feedback function: fs(jj−−12 , s ,..., s jL − ). Then the FSR R2 with feedback function: gs(jj−−12 , s ,..., s jL − )=⊕ f sjj−−12 , s ,..., s j −L+1 is a de Bruijn FSR.
  • An Analysis of the Hermes8 Stream Ciphers

    An Analysis of the Hermes8 Stream Ciphers

    An Analysis of the Hermes8 Stream Ciphers Steve Babbage1, Carlos Cid2, Norbert Pramstaller3,andH˚avard Raddum4 1 Vodafone Group R&D, Newbury, United Kingdom [email protected] 2 Information Security Group, Royal Holloway, University of London Egham, United Kingdom [email protected] 3 IAIK, Graz University of Technology Graz, Austria [email protected] 4 Dept. of Informatics, The University of Bergen, Bergen, Norway [email protected] Abstract. Hermes8 [6,7] is one of the stream ciphers submitted to the ECRYPT Stream Cipher Project (eSTREAM [3]). In this paper we present an analysis of the Hermes8 stream ciphers. In particular, we show an attack on the latest version of the cipher (Hermes8F), which requires very few known keystream bytes and recovers the cipher secret key in less than a second on a normal PC. Furthermore, we make some remarks on the cipher’s key schedule and discuss some properties of ci- phers with similar algebraic structure to Hermes8. Keywords: Hermes8, Stream Cipher, Cryptanalysis. 1 Introduction Hermes8 is one of the 34 stream ciphers submitted to eSTREAM, the ECRYPT Stream Cipher Project [3]. The cipher has a simple byte-oriented design, con- sisting of substitutions and shifts of the state register bytes. Two versions of the cipher have been proposed. Originally, the cipher Hermes8 [6] was submitted as candidate to eSTREAM. Although no weaknesses of Hermes8 were found dur- ing the first phase of evaluation, the cipher did not seem to present satisfactory performance in either software or hardware [4]. As a result, a slightly modified version of the cipher, named Hermes8F [7], was submitted for consideration dur- ing the second phase of eSTREAM.
  • A 1 Gbps Chaos-Based Stream Cipher Implemented in 0.18 Μm CMOS Technology

    A 1 Gbps Chaos-Based Stream Cipher Implemented in 0.18 Μm CMOS Technology

    electronics Article A 1 Gbps Chaos-Based Stream Cipher Implemented in 0.18 µm CMOS Technology Miguel Garcia-Bosque * , Guillermo Díez-Señorans, Adrián Pérez-Resa, Carlos Sánchez-Azqueta, Concepción Aldea and Santiago Celma Group of Electronic Design, University of Zaragoza, 50009 Zaragoza, Spain; [email protected] (G.D.-S.); [email protected] (A.P.-R.); [email protected] (C.S.-A.); [email protected] (C.A.); [email protected] (S.C.) * Correspondence: [email protected]; Tel.: +34-876-55-3539 Received: 15 May 2019; Accepted: 29 May 2019; Published: 1 June 2019 Abstract: In this work, a novel chaos-based stream cipher based on a skew tent map is proposed and implemented in a 0.18 µm CMOS (Complementary Metal-Oxide-Semiconductor) technology. The proposed ciphering algorithm uses a linear feedback shift register that perturbs the orbits generated by the skew tent map after each iteration. This way, the randomness of the generated sequences is considerably improved. The implemented stream cipher was capable of achieving encryption speeds of 1 Gbps by using an approximate area of 20, 000 2-NAND equivalent gates, with a power ∼ consumption of 24.1 mW. To test the security of the proposed cipher, the generated keystreams were subjected to National Institute of Standards and Technology (NIST) randomness tests, proving that they were undistinguishable from truly random sequences. Finally, other security aspects such as the key sensitivity, key space size, and security against reconstruction attacks were studied, proving that the stream cipher is secure. Keywords: stream cipher; PRNG; cryptography; chaotic map; skew tent map 1. Introduction Despite the large number of encryption algorithms proposed in previous decades, there is still a great interest in the field of cryptography [1,2].
  • Stream Ciphers

    Stream Ciphers

    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by HAL-CEA Stream ciphers: A Practical Solution for Efficient Homomorphic-Ciphertext Compression Anne Canteaut, Sergiu Carpov, Caroline Fontaine, Tancr`edeLepoint, Mar´ıa Naya-Plasencia, Pascal Paillier, Renaud Sirdey To cite this version: Anne Canteaut, Sergiu Carpov, Caroline Fontaine, Tancr`edeLepoint, Mar´ıaNaya-Plasencia, et al.. Stream ciphers: A Practical Solution for Efficient Homomorphic-Ciphertext Compression. FSE 2016 : 23rd International Conference on Fast Software Encryption, Mar 2016, Bochum, Germany. Springer, 9783 - LNCS (Lecture Notes in Computer Science), pp.313-333, Fast Software Encryption 23rd International Conference, FSE 2016, Bochum, Germany, March 20- 23, 2016, <http://fse.rub.de/>. <10.1007/978-3-662-52993-5 16>. <hal-01280479> HAL Id: hal-01280479 https://hal.archives-ouvertes.fr/hal-01280479 Submitted on 28 Nov 2016 HAL is a multi-disciplinary open access L'archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destin´eeau d´ep^otet `ala diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publi´esou non, lished or not. The documents may come from ´emanant des ´etablissements d'enseignement et de teaching and research institutions in France or recherche fran¸caisou ´etrangers,des laboratoires abroad, or from public or private research centers. publics ou priv´es. Stream ciphers: A Practical Solution for Efficient Homomorphic-Ciphertext Compression?
  • Data Encryption with Linear Feedback Shift Register

    Data Encryption with Linear Feedback Shift Register

    International Journal of Scientific & Engineering Research Volume 3, Issue 6, June-2012 1 ISSN 2229-5518 Data Encryption with Linear Feedback Shift Register Subhra Mazumdar , Tannishtha Som Abstract— A data encryption technology which ensures secrecy of the data while being transferred over a long distance. It can provide about 80-85% data security as decoding of data involves inverting the feedback function or generating the binary sequence which will help in retrieving the data after some recombination operation. Index Terms— octal word time generation , linear feedback shift register, feedback function, data security, priority encoder, email server, SMTP(simple mail transfer protocol) ,POP(post office protocol) , device sensitive password check. —————————— —————————— 1 INTRODUCTION An efficient method to modify the plain text into an encoded cipher text , not easily predictable ensuring that the key value is irrecoverable when data is attacked while being transmitted. If a data is lost or extra bit gets added while transmission, the system will automatically show error as all the processes are synchronised. To avoid data being modified while transmission, different types of feedback function for 100 characters(3-bit sequence specific and different for adjacent row and column input devices in the register shown in figure 4; arranged in a 10 * 10 matrix) having different bit sequence is devised. Two stage password check(one of them being device figure 1: OCTAL WORD-TIME SIGNAL GENERATION specific) is used for decoding the message. 2 PURPOSE AND DESIGN OF THE DEVICE Converting the data to its ASCII value, one character at a time, using a 2^8 x 8 priority encoder (1 byte per character), the 8-bit sequence is stored in an 8-bit right shift register M (PARALLEL IN).
  • On the Use of Continued Fractions for Stream Ciphers

    On the Use of Continued Fractions for Stream Ciphers

    On the use of continued fractions for stream ciphers Amadou Moctar Kane Département de Mathématiques et de Statistiques, Université Laval, Pavillon Alexandre-Vachon, 1045 av. de la Médecine, Québec G1V 0A6 Canada. [email protected] May 25, 2013 Abstract In this paper, we present a new approach to stream ciphers. This method draws its strength from public key algorithms such as RSA and the development in continued fractions of certain irrational numbers to produce a pseudo-random stream. Although the encryption scheme proposed in this paper is based on a hard mathematical problem, its use is fast. Keywords: continued fractions, cryptography, pseudo-random, symmetric-key encryption, stream cipher. 1 Introduction The one time pad is presently known as one of the simplest and fastest encryption methods. In binary data, applying a one time pad algorithm consists of combining the pad and the plain text with XOR. This requires the use of a key size equal to the size of the plain text, which unfortunately is very difficult to implement. If a deterministic program is used to generate the keystream, then the system will be called stream cipher instead of one time pad. Stream ciphers use a great deal of pseudo- random generators such as the Linear Feedback Shift Registers (LFSR); although cryptographically weak [37], the LFSRs present some advantages like the fast time of execution. There are also generators based on Non-Linear transitions, examples included the Non-Linear Feedback Shift Register NLFSR and the Feedback Shift with Carry Register FCSR. Such generators appear to be more secure than those based on LFSR.