<<

International Journal of Engineering and Advanced Technology (IJEAT) ISSN: 2249-8958, Volume-8 Issue-5, June 2019

BRIGHT: A Small and Fast Lightweight for 32-bit Processor

Deepti Sehrawat, Nasib Singh Gill

 maintenance as compared to hardware implementations. Even Abstract: Recently a number of lightweight ciphers are providing strong resistance against mathematical attacks designed for improved hardware or software performance. could not protect hardware-oriented block ciphers from side Designing block ciphers for a resource-constrained 32-bit channel attacks thereby losing its keys. So a good software processor is even more challenging. Usually, for 32-bit CPU the lightweight ciphers are designed with low-security margins. This design is required to provide enough security guard against paper presents, an efficient family of LBC, named BRIGHT. The attacks. proposed design is a software-oriented security framework for Our Contribution resource-constrained IoT-enabled applications. It has lowest code First, the analysis of various existing benchmarked designs size and fastest execution speed on 32-bit processor because of its is carried out to identify the strong points and flaws of each 32-bit ARX operations. It enables users to match their security needs with application requirements by supporting a range of one which is culminated in the publication in [3, 4]. Then the cryptographic solutions. The proposed design has 6 variants and design goals are formulated to ensure a fair comparison of the all variants of BRIGHT family ciphers fulfills Strict Avalanche proposed design with other benchmarked designs. The Criteria and sensitivity test. BRIGHT family ciphers show framework of the proposed design is then described and the better performance in terms of memory requirements, cost and performance is evaluated on different platforms. speed. This is because of its simple and efficient internal structure. In this paper, a software-oriented security framework for In this paper, a comparison is made among existing benchmarked lightweight ciphers and proposed design on 32-bit CPU. BRIGHT resource-constrained IoT-enabled applications is presented. is competitive among existing lightweight ciphers. The main focus is on reducing memory and achieving high speed without compromising security. BRIGHT design Index Terms: BRIGHT performance evaluation, lightweight implements 32-bit ARX operations because of its enhanced block ciphers, performance enhancement, small and fast cipher. performance on 32-bit CPU. BRIGHT uses pre key-whitening to thwart attacks and round permutation for faster I. INTRODUCTION diffusion. Since the proposed design uses ARX structure, Nowadays, ubiquitous computing, IoT, and smart world there is low decryption overhead, and decryption is performed are concepts becoming popular day by day. The by simply reversing the operations of the process. communication in these is made possible by RFID enabled The simple and efficient internal structure of BRIGHT is so devices and most commonly 32-bit CPUs are deployed in designed that it provides fast diffusion, tiny-size code and these smart applications. Security and privacy is a major high-speed. In this paper, the performance of BRIGHT is concern for these resource constraint devices [1]. An attacker evaluated on a 32-bit processor. can get access to the information shared between devices. For The rest of the paper is structured as follows: section 2 this reason, there is a need of good security solutions in the presents related work relevant to lightweight . form of cryptographic algorithms. Furthermore, the BRIGHT cipher is explained in section 3. Section 4 details participating nodes in IoT are constrained in terms of performance evaluation of BRIGHT on different parameters. memory, power, and computational ability [2]. So, a new field of lightweight cryptography came into existence. Besides, II. RELATED WORK block ciphers are considered as workhouses in cryptographic Some lightweight block ciphers with ARX structure are applications. Therefore, in the last 10 years, the design of TEA [5], XTEA [6], LEA [7], HIGHT [8], [9], LBC has attracted the attention of many researchers. [9], RoadRunneR [10] Chaskey [11], and SPARX Recently, a number of lightweight block ciphers are proposed [12]. TEA and XTEA use simple round function and key by various researchers’ for IoT enabled smart environment. schedule. Both have lower block length and a larger number Most of these algorithms are optimized for hardware of rounds, their encryption speed is not as fast as that of LEA. implementations by using building blocks and are not LEA has three variants with a block size of 128-bits and key considered a good choice for software-oriented applications sizes 128, 192 and 256-bits long. It is based on 4-branch on a 32-bit processor. Software oriented cipher designs Generalized Feistel Network (GFN) and is optimized for provide more flexibility at lower costs on manufacturing and 32-bit processor than a 64-bit processor [7]. There exists a targeting 15 rounds on this cipher. HIGHT

cipher is optimized for 8-bit operations and there are a Revised Manuscript Received on June 14, 2019. Deepti Sehrawat, Department of Computer Science and Applications, number of attacks Maharshi Dayanand University, Rohtak, Haryana (India) implemented on HIGHT like Nasib Singh Gill, Department of Computer Science and Applications, multidimensional Maharshi Dayanand University, Rohtak, Haryana (India). zero- [13],

Published By: Blue Eyes Intelligence Engineering Retrieval Number E7302068519/19©BEIESP 1549 & Sciences Publication

BRIGHT: A Small and Fast Lightweight Block Cipher for 32-bit Processor [14], and related-key attack [15]. SPECK and SIMON ciphers are family of lightweight ciphers having 10 Plain Text instances of each. SIMON cipher with a block size of 128-bit is comparable with LEA. Whereas the performance of SPECK exceeds LEA'S performance in 64-bit processor V V V 0 1 V2 3 because of SPECK's 64-bit addition in a 64-bit processor. CHASKEY ciphers is a permutation-based Message K K K Authentication Code (MAC) lightweight block cipher. It does 0 1 2 K3 not follow any it simply consists of two shifts and two conditional XORs with the state for two sub-keys. A differential-linear attack targeting 7 out of 8 rounds is applied on Chaskey [11]. RoadRunneR is a block cipher with block size 64-bits and it supports two key sizes viz. 80-bits and ARX Operations 128-bits. The Feistel function of RoadRunneR is an SPN having four 4-bit S-box layers, 3 linear layers, and 3 key V V additions [10]. There exists a high-probability truncated trail 0 V1 2 V3 in RoadRunneR-128 covering 5 out of 7 rounds. SPARX cipher has three variants Sparx-64/128, Sparx-128/128, and Sparx-128/256. Variant Sparx-64/128 has 8 steps and in each step there are 3 rounds, Sparx-128/128 has 8 steps with 4 V V 0 V1 2 V3 rounds in each step and variant Sparx-128/256 has 10 steps with 4 rounds in each step [12]. There exists an impossible differential attack on Sparx [16]. Cipher Text

III. PROPOSED BRIGHT CIPHER Figure 1: Layers in the BRIGHT family of ciphers

A. Notation 1. Top Layer (Key Whitening): To provide resistance Through the paper the following notations are used: against weak key attacks, the actual key is first XORed as Vi Word/ Branch a pre-whitening affect. Key whitening does not provide Addition modulo 2n any immunity to analytical attacks like linear n-bit exclusive OR and differential cryptanalysis but provides good resistance x<<>>m Right circular shifts by m-bits used only pre-whitening, post whitening does not add any security it just adds to the code length. Besides, it is due to Mk Master key th the key whitening that makes it almost impossible to Rk Round key for i round i extend the attack by even one round which requires & Bitwise AND searching for all n-keys. C Constant 2. Middle Layer-ARX Operations: ARX operations in B. Design software implementation provides an efficient parallel BRIGHT cipher is a family of lightweight GFN implementation. XOR function is mostly used in (Generalized Feistel Network) block cipher. It has 4 ARX-based ciphers. Most effective operations are branches/ words and supports 64-bit and 128-bit block sizes. modular arithmetic operations like addition-modulo and BRIGHT cipher proposed six variants, these are BRIGHT subtraction-modulo. Using addition modulo 2n is more 64/80, BRIGHT 64/96, BRIGHT 64/128, BRIGHT 128/128, useful in place of bitwise XOR because for several BRIGHT 128/192 and BRIGHT 128/256. A general reasons. Using a mod 2b key addition improves the description of BRIGHT n/m describes BRIGHT cipher with diffusion layer by introducing sufficient non-linearity. n-bit block size and m-bit . It implements ARX This is done at the same cost and same speed as by bitwise operations for faster diffusion and its operations are supported XOR. It also helps to provide enough resistance against in multiple platforms in an efficient and parallel way. The structural attacks [17]. Furthermore, addition modulo 2n encryption of BRIGHT is performed in layers. There are three add non-linearity to the cipher. Addition modulo is layers in BRIGHT design, these are key whitening, ARX preferred over XOR and when these are used in operations, and round permutation. Fig. 1 depicts the combination on an alternate basis then it provides faster structure of the proposed cipher. To provide resistance diffusion. Many of the existing ciphers have used the against most of the attacks, first for all the variants of same ARX concepts like HIGHT [8], SPECK [9], BRIGHT the minimum number of rounds ‘R', required to RoadRunneR [10], CHASKEY [11], and SPARX [12] reach complete diffusion is found. Then, the actual number of with which we have rounds is given by applying the formula 3R, 3R+1, 3R+2 for compared our proposed BRIGHT 64/80, BRIGHT 64/96 and BRIGHT 64/128 design. Rotations are not respectively. considered good

Published By: Blue Eyes Intelligence Engineering Retrieval Number E7302068519/19©BEIESP 1550 & Sciences Publication International Journal of Engineering and Advanced Technology (IJEAT) ISSN: 2249-8958, Volume-8 Issue-5, June 2019

operations, especially rotations of the same amount on Pi2 = Pi2 Pi1, neighboring large operands. Furthermore, different Pi1 = (Pi1<<