DOCSLIB.ORG

High Performance Architecture for LILI-II Stream Cipher

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
High Performance Architecture for LILI-II Stream Cipher International Journal of Computer Applications (0975 – 8887) Volume 107 – No 13, December 2014 High Performance Architecture for LILI-II Stream Cipher N. B. Hulle R. D. Kharadkar, Ph.D. S. S. Dorle, Ph.D. GHRIEET, Pune GHRIEET, Pune GHRCE, Nagpur Domkhel Road Domkhel Road Hingana Road Wagholi, Pune Wagholi, Pune Nagpur ABSTRACT cipher. This architecture uses same clock for both LFSRs. It is Proposed work presents high performance architecture for capable of shifting LFSRD content by one to four stages, LILI-II stream cipher. This cipher uses 128 bit key and 128 bit depending on value of function FC in single clock cycle IV for initialization of two LFSR. Proposed architecture uses without losing any data from function FC. single clock for both LFSRs, so this architecture will be useful in high speed communication applications. Presented 2. LILI-II STREAM CIPHER architecture uses four bit shifting of LFSR in single clock LILI-II is synchronous stream cipher developed by A. Clark et D al. in 2002 by removing existing weaknesses of LILI-128 cycle without losing any data items from function FC. Proposed architecture is coded by using VHDL language with stream cipher. It consists of two subsystems, clock controlled CAD tool Xilinx ISE Design Suite 13.2 and targeted hardware subsystem and data generation subsystem as shown in Fig. 1. is Xilinx Virtex5 FPGA having device xc4vlx60, with KEY IV package ff1148. Proposed architecture achieved throughput of 127 128 128 224.7 Mbps at 224.7 MHz frequency. 127 General Terms Hardware implementation of stream ciphers LFSRc LFSRd ... Keywords X0 X126 X0 X1 X96 X122 LILI, Stream cipher, clock controlled, FPGA, LFSR. fc fd 1. INTRODUCTION Key Stream Message secrecy is one of most important aspect of Clock Controlled Subsystem Data Generation Subsystem communication, but especially in wireless environment messages are highly insecure and encryption is must in such Fig. 1: Block diagram of LILI-II stream cipher environment. Implementations of cryptographic algorithms in Clock controlled subsystem consists of LFSR and function hardware usually achieve superior performance when C FC. LFSRC is 128 bit shift register having primitive feedback compared with software based ones. It is the growing polynomial as shown by equation (01) [5]. requirements for high-speed and high-level of secure communications. Security algorithms and their associated X 128X 126X 125X 124X 123X 122X 119X 117 X 115X 111X 108X 106X 105 keys are more secure, when implemented in hardware because 104 103 102 96 94 90 87 82 81 80 79 77 74 73 X X X X X X X X X X X X X X they cannot easily modified by an outside attacker [1]. 72 71 70 67 66 65 61 60 58 57 56 55 54 53 Reconfigurable devices such as FPGAs are a highly attractive X X X X X X X X X X X X X X option for a hardware implementation as they provide the X 52X 51X 50X 49X 47X 44X 43X 40X 39X 36X 35X 30X 29X 25 flexibility of dynamic system evolution as well as the ability 23 18 17 16 15 14 11 9 8 7 6 X X X X X X X X X X X X 1 to easily implement a wide range of algorithms [2], [3]. (01) During the last three decades, the art of securing all forms of Function F is accepting stage 0 and stage 126 output bit of data has improved to a great extent. The complexity of the C LFSRC as input and produces four possible combinations of functions that can now be performed by the security output. These four combinations of output decide shifting of equipment has increased. The majority of the more effective LFSRD by one to four stages. Function FC is given by cipher systems have become far more mathematical intensive equation (02). and hence their evaluation has become complex and abstract. The LILI-II stream cipher is LFSR based synchronous stream Fc(X 0,X 126) 2X 0X 1261 (02) cipher, designed with larger internal components than previous ciphers in this class. This cipher is improved version Data generation subsystem consists of shift register LFSRD of the LILI-128 cipher and capable of providing higher level and function FD. LFSRD is 127 bit shift register having of security [4]. This stream cipher is less efficient in software primitive feedback polynomial shown by equation (03). because of large size of LFSR and bigger Boolean function, X 127X 121X 120X 114X 107X 106X 103X 101 X 97X 96X 94X 92X 89 used to increase level of security. It uses 128-bit key and 128 87 84 83 81 76 75 74 72 69 68 65 64 62 59 bit Initialization Vector (IV) for initializing LFSRs [5]. X X X X X X X X X X X X X X X 57X 56X 54X 52X 50X 48X 46X 45X 43X 40X 39X 37X 36X 35 Proposed work presents high performance LILI-II stream X 30X 29X 28X 27X 25X 23X 22X 21X 20X 19X 18X 14X 10X 8 The work described in this article is part of sponsored project X 7 X 6 X 4 X 3X 2 X 1 by BCUD, Savitribai Phule Pune University, Pune to (03) strengthen the research activity among the academicians. LFSR shifting is controlled by function F . The function F Proposal No. 13ENG001265 D C D takes twelve inputs from LFSRD stages (0, 1, 3, 7, 12, 20, 30, 10 International Journal of Computer Applications (0975 – 8887) Volume 107 – No 13, December 2014 44, 65, 80, 96, and 122) and provides one bit output as key Now, this time generated 255 bit string is loaded into LFSRC stream for each clock cycle. Function FD is lookup table given and LFSRD stage to begin the key stream generation. As in the specification [5] of LILI-II stream cipher. previously, first 128 bits are used for LFSRC and remaining 127 bits for LFSR [5], [6]. 3. PROPOSED LILI-II ARCHITECTURE D Proposed LILI-II architecture is shown in Fig. 2. It consists of Proposed architecture uses two input multiplexor for loading two subsystems, clock controlled subsystem and data initial values during initialization stage and shifting LFSR generation subsystem. Initial values of the LFSRs in both content during normal operation. When ―Initial Data Load subsystems are obtained from 128 bit secret key and 128 bit LFSRC‖ terminal is ‗1‘ then initial values are loaded into publicly known IV. If publicly known IV is not of 128 bit, LFSRC stages at positive edge of clock, otherwise LFSRC then multiple copies will be concatenated or truncated to form contents are shifted by one bit towards right at positive edge 128 bit vector. of each clock. The Boolean expression of function FC has three terms 2X0, Initial state of LFSRC is obtained by XORing of 128 bit key X126 and constant 1. The term 2X0 has only two possible with 128 bit IV. Similarly, initial state of LFSRD is obtained by deleting first bit of 128 bit key, last bit of 128 bit IV and values, either 00 or 10 (only MSB is changing). The term X126 XORing the two 127 bit strings. also has two possibilities 0 or 1 and third term is constant 1. The truth table has four terms A1 (2X0, MSB), A0 (constant If cryptanalyst has access to output Z (i) and IV during ‗0‘, LSB), B0 (X126), C0 (constant ‗1‘) as shown in Table 1. initialization process, he may recover key for available set of Z (i) and IV. Appropriate security is maintained, when key Table 1. Truth table for Boolean function FC loading process do not leak information about key during key Inputs Case 1 Case 2 Case 3 Case 4 loading process. For avoiding access of Z (i) to cryptanalyst during key loading process, DFF is used at output. This DFF A = 2X0 00 00 10 10 will not latch the input string till completion of initialization B = process [5], [6], [7], [8], [9]. 0 1 0 1 X126 Actual initialization process uses LILI-II structure two times C = 1 1 1 1 1 for a period of 255 clock cycles each. At the start LFSRC and LFSRD are loaded with initial state as explained above and Sum 1 0 1 0 architecture runs to produce 255 bit binary string. This generated 255 bit string is used as initial state of LFSRC and Carry 0 1 1 10 LFSRD. First 128 bits of generated string are used for LFSRC FC 001 010 011 100 and remaining 127 bits for LFSRD [5], [6]. Second time this architecture runs again to produce 255 bit string by using initial stages from previously generated string. Initial data for LFSRd Initial data for LFSRc LFSR D 01 = Load 1 shift LFSRd1 Initial Data 1 2 3 4 5 127 128 10 = Load 1 shift LFSRd2 Load LFSRc 11 = Load 1 shift LFSRd3 0 = Data Load 00 = Load 1 shift LFSRd4 1 = Shifting 2 f1 Feedback Function Initial Data Load LFSRd of LFSRc 0 = Data Load 1 = Shifting 1 2 3 4 5 126 127 Update Function Fc 1 1 f2 f1 1 2 3 126 127 f3 f2 f1 1 2 126 127 DFF DFF f4 f3 f2 f1 1 126 127 1 1 2 01 = Select LFSRd1 10 = Select LFSRd2 11 = Select LFSRd3 Function Fd 00 = Select LFSRd4 (4096x1 Rom) DFF Z (t) Fig. 2: Proposed Architecture for LILI-II When output conditions of FC are 01, 10, 11 and 00 the architecture uses LFSRD having four sets of 127 bit shift content of LFSRD is shifted by one stage, two stages, three registers, named as LFSRD1, LFSRD2, LFSRD3 and LFSRD4.
Load more

Recommended publications
  • Optimizing the Placement of Tap Positions and Guess and Determine
    Optimizing the placement of tap positions and guess and determine cryptanalysis with variable sampling S. Hodˇzi´c, E. Pasalic, and Y. Wei∗† Abstract 1 In this article an optimal selection of tap positions for certain LFSR-based encryption schemes is investigated from both design and cryptanalytic perspective. Two novel algo- rithms towards an optimal selection of tap positions are given which can be satisfactorily used to provide (sub)optimal resistance to some generic cryptanalytic techniques applicable to these schemes. It is demonstrated that certain real-life ciphers (e.g. SOBER-t32, SFINKS and Grain-128), employing some standard criteria for tap selection such as the concept of full difference set, are not fully optimized with respect to these attacks. These standard design criteria are quite insufficient and the proposed algorithms appear to be the only generic method for the purpose of (sub)optimal selection of tap positions. We also extend the framework of a generic cryptanalytic method called Generalized Filter State Guessing Attacks (GFSGA), introduced in [26] as a generalization of the FSGA method, by applying a variable sampling of the keystream bits in order to retrieve as much information about the secret state bits as possible. Two different modes that use a variable sampling of keystream blocks are presented and it is shown that in many cases these modes may outperform the standard GFSGA mode. We also demonstrate the possibility of employing GFSGA-like at- tacks to other design strategies such as NFSR-based ciphers (Grain family for instance) and filter generators outputting a single bit each time the cipher is clocked.
    [Show full text]
  • MTH6115 Cryptography 4.1 Fish
    MTH6115 Cryptography Notes 4: Stream ciphers, continued Recall from the last part the definition of a stream cipher: Definition: A stream cipher over an alphabet of q symbols a1;:::;aq requires a key, a random or pseudo-random string of symbols from the alphabet with the same length as the plaintext, and a substitution table, a Latin square of order q (whose entries are symbols from the alphabet, and whose rows and columns are indexed by these symbols). If the plaintext is p = p1 p2 ::: pn and the key is k = k1k2 :::kn, then the ciphertext is z = z1z2 :::zn, where zt = pt ⊕ kt for t = 1;:::;n; the operation ⊕ is defined as follows: ai ⊕a j = ak if and only if the symbol in the row labelled ai and the column labelled a j of the substitution table is ak. We extend the definition of ⊕ to denote this coordinate-wise operation on strings: thus, we write z = p ⊕ k, where p;k;z are the plaintext, key, and ciphertext strings. We also define the operation by the rule that p = z k if z = p ⊕ k; thus, describes the operation of decryption. 4.1 Fish (largely not examinable) A simple improvement of the Vigenere` cipher is to encipher twice using two differ- ent keys k1 and k2. Because of the additive nature of the cipher, this is the same as enciphering with k1 + k2. The advantage is that the length of the new key is the least common multiple of the lengths of k1 and k2. For example, if we encrypt a message once with the key FOXES and again with the key WOLVES, the new key is obtained by encrypting a six-fold repeat of FOXES with a five-fold repeat of WOLVES, namely BCIZWXKLPNJGTSDASPAGQJBWOTZSIK 1 The new key has period 30.
    [Show full text]
  • State Convergence and Keyspace Reduction of the Mixer Stream Cipher
    State convergence and keyspace reduction of the Mixer stream cipher Sui-Guan Teo1, Kenneth Koon-Ho Wong1, Leonie Simpson1;2, and Ed Dawson1 1 Information Security Institute, Queensland University of Technology fsg.teo,kkwong,[email protected] 2 Faculty of Science and Technology, Queensland University of Technology GPO Box 2434, Brisbane Qld 4001, Australia [email protected] Keywords: Stream cipher, initialisation, state convergence, Mixer, LILI, Grain Abstract. This paper presents an analysis of the stream cipher Mixer, a bit-based cipher with structural components similar to the well-known Grain cipher and the LILI family of keystream generators. Mixer uses a 128-bit key and 64-bit IV to initialise a 217-bit internal state. The analysis is focused on the initialisation function of Mixer and shows that there exist multiple key-IV pairs which, after initialisation, produce the same initial state, and consequently will generate the same keystream. Furthermore, if the number of iterations of the state update function performed during initialisation is increased, then the number of distinct initial states that can be obtained decreases. It is also shown that there exist some distinct initial states which produce the same keystream, re- sulting in a further reduction of the effective key space. 1 Introduction Many keystream generators for stream ciphers are based on shift registers, partic- ularly Linear Feedback Shift Registers (LFSRs). Using the output of a regularly- clocked LFSR directly as keystream is cryptographically weak due to the linear properties of LFSR sequences. To mask this linearity, stream cipher designers use LFSRs and introduce non-linearity either explicitly through the use of nonlinear Boolean functions or implicitly through through the use of irregular clocking.
    [Show full text]
  • A 1 Gbps Chaos-Based Stream Cipher Implemented in 0.18 Μm CMOS Technology
    electronics Article A 1 Gbps Chaos-Based Stream Cipher Implemented in 0.18 µm CMOS Technology Miguel Garcia-Bosque * , Guillermo Díez-Señorans, Adrián Pérez-Resa, Carlos Sánchez-Azqueta, Concepción Aldea and Santiago Celma Group of Electronic Design, University of Zaragoza, 50009 Zaragoza, Spain; [email protected] (G.D.-S.); [email protected] (A.P.-R.); [email protected] (C.S.-A.); [email protected] (C.A.); [email protected] (S.C.) * Correspondence: [email protected]; Tel.: +34-876-55-3539 Received: 15 May 2019; Accepted: 29 May 2019; Published: 1 June 2019 Abstract: In this work, a novel chaos-based stream cipher based on a skew tent map is proposed and implemented in a 0.18 µm CMOS (Complementary Metal-Oxide-Semiconductor) technology. The proposed ciphering algorithm uses a linear feedback shift register that perturbs the orbits generated by the skew tent map after each iteration. This way, the randomness of the generated sequences is considerably improved. The implemented stream cipher was capable of achieving encryption speeds of 1 Gbps by using an approximate area of 20, 000 2-NAND equivalent gates, with a power ∼ consumption of 24.1 mW. To test the security of the proposed cipher, the generated keystreams were subjected to National Institute of Standards and Technology (NIST) randomness tests, proving that they were undistinguishable from truly random sequences. Finally, other security aspects such as the key sensitivity, key space size, and security against reconstruction attacks were studied, proving that the stream cipher is secure. Keywords: stream cipher; PRNG; cryptography; chaotic map; skew tent map 1. Introduction Despite the large number of encryption algorithms proposed in previous decades, there is still a great interest in the field of cryptography [1,2].
    [Show full text]
  • Data Encryption with Linear Feedback Shift Register
    International Journal of Scientific & Engineering Research Volume 3, Issue 6, June-2012 1 ISSN 2229-5518 Data Encryption with Linear Feedback Shift Register Subhra Mazumdar , Tannishtha Som Abstract— A data encryption technology which ensures secrecy of the data while being transferred over a long distance. It can provide about 80-85% data security as decoding of data involves inverting the feedback function or generating the binary sequence which will help in retrieving the data after some recombination operation. Index Terms— octal word time generation , linear feedback shift register, feedback function, data security, priority encoder, email server, SMTP(simple mail transfer protocol) ,POP(post office protocol) , device sensitive password check. —————————— —————————— 1 INTRODUCTION An efficient method to modify the plain text into an encoded cipher text , not easily predictable ensuring that the key value is irrecoverable when data is attacked while being transmitted. If a data is lost or extra bit gets added while transmission, the system will automatically show error as all the processes are synchronised. To avoid data being modified while transmission, different types of feedback function for 100 characters(3-bit sequence specific and different for adjacent row and column input devices in the register shown in figure 4; arranged in a 10 * 10 matrix) having different bit sequence is devised. Two stage password check(one of them being device figure 1: OCTAL WORD-TIME SIGNAL GENERATION specific) is used for decoding the message. 2 PURPOSE AND DESIGN OF THE DEVICE Converting the data to its ASCII value, one character at a time, using a 2^8 x 8 priority encoder (1 byte per character), the 8-bit sequence is stored in an 8-bit right shift register M (PARALLEL IN).
    [Show full text]
  • On the Use of Continued Fractions for Stream Ciphers
    On the use of continued fractions for stream ciphers Amadou Moctar Kane Département de Mathématiques et de Statistiques, Université Laval, Pavillon Alexandre-Vachon, 1045 av. de la Médecine, Québec G1V 0A6 Canada. [email protected] May 25, 2013 Abstract In this paper, we present a new approach to stream ciphers. This method draws its strength from public key algorithms such as RSA and the development in continued fractions of certain irrational numbers to produce a pseudo-random stream. Although the encryption scheme proposed in this paper is based on a hard mathematical problem, its use is fast. Keywords: continued fractions, cryptography, pseudo-random, symmetric-key encryption, stream cipher. 1 Introduction The one time pad is presently known as one of the simplest and fastest encryption methods. In binary data, applying a one time pad algorithm consists of combining the pad and the plain text with XOR. This requires the use of a key size equal to the size of the plain text, which unfortunately is very difficult to implement. If a deterministic program is used to generate the keystream, then the system will be called stream cipher instead of one time pad. Stream ciphers use a great deal of pseudo- random generators such as the Linear Feedback Shift Registers (LFSR); although cryptographically weak [37], the LFSRs present some advantages like the fast time of execution. There are also generators based on Non-Linear transitions, examples included the Non-Linear Feedback Shift Register NLFSR and the Feedback Shift with Carry Register FCSR. Such generators appear to be more secure than those based on LFSR.
    [Show full text]
  • Stream Cipher Designs: a Review
    SCIENCE CHINA Information Sciences March 2020, Vol. 63 131101:1–131101:25 . REVIEW . https://doi.org/10.1007/s11432-018-9929-x Stream cipher designs: a review Lin JIAO1*, Yonglin HAO1 & Dengguo FENG1,2* 1 State Key Laboratory of Cryptology, Beijing 100878, China; 2 State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China Received 13 August 2018/Accepted 30 June 2019/Published online 10 February 2020 Abstract Stream cipher is an important branch of symmetric cryptosystems, which takes obvious advan- tages in speed and scale of hardware implementation. It is suitable for using in the cases of massive data transfer or resource constraints, and has always been a hot and central research topic in cryptography. With the rapid development of network and communication technology, cipher algorithms play more and more crucial role in information security. Simultaneously, the application environment of cipher algorithms is in- creasingly complex, which challenges the existing cipher algorithms and calls for novel suitable designs. To accommodate new strict requirements and provide systematic scientific basis for future designs, this paper reviews the development history of stream ciphers, classifies and summarizes the design principles of typical stream ciphers in groups, briefly discusses the advantages and weakness of various stream ciphers in terms of security and implementation. Finally, it tries to foresee the prospective design directions of stream ciphers. Keywords stream cipher, survey, lightweight, authenticated encryption, homomorphic encryption Citation Jiao L, Hao Y L, Feng D G. Stream cipher designs: a review. Sci China Inf Sci, 2020, 63(3): 131101, https://doi.org/10.1007/s11432-018-9929-x 1 Introduction The widely applied e-commerce, e-government, along with the fast developing cloud computing, big data, have triggered high demands in both efficiency and security of information processing.
    [Show full text]
  • MICKEY 2.0. 85: a Secure and Lighter MICKEY 2.0 Cipher Variant With
    S S symmetry Article MICKEY 2.0.85: A Secure and Lighter MICKEY 2.0 Cipher Variant with Improved Power Consumption for Smaller Devices in the IoT Ahmed Alamer 1,2,*, Ben Soh 1 and David E. Brumbaugh 3 1 Department of Computer Science and Information Technology, School of Engineering and Mathematical Sciences, La Trobe University, Victoria 3086, Australia; [email protected] 2 Department of Mathematics, College of Science, Tabuk University, Tabuk 7149, Saudi Arabia 3 Techno Authority, Digital Consultant, 358 Dogwood Drive, Mobile, AL 36609, USA; [email protected] * Correspondence: [email protected]; Tel.: +61-431-292-034 Received: 31 October 2019; Accepted: 20 December 2019; Published: 22 December 2019 Abstract: Lightweight stream ciphers have attracted significant attention in the last two decades due to their security implementations in small devices with limited hardware. With low-power computation abilities, these devices consume less power, thus reducing costs. New directions in ultra-lightweight cryptosystem design include optimizing lightweight cryptosystems to work with a low number of gate equivalents (GEs); without affecting security, these designs consume less power via scaled-down versions of the Mutual Irregular Clocking KEYstream generator—version 2-(MICKEY 2.0) cipher. This study aims to obtain a scaled-down version of the MICKEY 2.0 cipher by modifying its internal state design via reducing shift registers and modifying the controlling bit positions to assure the ciphers’ pseudo-randomness. We measured these changes using the National Institutes of Standards and Testing (NIST) test suites, investigating the speed and power consumption of the proposed scaled-down version named MICKEY 2.0.85.
    [Show full text]
  • Analysis of Lightweight Stream Ciphers
    ANALYSIS OF LIGHTWEIGHT STREAM CIPHERS THÈSE NO 4040 (2008) PRÉSENTÉE LE 18 AVRIL 2008 À LA FACULTÉ INFORMATIQUE ET COMMUNICATIONS LABORATOIRE DE SÉCURITÉ ET DE CRYPTOGRAPHIE PROGRAMME DOCTORAL EN INFORMATIQUE, COMMUNICATIONS ET INFORMATION ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE POUR L'OBTENTION DU GRADE DE DOCTEUR ÈS SCIENCES PAR Simon FISCHER M.Sc. in physics, Université de Berne de nationalité suisse et originaire de Olten (SO) acceptée sur proposition du jury: Prof. M. A. Shokrollahi, président du jury Prof. S. Vaudenay, Dr W. Meier, directeurs de thèse Prof. C. Carlet, rapporteur Prof. A. Lenstra, rapporteur Dr M. Robshaw, rapporteur Suisse 2008 F¨ur Philomena Abstract Stream ciphers are fast cryptographic primitives to provide confidentiality of electronically transmitted data. They can be very suitable in environments with restricted resources, such as mobile devices or embedded systems. Practical examples are cell phones, RFID transponders, smart cards or devices in sensor networks. Besides efficiency, security is the most important property of a stream cipher. In this thesis, we address cryptanalysis of modern lightweight stream ciphers. We derive and improve cryptanalytic methods for dif- ferent building blocks and present dedicated attacks on specific proposals, including some eSTREAM candidates. As a result, we elaborate on the design criteria for the develop- ment of secure and efficient stream ciphers. The best-known building block is the linear feedback shift register (LFSR), which can be combined with a nonlinear Boolean output function. A powerful type of attacks against LFSR-based stream ciphers are the recent algebraic attacks, these exploit the specific structure by deriving low degree equations for recovering the secret key.
    [Show full text]
  • SFINKS: a Synchronous Stream Cipher for Restricted Hardware Environments ?
    SFINKS: A Synchronous Stream Cipher for Restricted Hardware Environments ? An Braeken?? and Joseph Lano? ? ? and Nele Mentens and Bart Preneel and Ingrid Verbauwhede Katholieke Universiteit Leuven Dept. Elect. Eng.-ESAT/SCD-COSIC, Kasteelpark Arenberg 10, 3001 Heverlee, Belgium fan.braeken,joseph.lano,nele.mentens,bart.preneel,[email protected] Abstract. We present SFINKS, a low-cost synchronous stream cipher for hardware applications with an associated authentication mechanism. The stream cipher is based F on a Simple Filter generator, using the INverse function in 216 to generate the Key Stream. The design is based on simple and well-studied concepts, and its security is analyzed with respect to the portfolio of known cryptanalytic attacks for filter generators. 1 Introduction For efficient encryption of data, cryptography mainly uses two types of symmetric algorithms, block ciphers and stream ciphers. In the past decades, block ciphers have become the most widely used technology. This is mainly due to the block cipher standard DES [32] and its successor AES [33]. The current AES is a secure encryption algorithm that offers excellent performance on a variety of hardware and software environments. As block ciphers are often used in a stream cipher mode such as CTR and OFB, stream ciphers may offer equivalent security at a lower cost. The aim of this paper is to propose a low-cost synchronous stream cipher for hardware applications with an associated authentication mechanism. The design we propose is a simple synchronous stream cipher using a memoryless nonlinear filter. We will motivate our choices made for the building blocks in the following sections.
    [Show full text]
  • Two Versions of the Stream Cipher Snow a Thesis Submitted to the Graduate School of Natural and Applied Sciences of Middle East
    TWO VERSIONS OF THE STREAM CIPHER SNOW A THESIS SUBMITTED TO THE GRADUATE SCHOOL OF NATURAL AND APPLIED SCIENCES OF MIDDLE EAST TECHNICAL UNIVERSITY BY ERDEM YILMAZ IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF SCIENCE IN ELECTRICAL AND ELECTRONICS ENGINEERING DECEMBER 2004 Approval of the Graduate School of Natural and Applied Sciences _________________________ Prof. Dr. Canan Özgen Director I certify that this thesis satisfies all the requirements as a thesis for the degree of Master of Science. _________________________ Prof. Dr. İsmet Erkmen Head of Department This is to certify that we have read this thesis and that in our opinion it is fully adequate, in scope and quality, as a thesis for the degree of Master of Science. _________________________ Assoc. Prof. Dr. Melek D. Yücel Supervisor Examining Committee Members Prof. Dr. Yalçın Tanık (METU,EE)________________________ Assoc. Prof. Dr. Melek D. Yücel (METU,EE)________________________ Prof. Dr. Murat Aşkar (METU,EE)________________________ Assoc. Prof. Dr. Ferruh Özbudak (METU,MATH)________________________ Asst. Prof. Dr. A. Özgür Yılmaz (METU,EE)________________________ I hereby declare that all information in this document has been obtained and presented in accordance with academic rules and ethical conduct. I also declare that, as required by these rules and conduct, I have fully cited and referenced all material and results that are not original to this work. Name, Last Name: Erdem Yılmaz Signature : iii ABSTRACT TWO VERSIONS OF THE STREAM CIPHER SNOW Yılmaz, Erdem M.Sc., Department of Electrical and Electronics Engineering Supervisor: Assoc. Prof. Dr. Melek D. Yücel December 2004, 60 pages Two versions of SNOW, which are word-oriented stream ciphers proposed by P.
    [Show full text]
  • Handout 5 Summary of This Handout: Stream Ciphers — RC4 — Linear Feedback Shift Registers — CSS — A5/1
    06-20008 Cryptography The University of Birmingham Autumn Semester 2012 School of Computer Science Eike Ritter 25 October, 2012 Handout 5 Summary of this handout: Stream Ciphers — RC4 — Linear Feedback Shift Registers — CSS — A5/1 II.2 Stream Ciphers A stream cipher is a symmetric cipher that encrypts the plaintext units one at a time and that varies the transformation of successive units during the encryption. In practise, the units are typically single bits or bytes. In contrast to a block cipher, which encrypts one block and then starts over again, a stream cipher encrypts plaintext streams continuously and therefore needs to maintain an internal state in order to avoid obvious duplication of encryptions. The main difference between stream ciphers and block ciphers is that stream ciphers have to maintain an internal state, while block ciphers do not. Recall that we have already seen how block ciphers avoid duplication and can also be transformed into stream ciphers via modes of operation. Basic stream ciphers are similar to the OFB and CTR modes for block ciphers in that they produce a continuous keystream, which is used to encipher the plaintext. However, modern stream ciphers are computationally far more efficient and easier to implement in both hard- and software than block ciphers and are therefore preferred in applications where speed really matters, such as in real-time audio and video encryption. Before we look at the technical details how stream ciphers work, we recall the One Time Pad, which we have briefly discussed in Handout 1. The One Time Pad is essentially an unbreakable cipher that depends on the fact that the key 1.
    [Show full text]