Cryptography and Communications

, Volume 9, Issue 2, pp 273–289 | Cite as

Espresso: A stream cipher for 5G wireless communication systems

  • Elena DubrovaEmail author
  • Martin Hell


The demand for more efficient ciphers is a likely to sharpen with new generation of products and applications. Previous cipher designs typically focused on optimizing only one of the two parameters - hardware size or speed, for a given security level. In this paper, we present a methodology for designing a class of stream ciphers which takes into account both parameters simultaneously. We combine the advantage of the Galois configuration of NLFSRs, short propagation delay, with the advantage of the Fibonacci configuration of NLFSRs, which can be analyzed formally. According to our analysis, the presented stream cipher Espresso is the fastest among the ciphers below 1500 GE, including Grain-128 and Trivium.


Stream cipher Encryption FSR Wireless 5G 

Mathematics Subject Classification (2010)

94A60 68P25 11T71 



This work carried out during the research visits of authors at the security group at Ericsson Research in 2013-2014 and supported by the grants SM12-0005 and SM12-0025 from the Swedish Foundation for Strategic Research. The authors would like to thank Mats Näslund and Ben Smeets from Ericsson Research for their help with this work, for sharing their expertise and providing many valuable comments and suggestions on the design.


  1. 1.
    Olsson, M., Cavdar, C., Frenger, P., Tombaz, S., Sabella, D., Jantti, R.: 5green: Towards green 5g mobile networks. In: Int. Conf. on Wireless and Mobile Computing, Networking and Communications, pp 212–216 (2013)Google Scholar
  2. 2.
    Ericsson White Paper: 5G radio access, June 2013.
  3. 3.
    Hell, M., Johansson, T., Maximov, A., Meier, W.: The Grain family of stream ciphers, New Stream Cipher Designs: The eSTREAM Finalists. LNCS 4986, 179–190 (2008)Google Scholar
  4. 4.
    Cannière, C., Preneel, B.: Trivium, New Stream Cipher Designs: The eSTREAM Finalists. LNCS 4986, 244–266 (2008)zbMATHGoogle Scholar
  5. 5.
    Lidl, R., Niederreiter, H.: Introduction to Finite Fields and their Applications. Cambridge Univ. Press (1994)Google Scholar
  6. 6.
    Dubrova, E.: A transformation from the Fibonacci to the Galois NLFSRs. IEEE Trans. Inf. Theory 55, 5263–5271 (2009)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Schneier, B.: Applied cryptography (2nd ed.): protocols, algorithms, and source code in C. John Wiley & Sons, Inc., NY (1995)zbMATHGoogle Scholar
  8. 8.
    Daemen, J., Rijmen, V.: AES proposal: Rijndael. National Institute of Standards and Technology (2003)Google Scholar
  9. 9.
    Robshaw, M.: Stream ciphers, Tech. Rep. TR - 701 (1994)Google Scholar
  10. 10.
    De Cannière, C., Dunkelman, O., zević, M.K.: KATAN and KTANTAN— a family of small and efficient hardware-oriented block ciphers. In: Cryptographic Hardware and Embedded Systems—CHES 2009, vol. 5747, pp 272–288. Springer (2009)Google Scholar
  11. 11.
    Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.: The led block cipher. In: Preneel, B., Takagi, T. (eds.) Cryptographic Hardware and Embedded Systems, CHES 2011. vol. 6917 of Lecture Notes in Computer Science, 326–341, Springer Berlin / Heidelberg (2011)Google Scholar
  12. 12.
    Gong, Z., Nikova, S., Law, Y.: Klein: A new family of lightweight block ciphers. In: Juels, A., Paar, C. (eds.) RFID. Security and Privacy. vol. 7055 of Lecture Notes in Computer Science, 1–18, Springer Berlin Heidelberg (2012)Google Scholar
  13. 13.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Cryptographic Hardware and Embedded Systems—CHES 2007, vol. 4727 of Lecture Notes in Computer Science, 450–466, Springer Berlin Heidelberg (2007)Google Scholar
  14. 14.
    Shibutani, K., Isobe, T., Hiwatari, H., Mitsuda, A., Akishita, T., Shirai, T.: Piccolo: An ultra-lightweight blockcipher. In: Preneel, B., Takagi, T. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2011. vol. 6917 of Lecture Notes in Computer Science, 342–357, Springer (2011)Google Scholar
  15. 15.
    Suzaki, T., Minematsu, K., Morioka, S., Kobayashi, E.: TWINE: A lightweight block cipher for multiple platforms. In: Knudsen, L., Wu, H. (eds.) Selected Areas in Cryptography—SAC 2012. vol. 7707 of Lecture Notes in Computer Science, pp. 339–354, Springer Berlin Heidelberg (2013)Google Scholar
  16. 16.
    Juels, A.: RFID security and privacy: a research survey. IEEE J. Sel. Areas Commun. 24, 381–394 (2006)CrossRefGoogle Scholar
  17. 17.
    Borghoff, J., Canteaut, A., Gneysu, T., Kavun, E., Knezevic, M., Knudsen, L., Leander, G., Nikov, V., Paar, C., Rechberger, C., Rombouts, P., Thomsen, S., Yaln, T.: Prince a low-latency block cipher for pervasive computing applications. In: Wang, X., Sako, K. (eds.) Advances in Cryptology ASIACRYPT 2012. vol. 7658 of Lecture Notes in Computer Science, pp. 208–225, Springer Berlin Heidelberg (2012)Google Scholar
  18. 18.
    Biham, E., Dunkelman, O.: Cryptanalysis of the A5/1 GSM stream cipher. In: INDOCRYPT ’00: Proceedings of the First International Conference on Progress in Cryptology, (London, UK), pp 43–51. Springer-Verlag (2000)Google Scholar
  19. 19.
    Tews, E., Weinmann, R.-P., Pyshkin, A.: Breaking 104-bit wep in under a minute. Cryptology ePrint Archive, Report 2007/120 (2007).
  20. 20.
    Golomb, S.: Shift Register Sequences. Aegean Park Press (1982)Google Scholar
  21. 21.
    Golic, J.: On the security of nonlinear filter generators. In: Gollmann, D. (ed.) Fast Software Encryption. vol. 1039 of Lecture Notes in Computer Science, pp. 173–188, Springer Berlin / Heidelberg (1996)Google Scholar
  22. 22.
    Braeken, A., Lano, J.: On the (im)possibility of practical and secure nonlinear filters and combiners. In: Proceedings of the 12th international conference on Selected Areas in Cryptography, SAC’05, (Berlin, Heidelberg), pp 159–174. Springer-Verlag (2006)Google Scholar
  23. 23.
    Cusick, T.W., Stǎnicǎ, P.: Cryptographic Boolean functions and applications. San Diego, CA, USA: Academic Press (2009)Google Scholar
  24. 24.
    Dubrova, E.: A scalable method for constructing Galois NLFSRs with period 2n−1 using cross-join pairs. IEEE Trans. Inf. Theory 1(59), 703–709 (2013)MathSciNetCrossRefGoogle Scholar
  25. 25.
    Dubrova, E.: A method for generating full cycles by a composition of NLFSRs, Design, Codes and Cryptography (2012)Google Scholar
  26. 26.
    Berbain, C., Gilbert, H., Maximov, A.: Cryptanalysis of Grain. In: Robshaw, M. (ed.) Fast Software Encryption 2006. vol. 4047 of Lecture Notes in Computer Science, pp. 15–29, Springer (2006)Google Scholar
  27. 27.
    Wagner, D.: A generalized birthday problem. In: Yung, M. (ed.) Advances in Cryptology—CRYPTO 2002. vol. 2442 of Lecture Notes in Computer Science, pp. 288–303, Springer (2002)Google Scholar
  28. 28.
    Golić, J.D.: Computation of low-weight parity check polynomials. Electron. Lett. 32(21), 1981–1982 (1996)CrossRefGoogle Scholar
  29. 29.
    Courtois, N., Meier, W.: Algebraic attacks on stream ciphers with linear feedback. In: Biham, E. (ed.) Advances in Cryptology—EUROCRYPT 2003. vol. 2656 of Lecture Notes in Computer Science, pp. 345–359, Springer (2003)Google Scholar
  30. 30.
    Armknecht, F., Krause, M.: Algebraic attacks on combiners with memory. In: Boneh, D. (ed.) Advances in Cryptology—CRYPTO 2003. vol. 2729 of Lecture Notes in Computer Science, pp. 162–176, Springer (2003)Google Scholar
  31. 31.
    Courtois, N., Klimov, A., Patarin, J., Shamir, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In: Preneel, B. (ed.) Advances in Cryptology—EUROCRYPT 2003. vol. 1807 of Lecture Notes in Computer Science, pp. 392–407, Springer (2000)Google Scholar
  32. 32.
    Courtois, N., Pieprzyk, J.: Cryptanalysis of block ciphers with overdefined systems of equations. In: Zheng, Y. (ed.) Advances in Cryptology—ASIACRYPT 2002. vol. 2501 of Lecture Notes in Computer Science, pp. 267–287, Springer (2002)Google Scholar
  33. 33.
    Faugére, J.-C., Joux, A.: Algebraic cryptanalysis of Hidden Field Equation (HFE) cryptosystems using Gröbner bases. In: Boneh, D. (ed.) Advances in Cryptology—CRYPTO 2003. vol. 2729 of Lecture Notes in Computer Science, pp. 44–60, Springer (2003)Google Scholar
  34. 34.
    Meier, W., Pasalic, E., Carlet, C.: Algebraic attacks and decomposition of Boolean functions. In: Advances in Cryptology—EUROCRYPT 2004. vol. 3027 of Lecture Notes in Computer Science, pp. 474–491, Springer (2004)Google Scholar
  35. 35.
    Golić, J.: Cryptanalysis of alleged A5 stream cipher. In: Fumy, W. (ed.) Advances in Cryptology—EUROCRYPT 1997. vol. 1233 of Lecture Notes in Computer Science, pp. 239–255, Springer (1997)Google Scholar
  36. 36.
    Babbage, S.: A space/time tradeoff in exhaustive search attacks on stream ciphers. In: European Convention on Security and Detection, no. 408 in IEE Conference Publication (1995)Google Scholar
  37. 37.
    Biryukov, A., Shamir, A.: Cryptanalytic time/memory/data tradeoffs for stream ciphers. In: Okamoto, T. (ed.) Advances in Cryptology—ASIACRYPT 2000. vol. 1976 of Lecture Notes in Computer Science, pp. 1–13, Springer (2000)Google Scholar
  38. 38.
    Hong, J., Sarkar, P.: New applications of time memory data tradeoffs. In: Roy, B. (ed.) Advances in Cryptology—ASIACRYPT 2005. vol. 3788 of Lecture Notes in Computer Science, pp. 353–372, Springer (2005)Google Scholar
  39. 39.
    Hellman, M.: A cryptanalytic time-memory trade-off. IEEE Trans. Inf. Theory IT-26, 401–406 (1980)MathSciNetCrossRefzbMATHGoogle Scholar
  40. 40.
    Mihaljevic, M.J., Gangopadhyay, S., Paul, G., Imai, H.: Internal state recovery of Grain-v1 employing normality order of the filter function. IET Inf. Secur. 6(2), 55–64 (2012)CrossRefGoogle Scholar
  41. 41.
    Mihaljevic, M.J., Gangopadhyay, S., Paul, G., Imai, H.: Generic cryptographic weakness of k-normal Boolean functions in certain stream ciphers and cryptanalysis of Grain-128. Period. Math. Hung. 65(2), 205–227 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  42. 42.
    Bernstein, D.J.: Understanding brute force. eSTREAM, ECRYPT Stream Cipher Project, Report 2005/036 (2005).
  43. 43.
    Dinur, I., Shamir, A.: Cube Attacks on Tweakable Black Box Polynomials. In: Joux, A. (ed.) Advances in Cryptology—EUROCRYPT 2009. vol. 5479 of Lecture Notes in Computer Science, pp. 278–299, Springer (2009)Google Scholar
  44. 44.
    Vielhaber, M.: Breaking ONE.FIVIUM by AIDA an Algebraic IV Differential attack. Available at: (2007)
  45. 45.
    Saarinen, M.-J.O.: Chosen-IV statistical attacks on eStream stream ciphers, Proc. Stream Ciphers Revisited (SASC’06) (2006)Google Scholar
  46. 46.
    Stankovski, P.: Greedy distinguishers and nonrandomness detectors. In: Gong, G., Gupta, K.C. (eds.) Progress in Cryptology—INDOCRYPT 2010. vol. 6498 of Lecture Notes in Computer Science, pp. 210–226, Springer (2010)Google Scholar
  47. 47.
    Biham, E., Dunkelman, O.: Differential cryptanalysis in stream ciphers. Cryptology ePrint Archive, Report 2007/218 (2007).

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  1. 1.Royal Institute of TechnologyStockholmSweden
  2. 2.Lund UniversityLundSweden

Personalised recommendations