Advertisement

CBEAM: Efficient Authenticated Encryption from Feebly One-Way ϕ Functions

  • Markku-Juhani O. Saarinen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8366)

Abstract

We show how efficient and secure cryptographic mixing functions can be constructed from low-degree rotation-invariant ϕ functions rather than conventional S-Boxes. These novel functions have surprising properties; many exhibit inherent feeble (Boolean circuit) one-wayness and offer speed/area tradeoffs unobtainable with traditional constructs. Recent theoretical results indicate that even if the inverse is not explicitly computed in an implementation, its degree plays a fundamental role to the security of the iterated composition. To illustrate these properties, we present CBEAM, a Cryptographic Sponge Permutation based on a single 5 ×1-bit Boolean function. This simple nonlinear function is used to construct a 16-bit rotation-invariant ϕ function of Degree 4 (but with a very complex Degree 11 inverse), which in turn is expanded into an efficient 256-bit mixing function. In addition to flexible tradeoffs in hardware we show that efficient implementation strategies exist for software platforms ranging from low-end microcontrollers to the very latest x86-64 AVX2 instruction set. A rotational bit-sliced software implementation offers not only comparable speeds to AES but also increased security against cache side channel attacks. Our construction supports Sponge-based Authenticated Encryption, Hashing, and PRF/PRNG modes and is highly useful as a compact “all-in-one” primitive for pervasive security.

Keywords

CBEAM Authenticated Encryption Cryptographic Sponge Functions Trapdoor ϕ functions Lightweight Cryptography 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: The Keccak reference, version 3.0. NIST SHA3 Submission Document (January 2011)Google Scholar
  2. 2.
    NIST: NIST selects winner of secure hash algorithm (SHA-3) competition. NIST Tech Beat Newsletter (October 2, 2012)Google Scholar
  3. 3.
    Daemen, J.: Cipher and Hash Function Design Strategies based on linear and differential cryptanalysis. PhD thesis, K.U. Leuven (March 1995)Google Scholar
  4. 4.
    Dinur, I., Dunkelman, O., Shamir, A.: New attacks on keccak-224 and keccak-256. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 442–461. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  5. 5.
    Boura, C., Canteaut, A.: On the influence of the algebraic degree of F− 1 on the algebraic degree of G ∘ F. IEEE Transactions on Information Theory 59(1) (January 2013)Google Scholar
  6. 6.
    Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: Sponge functions. In: Ecrypt Hash Workshop (May 2007)Google Scholar
  7. 7.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the indifferentiability of the sponge construction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 181–197. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  8. 8.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sponge-based pseudo-random number generators. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 33–47. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. 9.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the sponge: Single-pass authenticated encryption and other applications. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 320–337. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  10. 10.
    Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: Cryptographic sponge functions, version 0.1. STMicroelectronics and NXP Semiconductors (January 2011), http://sponge.noekeon.org/
  11. 11.
    Saarinen, M.J.O.: Related-key attacks against full Hummingbird-2. In: FSE 2013: 20th International Workshop on Fast Software Encryption, Singapore, March 11-13 (to appear, 2013)Google Scholar
  12. 12.
    Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK families of lightweight block ciphers. IACR ePrint 2013/404 (June 2013), http://eprint.iacr.org/2013/404
  13. 13.
    Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer (1993)Google Scholar
  14. 14.
    Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  15. 15.
    Matsui, M.: The first experimental cryptanalysis of the data encryption standard. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 1–11. Springer, Heidelberg (1994)Google Scholar
  16. 16.
    Khovratovich, D., Nikolić, I.: Rotational cryptanalysis of ARX. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 333–346. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  17. 17.
    Biham, E.: A fast new DES implementation in software. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 260–272. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  18. 18.
    Bernstein, D.J.: Cache-timing attacks on AES. Technical report, University of Chigaco (2005)Google Scholar
  19. 19.
    Acıiçmez, O., Schindler, W., Koç, Ç.K.: Cache based remote timing attack on the AES. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 271–286. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  20. 20.
    Weiß, M., Heinz, B., Stumpf, F.: A cache timing attack on AES in virtualization environments. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 314–328. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  21. 21.
    Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: On the security of the keyed sponge construction. In: SKEW 2011 Symmetric Key Encryption Workshop (February 2011)Google Scholar
  22. 22.
    Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: Sakura: a flexible coding for tree hashing. IACR ePrint 2013/213 (April 2013), http://eprint.iacr.org/2013/213
  23. 23.
    Saarinen, M.-J.O.: Beyond modes: Building a secure record protocol from a cryptographic sponge permutation. In: Benaloh, J. (ed.) CT-RSA 2014. LNCS, vol. 8366, Springer, Heidelberg (2014)Google Scholar
  24. 24.
    NIST: Recommendation for the Triple Data Encryption Algorithm (TDEA) block cipher, revision 1. NIST Special Publication 800-67 (January 2012)Google Scholar
  25. 25.
    Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: Permutation-based encryption, authentication and authenticated encryption. In: DIAC 2012 (2012), http://keccak.noekeon.org/KeccakDIAC2012.pdf
  26. 26.
    Biryukov, A., Wagner, D.: Slide attacks. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 245–259. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  27. 27.
    Biryukov, A., Wagner, D.: Advanced slide attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 589–606. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  28. 28.
    Hiltgen, A.P.: Towards a better understanding of one-wayness: Facing linear permutations. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 319–333. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  29. 29.
    Saarinen, M.-J.O.: Chosen-IV statistical attacks against eSTREAM ciphers. In: Proc. SECRYPT 2006, International Conference on Security and Cryptography, Setubal, Portugal, August 7-10 (2006)Google Scholar
  30. 30.
    Saarinen, M.J.O.: Developing a grey hat C2 and RAT for APT security training and assessment. In: GreHack 2013 Hacking Conference, Grenoble, France, November 15 (to appear, 2013)Google Scholar
  31. 31.
    Cazorla, M., Marquet, K., Minier, M.: Survey and benchmark of lightweight block ciphers for wireless sensor networks. In: SECRYPT 2013 (May 2013), http://eprint.iacr.org/2013/295
  32. 32.
    IAIK: AES for Texas Instruments MSP430 microcontrollers. Technical report, IAIK SIC T. U. Graz, http://jce.iaik.tugraz.at/sic/Products/Crypto_Software_for_Microcontrollers
  33. 33.
    TI: AES128 - A C implementation for encryption and decryption. Technical Report SLAA397A, Texas Instruments (July 2009), http://www.ti.com/lit/an/slaa397a/slaa397a.pdf

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Markku-Juhani O. Saarinen
    • 1
  1. 1.Kudelski SecuritySwitzerland

Personalised recommendations