Abstract
Designing block ciphers targeting resource constrained 8-bit CPUs is a challenging problem. There are many recent lightweight ciphers designed for better performance in hardware. On the other hand, most software efficient lightweight ciphers either lack a security proof or have a low security margin. To fill the gap, we present RoadRunneR which is an efficient block cipher in 8-bit software, and its security is provable against differential and linear attacks. RoadRunneR has lowest code size in Atmel’s ATtiny45, except NSA’s design SPECK, which has no security proof. Moreover, we propose a new metric for the fair comparison of block ciphers. This metric, called ST/A, is the first metric to use key length as a parameter to rank ciphers of different key length in a fair way. By using ST/A and other metrics in the literature, we show that RoadRunneR is competitive among existing ciphers on ATtiny45.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
ATtiny45. http://www.atmel.com/devices/attiny45.aspx. Accessed 18 June 2015
Abed, F., List, E., Lucks, S., Wenzel, J.: Differential and linear cryptanalysis of reduced-round simon. Technical report, Citeseer (2013)
Albrecht, M.R., Driessen, B., Kavun, E.B., Leander, G., Paar, C., Yalçın, T.: Block ciphers – focus on the linear layer (feat. PRIDE). In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 57–76. Springer, Heidelberg (2014)
Badel, S., Dağtekin, N., Nakahara Jr., J., Ouafi, K., Reffé, N., Sepehrdad, P., Sušil, P., Vaudenay, S.: ARMADILLO: a multi-purpose cryptographic primitive dedicated to hardware. In: Mangard and Standaert [36], pp. 398–412
Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The simon and speck families of lightweight block ciphers. Cryptology ePrint Archive, Report 2013/404. http://eprint.iacr.org/
Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991)
Biryukov, A.: Impossible differential attack. In: van Tilborg, H.C.A. (ed.) Encyclopedia of Cryptography and Security. Springer, USA (2005)
Biryukov, A., Wagner, D.: Slide attacks. In: Knudsen [30], pp. 245–259
Blondeau, C., Nyberg, K.: Links between truncated differential and multidimensional linear properties of block ciphers and underlying attack complexities. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 165–182. Springer, Heidelberg (2014)
Bogdanov, A.A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: An ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)
Bogdanov, A., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y.: Hash functions and RFID tags: mind the gap. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 283–299. Springer, Heidelberg (2008)
Borghoff, J., et al.: PRINCE – a low-latency block cipher for pervasive computing applications. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 208–225. Springer, Heidelberg (2012)
Cho, J.Y., Hermelin, M., Nyberg, K.: A new technique for multidimensional linear cryptanalysis with applications on reduced round serpent. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 383–398. Springer, Heidelberg (2009)
Daemen, J., Knudsen, L.R., Rijmen, V.: The block cipher SQUARE. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997)
Daemen, J., Peeters, M., Van Assche, G.: Bitslice ciphers and power analysis attacks. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 134–149. Springer, Heidelberg (2001)
Daemen, J., Peeters, M., Van Assche, G., Rijmen, V.: Nessie proposal: Noekeon (2000)
Daemen, J., Rijmen, V.: The wide trail design strategy. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 222–238. Springer, Heidelberg (2001)
Demirci, H., Selçuk, A.A.: A meet-in-the-middle attack on 8-round AES. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 116–126. Springer, Heidelberg (2008)
Derbez, P., Fouque, P.-A.: Exhausting demirci-selçuk meet-in-the-middle attacks against reduced-round AES. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 541–560. Springer, Heidelberg (2014)
Dinu, D., Corre, Y.L., Khovratovich, D., Perrin, L., Großschädl, J., Biryukov, A.: Triathlon of lightweight block ciphers for the internet of things. IACR Cryptology ePrint Archive, 2015:209 (2015)
Dinur, I.: Improved differential cryptanalysis of round-reduced speck. Cryptology ePrint Archive, Report 2014/320 (2014). http://eprint.iacr.org/
Dunkelman, O., Keller, N., Shamir, A.: Improved single-key attacks on 8-round AES-192 and AES-256. J. Cryptology 28(3), 397–422 (2015)
Eisenbarth, T., et al.: Compact implementation and performance evaluation of block ciphers in ATtiny devices. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 172–187. Springer, Heidelberg (2012)
Engels, S., Kavun, E.B., Paar, C., Yalçin, T., Mihajloska, H.: A non-linear/linear instruction set extension for lightweightciphers. In: Nannarelli, A., Seidel, P.-M., Tang, P.T.P. (eds.) 21st IEEE Symposium on Computer Arithmetic, ARITH 2013, Austin, TX, USA, 7–10 April 2013, p. 67–75. IEEE ComputerSociety (2013)
Grosso, V., Leurent, G., Standaert, F.-X., Varıcı, K.: LS-designs: bitslice encryption for efficient masked software implementations. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 18–37. Springer, Heidelberg (2015)
Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.J.B.: The LED block cipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 326–341. Springer, Heidelberg (2011)
Jean, J., Nikolic, I., Peyrin, T., Wang, L., Wu, S.: Security analysis of prince. Cryptology ePrint Archive, Report 2015/372 (2015). http://eprint.iacr.org/
Karakoç, F., Demirci, H., Karakoç, A.E.: ITUbee: a software oriented lightweight block cipher. In: Avoine, G., Kara, O. (eds.) LightSec 2013. LNCS, vol. 8162, pp. 16–27. Springer, Heidelberg (2013)
Khoo, K., Peyrin, T., Poschmann, A., Yap, H.: FOAM: searching for hardware-optimal SPN structures and components with a fair comparison. IACR Cryptology ePrint Archive, 2014:530 (2014)
Knudsen, L.R. (ed.): FSE 1999. LNCS, vol. 1636. Springer, Heidelberg (1999)
Knudsen, L.R.: The security of feistel ciphers with six rounds or less. J. Cryptology 15(3), 207–222 (2002)
Knudsen, L.R., Leander, G., Poschmann, A., Robshaw, M.J.B.: PRINTcipher: a block cipher for IC-printing. In: Mangard and Standaert [36], pp. 16–32
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Lai, X.: Higher order derivatives and differential cryptanalysis. In: Blahut, R.E., Costello Jr., D.J., Maurer, U., Mittelholzer, T. (eds.) Communications and Cryptography. The Springer International Series in Engineering and Computer Science, vol. 276, pp. 227–233. Springer, US (1994)
Langford, S.K., Hellman, M.E.: Differential-linear cryptanalysis. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 17–25. Springer, Heidelberg (1994)
Mangard, S., Standaert, F.-X. (eds.): CHES 2010. LNCS, vol. 6225. Springer, Heidelberg (2010)
Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)
Mourouzis, T., Song, G., Courtois, N., Christofii, M.: Advanced differential cryptanalysis of reduced-round simon64/128 using large-round statistical distinguishers. Cryptology ePrint Archive, Report 2015/481 (2015). http://eprint.iacr.org/
Saarinen, M.-J.O., Engels, D.W.: A do-it-all-cipher for RFID: design requirements (extendedabstract).IACR Cryptology ePrint Archive, 2012:317 (2012)
Soleimany, H.: Self-similarity cryptanalysis of the block cipher itubee. IET Inf. Secur. 9(3), 179–184 (2014)
Standaert, F.-X., Piret, G., Gershenfeld, N., Quisquater, J.-J.: SEA: a scalable encryption algorithm for small embedded applications. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 222–236. Springer, Heidelberg (2006)
Ullrich, M., De Canniere, C., Indesteege, S., Küçük, Ö., Mouha, N., Preneel, B.: Finding optimal bitsliced implementations of 4\(\times \) 4-bit s-boxes. In: SKEW Symmetric Key Encryption Workshop, Copenhagen, Denmark, pp. 16–17 (2011)
Wagner, D.: The boomerang attack. In: Knudsen [30], pp. 156–170
Wheeler, D.J., Needham, R.M.: TEA, a tiny encryption algorithm. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008. Springer, Heidelberg (1995)
Wu, W., Zhang, L.: LBlock: a lightweight block cipher. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 327–344. Springer, Heidelberg (2011)
Yang, Q., Hu, L., Sun, S., Qiao, K., Song, L., Shan, J., Ma, X.: Improved differential analysis of block cipher PRIDE. In: Lopez, J., Wu, Y. (eds.) ISPEC 2015. LNCS, vol. 9065, pp. 209–219. Springer, Heidelberg (2015)
Zhang, W., Bao, Z., Lin, D., Rijmen, V., Yang, B., Verbauwhede, I.: RECTANGLE: A bit-slice ultra-lightweight block cipher suitable for multiple platforms. IACR Cryptology ePrint Archive, 2014:84 (2014)
Zhu, B., Gong, G.: Multidimensional meet-in-the-middle attack and its applications to KATAN32/48/64. Crypt. Commun. 6(4), 313–333 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Test Vectors for 80-Bit Key Length
Plaintext | Key | Ciphertext |
---|---|---|
\(\mathtt {0000\_0000\_0000\_0000}\) | \(\mathtt {0000\_0000\_0000\_0000\_0000}\) | \(\mathtt {7F0B\_3486\_640D\_2F5E}\) |
\(\mathtt {0000\_0000\_0000\_0002}\) | \(\mathtt {8000\_0000\_0000\_0000}\) | \(\mathtt {4FA2\_5EF2\_64CE\_C6E4}\) |
\(\mathtt {FEDC\_BA98\_7654\_3210}\) | \(\mathtt {0123\_4567\_89AB\_CDEF\_0123}\) | \(\mathtt {328C\_798A\_0EB2\_5A3B}\) |
B Test Vectors for 128-Bit Key Length
Plaintext | Key | Ciphertext |
---|---|---|
\(\mathtt {0000\_0000\_0000\_0000}\) | \(\mathtt {0000\_0000\_0000\_0000}\) | \(\mathtt {3B07\_DE72\_9642\_54AC}\) |
\(\mathtt {0000\_0000\_0000\_0000}\) | ||
\(\mathtt {0000\_0000\_0000\_0002}\) | \(\mathtt {8000\_0000\_0000\_0000}\) | \(\mathtt {C168\_C69A\_C195\_845E}\) |
\(\mathtt {0000\_0000\_0000\_0000}\) | ||
\(\mathtt {FEDC\_BA98\_7654\_3210}\) | \(\mathtt {0123\_4567\_89AB\_CDEF}\) | \(\mathtt {D9DF\_068F\_5993\_8882}\) |
\(\mathtt {0123\_4567\_89AB\_CDEF}\) |
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Baysal, A., Şahin, S. (2016). RoadRunneR: A Small and Fast Bitslice Block Cipher for Low Cost 8-Bit Processors. In: Güneysu, T., Leander, G., Moradi, A. (eds) Lightweight Cryptography for Security and Privacy. LightSec 2015. Lecture Notes in Computer Science(), vol 9542. Springer, Cham. https://doi.org/10.1007/978-3-319-29078-2_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-29078-2_4
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-29077-5
Online ISBN: 978-3-319-29078-2
eBook Packages: Computer ScienceComputer Science (R0)