COZMO - A New Lightweight Stream Cipher

Similar documents
Cryptography for Resource Constrained Devices: A Survey

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

Trivium. 2 Specifications

Improved Multi-Dimensional Meet-in-the-Middle Cryptanalysis of KATAN

DESIGNING OF STREAM CIPHER ARCHITECTURE USING THE CELLULAR AUTOMATA

Grain - A Stream Cipher for Constrained Environments

Two Attacks Against the HBB Stream Cipher

Chosen Ciphertext Attack on SSS

A Real-World Attack Breaking A5/1 within Hours

Improved Truncated Differential Attacks on SAFER

Improving the Diffusion of the Stream Cipher Salsa20 by Employing a Chaotic Logistic Map

Journal of Global Research in Computer Science A UNIFIED BLOCK AND STREAM CIPHER BASED FILE ENCRYPTION

Cryptanalysis of KeeLoq with COPACOBANA

A New Attack on the LEX Stream Cipher

Improved Multi-Dimensional Meet-in-the-Middle Cryptanalysis of KATAN

The RAKAPOSHI Stream Cipher

A New Architecture of High Performance WG Stream Cipher

A New Attack on the LEX Stream Cipher

International Journal for Research in Applied Science & Engineering Technology (IJRASET) Performance Comparison of Cryptanalysis Techniques over DES

A New Version of Grain-128 with Authentication

Dynamic Stream Ciphering Algorithm

On the Security of Stream Cipher CryptMT v3

An Introduction to new Stream Cipher Designs

Journal of Discrete Mathematical Sciences & Cryptography Vol. ( ), No., pp. 1 10

Linear Cryptanalysis of Reduced Round Serpent

Differential Fault Analysis of Trivium

New Time-Memory-Data Trade-Off Attack on the Estream Finalists and Modes of Operation of Block Ciphers

Chosen-Ciphertext Attacks against MOSQUITO

A Related-Key Attack on TREYFER

A Meet-in-the-Middle Attack on 8-Round AES

A SIMPLE 1-BYTE 1-CLOCK RC4 DESIGN AND ITS EFFICIENT IMPLEMENTATION IN FPGA COPROCESSOR FOR SECURED ETHERNET COMMUNICATION

Some Thoughts on Time-Memory-Data Tradeoffs

NON LINEAR FEEDBACK STREAM CIPHER

A 3-Subset Meet-in-the-Middle Attack: Cryptanalysis of the Lightweight Block Cipher KTANTAN

A New Technique for Sub-Key Generation in Block Ciphers

Differential-Linear Cryptanalysis of Serpent

Hardware evaluation of estream Candidates: Grain, Lex, Mickey128, Salsa20 and Trivium

FPGA Implementation of WG Stream Cipher

DFA on AES. Christophe Giraud. Oberthur Card Systems, 25, rue Auguste Blanche, Puteaux, France.

A Chosen-key Distinguishing Attack on Phelix

A Related Key Attack on the Feistel Type Block Ciphers

Related-key Attacks on Triple-DES and DESX Variants

Integral Cryptanalysis of the BSPN Block Cipher

On the Design of Secure Block Ciphers

Designing a New Lightweight Image Encryption and Decryption to Strengthen Security

Stream Ciphers An Overview

City, University of London Institutional Repository

CUBE-TYPE ALGEBRAIC ATTACKS ON WIRELESS ENCRYPTION PROTOCOLS

Design and Simulation of New One Time Pad (OTP) Stream Cipher Encryption Algorithm

Weak Keys. References

Blow-CAST-Fish: A New 64-bit Block Cipher

A2U2: A Stream Cipher for Printed Electronics RFID Tags

Practical attacks on the Maelstrom-0 compression function

A Countermeasure Circuit for Secure AES Engine against Differential Power Analysis

Randomness Analysis on Speck Family Of Lightweight Block Cipher

Multi-Stage Fault Attacks

Differential Cryptanalysis of the Stream Ciphers Py, Py6 and Pypy

Cryptography Functions

High Performance Multithreaded Model for Stream Cipher

Vortex: A New Family of One-way Hash Functions Based on AES Rounds and Carry-less Multiplication

Key Recovery from State Information of Sprout: Application to Cryptanalysis and Fault Attack

EEC-484/584 Computer Networks

Enhanced 3-D PLAYFAIR Cipher

VLSI ARCHITECTURE FOR NANO WIRE BASED ADVANCED ENCRYPTION STANDARD (AES) WITH THE EFFICIENT MULTIPLICATIVE INVERSE UNIT

Technion - Computer Science Department - Technical Report CS

Treatment of the Initial Value in Time-Memory-Data Tradeoff Attacks on Stream Ciphers

An Efficient Stream Cipher Using Variable Sizes of Key-Streams

Firoz Ahmed Siddiqui 1, Ranjeet Kumar 2 1 (Department of Electronics & Telecommunication, Anjuman College of Engineering & Technology, Nagpur,

DSP-128: Stream Cipher Based On Discrete Log Problem And Polynomial Arithmetic

Secret Key Algorithms (DES)

A New ShiftColumn Transformation: An Enhancement of Rijndael Key Scheduling

Implementation Tradeoffs for Symmetric Cryptography

An Improved Cryptanalysis of Lightweight Stream Cipher Grain-v1

A Chosen-Plaintext Linear Attack on DES

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

New Results of Related-key Attacks on All Py-Family of Stream Ciphers

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

RECTIFIED DIFFERENTIAL CRYPTANALYSIS OF 16 ROUND PRESENT

AN INTEGRATED BLOCK AND STREAM CIPHER APPROACH FOR KEY ENHANCEMENT

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Block Ciphers and Data Encryption Standard. CSS Security and Cryptography

Advanced WG and MOWG Stream Cipher with Secured Initial vector

Differential Cryptanalysis of Madryga

Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34

Elastic Block Ciphers: The Feistel Cipher Case

Improved Algebraic Cryptanalysis of QUAD, Bivium and Trivium via Graph Partitioning on Equation Systems

CSCE 813 Internet Security Symmetric Cryptography

Dierential-Linear Cryptanalysis of Serpent? Haifa 32000, Israel. Haifa 32000, Israel

Differential Fault Analysis on the AES Key Schedule

A Key Management Scheme for DPA-Protected Authenticated Encryption

Keywords :Avalanche effect,hamming distance, Polynomial for S-box, Symmetric encryption,swapping words in S-box

Piret and Quisquater s DFA on AES Revisited

RC4 Stream Cipher with a Random Initial State

SIMON Says, Break the Area Records for Symmetric Key Block Ciphers on FPGAs

A New Symmetric Key Algorithm for Modern Cryptography Rupesh Kumar 1 Sanjay Patel 2 Purushottam Patel 3 Rakesh Patel 4

Analysis of Cryptography and Pseudorandom Numbers

DeKaRT: A New Paradigm for Key-Dependent Reversible Circuits

On Lightweight Stream Ciphers with Shorter Internal States

The Comparative Study of Randomness Analysis between Modified Version of LBlock Block Cipher and its Original Design

A Meet in the Middle Attack on Reduced Round Kuznyechik

Transcription:

COZMO - A New Lightweight Stream Cipher Rhea Bonnerji 0000-0002-5825-8800, Simanta Sarkar 0000-0002-4210-2764, Krishnendu Rarhi 0000-0002-5794-215X, Abhishek Bhattacharya School of Information Technology, Institute of Engineering & Management, Kolkata Abstract. This paper deals with the merger of the two lightweight stream ciphers A5/1 and Trivium. The idea is to make the key stream generation more secure and to remove the attacks of the individual algorithms. The bits generated by the Trivium cipher (output) will act as the input of the A5/1 cipher. The registers used in the A5/1 cipher will be filled by the output bits of the Trivium cipher. The three registers will then be connected to generate an output which will be our required key stream. Keywords: Lightweight stream cipher, A5/1, Trivium 1 Introduction Lightweight stream ciphers are used to reach high levels of security using only a small computing power. Stream encryption is the encryption of each letter one by one followed by the changing the encryption key after each letter. Lightweight stream ciphers have the advantage of having low cost hardware implementations as they have high throughput and low complexity. The idea is to come up with a lightweight stream cipher algorithm by modifying and merging existing cipher algorithms to make it secure to the attacks the stream ciphers were originally vulnerable to.here, we are merging and making changes in Trivium and A5/1 algorithm to build a new lightweight stream cipher COZMO. In section 1.1 and 1.2 we are explaining how Trivium and A5/1 work. In section 2, we are explaining the working of COZMO. Then in section 3, we are discussing the statistical results in detail. Section 4 contains the conclusion of the proposal. Background: 1.1 Understanding the working of Trivium: Trivium generates up to 2 64 bits of key stream from an 80 bit secret key and an 80 bit initialization vector (IV). First the internal state of the cipher is initialised using the key and the IV. Then the state is updated repeatedly to generate the key stream bits. It consists of 3 interconnected non-linear feedback shift registers. The length of the registers are 93, 84 and 111 bits, respectively.initialisation requires 1152 steps of the clocking before key stream is generated. There are XOR gates to XOR the ouputs we get from the various registers which is again fed back to the first one. The 91 and 92 bits are ANDed and used to give the feedback to the 94 th bit. The 175 and 176 bits are ANDed and used to give the feedback to the 178 th bit.

The 286 and 287 bits are ANDed and used to give feedback to the 288 th bit. And the 288 th bit is giving back the feedback to the 1 st bit. [1],[5], Mathematical structure Fig. 1. Trivium If we denote the internal state bits of the Trivium Model algorithm at time t as z(t)=(z1(t),z2(t),...,z3 n3 (t)), then the internal bits from time t to time t+ 1 can be expressed as follows z(t + 1) =A. z(t) +b(t) (1) Where A = (a ij)3 n3 x 3 n3 is the state-transition matrix of the algorithm with size 3 n3 x 3 n3 1, i =1, j= 3u 2, 3u 5, 3n 2 1, i =3n 1 +1, j= 3u 1, 3u 4 a ij = 1, i =3n 2 +1, j= 3u 3, 3u 6 (2) 1, 1<i<=3n 3, j =I - 1 0, otherwise b(t)=(b i(t))3 n3 is the nonlinear segment of the algorithm, which is treated as the vectors of bits z3 n3-2(t). z3 n3-1(t), i= 1 b i(t) = z3 n1-2(t). z3 n1-1(t), i= 3n 1 + 1 (3) z3 n2-2(t). z3 n2-1(t), i= 3n 2 + 1 0, otherwise

1.2 Understanding the working of A5/1: A5/1 uses 3 shift registers of 19, 22 and 23 bits respectively. We have a 64 bit key and we ll load it in the three registers. Then we ll do some process to generate as many bits as we want to and we ll use those bits as the key stream and XOR it with the plain text to encrypt and the cipher text to decrypt. There is a majority vote function which will take 3 bits and find the majority of them. The three shift registers are loaded with the 64 bit key. There are three special positions in the registers 8, 10 and 10 respectively. Take the majority of these three bits and check which of the registers are in majority. If register 1 is in majority then take the 13 th, 16 th, 17 th and 18 th bit and XOR them. If register 2 is in majority then XOR the bits in the 20 th and 21 st position. If register 3 is in majority then XOR the bits in the 7 th, 20 th, 21 st and 22 nd position. Only shift the XORed bits to the first position of the registers belonging in majority. The register which is not in majority will remain untouched. Then we have to XOR the bits in the last position of the registers and that is our required key stream bit. Repeating this process over and over again will give us our key stream. [2],[10] 2 Proposed Methodology Fig. 2. A5/1 The idea is to make the key stream even more secure by merging the two algorithms together. The Trivium cipher is initialised with a key and initialization vector and the A5/1 cipher is initialised with all 0 s. First we will be generating a key stream using the Trivium algorithm. The generated key stream bits will be used as the input for the A5/1 cipher. There will be a clocking of 1216 (1152+64) cycles before the key stream starts getting generated. Let the three registers be called register A, B and C respectively. First we XOR the selected position bits in all the registers. For the first register A, the selected positions are the 13 th, 16 th and 17 th and 18 th bits. For the second register B, the selected positions are the 20 th and 21 st bits. For the third register C, the selected positions are the 7 th, 20 th, 21 st and 22 nd bits. Next we check

the majority function and find the two registers that are in majority. Next,we shift the bit in the last position to the first position by using right shift by one place only for the registers in majority. Once that is done, we will use the XOR bits. If register A is in majority and B isn t then discard the XORed bit from register A. Since register C is in majority, the XORed bit of register B will replace the bit in the first position of register C. Register A which is also in majority will have its first bit replaced by the XORed bit of the register C which is XORed with the bit generated by Trivium. The final key stream is the XOR of the three bits in the last positions of the three registers. 2.1 Algorithm: Step 1: Initialise all the bits of the Trivium cipher with a key and an initialisation vector. Initialise all the bits of A5/1 cipher with 0. Step 2: Clock 1216 (1152+64) cycles before generating the first key stream. Then generate key stream using Trivium. This key stream will be used as the input bits for A5/1. Step 3: XOR the 13 th, 16 th, 17 th and 18 th bits in register A. XOR the 20 th and 21 st bits in register B. XOR the 7 th, 20 th, 21t and 22 nd bits in register C. Step 4: Check the majority function and find the resisters that are in majority Step 5: For the registers in majority, right shift the bits by one place and replace the first bit of thregister with the XORed bit (r0 byp3, r19 by p1, r41 by p2). Step 6: Discard the XORed bit for the registers not in majority. Step 7: XOR the bits in the last position the registers. Step 8: Repeat steps 4-7.

Fig. 3. COZMO 2.3 Pseudo Code: Key = (K1,..., K80) IV = (IV1,..., IV80) (s1, s2,..., s93) (K1,..., K80, 0,..., 0) (s94, s95,..., s177) (IV1,..., IV80, 0,..., 0) (s178, s279,..., s288) (0,..., 0, 1, 1, 1) Register A: Register B: Register C: Operations: (r0, r2,..., r18) (0,0,..., 0) (r19, r20,..., r40) (0,0,..., 0) (r41, r43,..., r63) (0,0,..., 0) & : bit-wise exclusive OR : bit-wise AND

Variables: z i l M N t i : the i th bit generated by trivium. : r 8 bit of register A : r 29 bit of register B : r 51 bit of register C : The keystream bit generated at the i th step. Function: maj(l, M, N) = (L&M) (M&N) (L&N) A complete description is given by the following pseudo-code: For i = 1 to N do t i r 18 r 40 r 63 p1 r 13 r 16 r 17 r 18 p2 r 39 r 40 p3 r 48 r 61 r 62 r 63 z i Ifs 8equal to maj(l, M, N) Then (r0,r1, r2,..., r18) (p3, r0,..., r17) ElseIf s29 equal to maj(l, M, N) Then (r19,r20,..., r40) (p1, r19,..., r39) ElseIfs 52equal to maj(l, M, N) Then (r41,r42,..., r63) (p2, r41,..., r62) EndIf End for 3 Results and Discussion To test the randomness property of the key bit generator following statistical tests were conducted using the NIST Statistical Test Suite.[17] Frequency Test: The test was conducted to check if the sequence is truly random. Randomness of the sequence is determined by the number of ones and zeros in the sequence, which is expected to be approximately equal for a truly random sequence. Cumulative Sums Test: The focus of this test is the maximal excursion from zeroof the cumulative sum of the partial sequences defined by the cumulative sum of adjusted (-1, +1) digits in the sequence. For a random sequence, the cumulative sum of the partial sequences should be near zero.

Approximate Entropy Test: The focus of this test is the frequency of each and every overlapping m-bit pattern. The purpose of the test is to compare the frequency of overlapping blocks of twoconsecutive/adjacent lengths (m and m+1) against the expected result for a random sequence. Linear Complexity: This test is performed to determine whether or not the sequence is complex enough to be considered random. Random sequences are characterized by a longer feedback register. Serial Test: The purpose of this test is to determine whether the number of occurrences of the 2m m-bit overlapping patterns is approximately the same as would be expected for a random sequence. Longest Runs of Ones: The purpose of this test is to determine whether the length of the longest run of ones within the tested sequence is consistent with the length of the longest run of ones that would be expected in a random sequence. Runs Test: The runs test is conducted to determine whether the number of runs of ones and zeros of various lengths is as expected for a random sequence. In particular, this test determines whether the oscillation between such substrings is too fast or too slow. From the results of the tests tabulated below we can conclude that at 1% level of significance null hypothesis is accepted since the p-values are greater than 0.01. In other words, the data has passed all the above-mentioned tests proving randomness property of the key bit generator. Statistical Test p- value /failure Frequency 0.534146 Cumulative Sums P1-0.122325 P2-0.350485 Approximate Entropy 0.004301 Linear Complexity 0.213309 Serial P1-0.004301 P2-0.017912 Longest Run of Ones 0.350485 Runs 0.911413 Table 1: The Results of Statistical Analysis for A5/1 Statistical Test p- value /failure Frequency 0.534146 Cumulative Sums P1-0.213309 P2-0.350485 Approximate Entropy 0.534146 Linear Complexity 0.035174 Serial P1-0.911413 P2-0.534146

Longest Run of Ones 0.739918 Runs 0.350485 Table 2: The Results of Statistical Analysis for Trivium Statistical Test p- value /failure Frequency 0.911413 Cumulative Sums P1-0.991468 P2-0.739918 Approximate Entropy 0.350485 Linear Complexity 0.066882 Serial P1-0.213309 P2-0.534146 Longest Run of Ones 0.534146 Runs 0.122325 Table 3: The Results of Statistical Analysis for COZMO 4 Conclusion We want to propose a new lightweight stream cipher[7] because of their higher speed, efficiency and its easy implementations on applications which require plain texts of unknown length. In this paper we merged and made some changes to the algorithms of two already existing lightweight stream ciphers Trivium and A5/1 and proposed a new lightweight stream cipher with good key randomness as key randomness is a major issue is stream ciphers. The generated key stream is more secure compared to the key streams generated by the individual ciphers. Our algorithm produces sequences which are stronger in statistical properties than the A5/1 and Trivium. The implementation of this algorithm is also very feasible and easy to put to use. 5 References 1. C. De Canni`ere and B. Preneel, Trivium A Stream Cipher Construction Inspired by Block Cipher Design Principles, 2006/021. (2006) 2. TimoGendrullis, Martin Novotny, and Andy Rupp, A Real-World Attack Breaking A5/1 within Hours /2008/147, (2008). 3. Diffie, W. y M.E.Hellman. "New directions in cryptography", IEEE Transactions on Information Theory 22 (1976), pp. 644-654. 4. Raddum, H. Cryptanalytic Results on Trivium, estream, ECRYPT Stream Cipher Project, Report 2006/039, 2006. 5. De Canniere C and Preneel B. TRIVIUM specifications. estream, ECRYPT stream cipher project. Report no. 2005/030, April 2005 6. Fischer, W., Gammel, B.M., Kniffler, O., Velten, J.: Differential power analysis of stream ciphers. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 257 270. Springer, Heidelberg (2006)

7. Lennart Diedrich, Patrick Jattke, LulzimMurati, Matthias Senker, and Alexander Wiesmaier, Comparisons of Lightweight Stream Ciphers: MICLEY 2.0, WG-8, Grain and Trivium 8. Maximov, A. and Biryukov, A. Two Trivial Attacks on Trivium, Selected Areas in Cryptography, Lecture Notes in Computer Science, Vol.4876, Springer, 2007. 9. Jia, Y., Yupu, H., Wang, F., Wang, H.: Correlation power analysis of Trivium. Secur. Commun. Netw. 5(5), 479 484 (2012) 10. Biham E and Dunkelman O. Cryptanalysis of the A5/1 GSM stream cipher. In: Roy B and Okamoto E (eds) Progress in cryptology INDOCRYPT 2000. Berlin: Springer, 2000, pp.43 51. 11. Maximov, A., T. Johansson, and S. Babbage, An Improved Correlation Attack on A5/1, in Selected Areas in Cryptography, H. Handschuh and M. Hasan, Editors. 2005, Springer Berlin / Heidelberg. p. 1-18. 12. Meier, W. and O. Staffelbach, Nonlinearity Criteria for Cryptographic Functions, in Advances in Cryptology EUROCRYPT 89, J.-J. Quisquater and J. Vandewalle, Editors. 1990, Springer Berlin / Heidelberg. p. 549-562. 13. Barkan, E., E. Biham, and N. Keller, Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication. Journal of Cryptology, 2008. 21(3): p. 392-429. 14. Gendrullis, T., M. Novotný, and A. Rupp, A RealWorld Attack Breaking A5/1 within Hours, in Cryptographic Hardware and Embedded Systems CHES 2008, E. Oswald and P. Rohatgi, Editors. 2008, Springer Berlin / Heidelberg. p. 266-282. 15. Barkan, E., E. Biham, and N. Keller, Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication, in Advances in Cryptology - CRYPTO 2003. 2003, Springer Berlin / Heidelberg. p. 600-616. 16.. J. Lano, N. Mentens, B. Preneel, and I. Verbauwhede, Power Analysis of Synchronous Stream Ciphers with Resynchronization Mechanism, in ECRYPT Workshop, SASC The State of the Art of Stream Ciphers, pp. 327 333, 2004. 17. A Statistical Test Suite for Random a nd Pseudorandom Num ber Generators for Cryptographic Applications, Pub lished by National Institute of Standards and Technology (NIST), Technology Administration, U. S. Departm ent of Commerce.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback