Results 1  10
of
51
PRESENT: An UltraLightweight Block Cipher
 THE PROCEEDINGS OF CHES 2007
, 2007
"... With the establishment of the AES the need for new block ciphers has been greatly diminished; for almost all block cipher applications the AES is an excellent and preferred choice. However, despite recent implementation advances, the AES is not suitable for extremely constrained environments such ..."
Abstract

Cited by 164 (18 self)
 Add to MetaCart
(Show Context)
With the establishment of the AES the need for new block ciphers has been greatly diminished; for almost all block cipher applications the AES is an excellent and preferred choice. However, despite recent implementation advances, the AES is not suitable for extremely constrained environments such as RFID tags and sensor networks. In this paper we describe an ultralightweight block cipher, present. Both security and hardware efficiency have been equally important during the design of the cipher and at 1570 GE, the hardware requirements for present are competitive with today’s leading compact stream ciphers.
Survey and Benchmark of Block Ciphers for Wireless Sensor Networks
 ACM Transactions on Sensor Networks
, 2004
"... Choosing the most storage and energye#cient block cipher specifically for wireless sensor networks (WSNs) is not as straightforward as it seems. To our knowledge so far, there is no systematic evaluation framework for the purpose. In this paper, we have identified the candidates of block ciphe ..."
Abstract

Cited by 86 (1 self)
 Add to MetaCart
(Show Context)
Choosing the most storage and energye#cient block cipher specifically for wireless sensor networks (WSNs) is not as straightforward as it seems. To our knowledge so far, there is no systematic evaluation framework for the purpose. In this paper, we have identified the candidates of block ciphers suitable for WSNs based on existing literature.
KLEIN: A New Family of Lightweight Block Ciphers
"... Resourceefficient cryptographic primitives become fundamental for realizing both security and efficiency in embedded systems like RFID tags and sensor nodes. Among those primitives, lightweight block cipher plays a major role as a building block for security protocols. In this paper, we describe a ..."
Abstract

Cited by 50 (4 self)
 Add to MetaCart
(Show Context)
Resourceefficient cryptographic primitives become fundamental for realizing both security and efficiency in embedded systems like RFID tags and sensor nodes. Among those primitives, lightweight block cipher plays a major role as a building block for security protocols. In this paper, we describe a new family of lightweight block ciphers named KLEIN, which is designed for resourceconstrained devices such as wireless sensors and RFID tags. Compared to the related proposals, KLEIN has advantage in the software performance on legacy sensor platforms, while its hardware implementation can be compact as well.
LBlock: a lightweight block cipher
 IN: APPLIED CRYPTOGRAPHY AND NETWORK SECURITY
, 2011
"... In this paper, we propose a new lightweight block cipher called LBlock. Similar to many other lightweight block ciphers, the block size of LBlock is 64bit and the key size is 80bit. Our security evaluation shows that LBlock can achieve enough security margin against known attacks, such as differ ..."
Abstract

Cited by 31 (2 self)
 Add to MetaCart
(Show Context)
In this paper, we propose a new lightweight block cipher called LBlock. Similar to many other lightweight block ciphers, the block size of LBlock is 64bit and the key size is 80bit. Our security evaluation shows that LBlock can achieve enough security margin against known attacks, such as differential cryptanalysis, linear cryptanalysis, impossible differential cryptanalysis and relatedkey attacks etc. Furthermore, LBlock can be implemented efficiently not only in hardware environments but also in software platforms such as 8bit microcontroller. Our hardware implementation of LBlock requires about 1320 GE on 0.18 µm technology with a throughput of 200 Kbps at 100 KHz. The software implementation of LBlock on 8bit microcontroller requires about 3955
A.: ZeroSum Distinguishers for Iterated Permutations and Application to Keccakf and Hamsi256
 Selected Areas in Cryptography. Lecture Notes in Computer Science
, 2010
"... Abstract. The zerosum distinguishers introduced by Aumasson and Meier are investigated. First, the minimal size of a zerosum is established. Then, we analyze the impacts of the linear and the nonlinear layers in an iterated permutation on the construction of zerosum partitions. Finally, these tec ..."
Abstract

Cited by 22 (4 self)
 Add to MetaCart
(Show Context)
Abstract. The zerosum distinguishers introduced by Aumasson and Meier are investigated. First, the minimal size of a zerosum is established. Then, we analyze the impacts of the linear and the nonlinear layers in an iterated permutation on the construction of zerosum partitions. Finally, these techniques are applied to the Keccakf permutation and to Hamsi256. We exhibit several zerosum partitions for 20 rounds (out of 24) of Keccakf and some zerosum partitions of size 2 19 and 2 10 for the finalization permutation in Hamsi256.
Attacking ReducedRound Versions of the SMS4 Block Cipher in the Chinese WAPI Standard
, 2007
"... SMS4 is a 32round block cipher with a 128bit block size and a 128bit user key. It is used in WAPI, the Chinese WLAN national standard. In this paper, we present a rectangle attack on 14round SMS4, and an impossible differential attack on 16round SMS4. These are better than any previously know ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
(Show Context)
SMS4 is a 32round block cipher with a 128bit block size and a 128bit user key. It is used in WAPI, the Chinese WLAN national standard. In this paper, we present a rectangle attack on 14round SMS4, and an impossible differential attack on 16round SMS4. These are better than any previously known cryptanalytic results on SMS4 in terms of the numbers of attacked rounds.
Extended Generalized Feistel Networks using Matrix Representation?
"... Abstract. While Generalized Feistel Networks have been widely studied in the literature as a building block of a block cipher, we propose in this paper a unified vision to easily represent them through a matrix representation. We then propose a new class of such schemes called Extended Generalized ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
(Show Context)
Abstract. While Generalized Feistel Networks have been widely studied in the literature as a building block of a block cipher, we propose in this paper a unified vision to easily represent them through a matrix representation. We then propose a new class of such schemes called Extended Generalized Feistel Networks well suited for cryptographic applications. We instantiate those proposals into two particular constructions and we finally analyze their security.
RECTANGLE: A Bitslice UltraLightweight Block Cipher Suitable for Multiple Platforms
"... Abstract. In this paper, we propose a new lightweight block cipher named RECTANGLE. The main idea of the design of RECTANGLE is to allow lightweight and fast implementations using bitslice techniques. RECTANGLE uses an SPnetwork. The substitution layer consists of 16 4 × 4 Sboxes in parallel. The ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper, we propose a new lightweight block cipher named RECTANGLE. The main idea of the design of RECTANGLE is to allow lightweight and fast implementations using bitslice techniques. RECTANGLE uses an SPnetwork. The substitution layer consists of 16 4 × 4 Sboxes in parallel. The permutation layer is composed of 3 rotations. As shown in this paper, RECTANGLE offers great performance in both hardware and software environment, which proves enough flexibility for different application scenario. The following are 3 main advantages of RECTANGLE. First, RECTANGLE is extremely hardwarefriendly. For the 80bit key version, a onecycleperround parallel implementation only needs 1467 gates for a throughput of 246 Kbits/sec at 100KHz clock and an energy efficiency of 1.11 pJ/bit. Second, RECTANGLE achieves a very competitive software speed among the existing lightweight block ciphers due to its bitslice style. Using 128bit SSE instructions, a bitslice implementation of RECTANGLE reaches an average encryption speed of about 5.38 cycles/byte for messages around 1000 bytes. Last but not least. We propose new design criteria for 4×4 Sboxes. RECTANGLE uses such a new type of Sbox. Due to our careful selection of the Sbox and the asymmetric design of the permutation layer, RECTANGLE achieves a very good securityperformance tradeoff. Our extensive and deep security analysis finds distinguishers for up to 14 rounds only, and the highest number of rounds that we can attack, is 18 (out of 25).
New Directions in Cryptanalysis of SelfSynchronizing Stream Ciphers
 INDOCRYPT'08
, 2008
"... In cryptology we commonly face the problem of finding an unknown key K from the output of an easily computable keyed function F (C, K) where the attacker has the power to choose the public variable C. In this work we focus on selfsynchronizing stream ciphers. First we show how to model these primit ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
In cryptology we commonly face the problem of finding an unknown key K from the output of an easily computable keyed function F (C, K) where the attacker has the power to choose the public variable C. In this work we focus on selfsynchronizing stream ciphers. First we show how to model these primitives in the abovementioned general problem by relating appropriate functions F to the underlying ciphers. Then we apply the recently proposed framework presented at AfricaCrypt’08 by Fischer et. al. for dealing with this kind of problems to the proposed Tfunction based selfsynchronizing stream cipher by Klimov and Shamir at FSE’05 and show how to deduce some nontrivial information about the key. We also open a new window for answering a crucial question raised by Fischer et. al. regarding the problem of finding weak IV bits which is essential for their attack.
On the design of errorcorrecting ciphers
 EURASIP Journal onWireless Communications and Networking
, 2006
"... Securing transmission over a wireless network is especially challenging, not only because of the inherently insecure nature of the medium, but also because of the highly errorprone nature of the wireless environment. In this paper, we take a joint encryptionerror correction approach to ensure secur ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
Securing transmission over a wireless network is especially challenging, not only because of the inherently insecure nature of the medium, but also because of the highly errorprone nature of the wireless environment. In this paper, we take a joint encryptionerror correction approach to ensure secure and robust communication over the wireless link. In particular, we design an errorcorrecting cipher (called the high diffusion cipher) and prove bounds on its errorcorrecting capacity as well as its security. Towards this end, we propose a new class of errorcorrecting codes (HDcodes) with builtin security features that we use in the diffusion layer of the proposed cipher. We construct an example, 128bit cipher using the HDcodes, and compare it experimentally with two traditional concatenated systems: (a) AES (Rijndael) followed by ReedSolomon codes, (b) Rijndael followed by convolutional codes. We show that the HDcipher is as resistant to linear and differential cryptanalysis as the Rijndael. We also show that any chosen plaintext attack that can be performed on the HD cipher can be transformed into a chosen plaintext attack on the Rijndael cipher. In terms of error correction capacity, the traditional systems using ReedSolomon codes are comparable to the proposed joint errorcorrecting cipher and those that use convolutional codes require 10 % more data expansion in order to achieve similar error correction as the HDcipher. The original contributions of this work are (1) design of a new joint errorcorrectionencryption system, (2) design of a new class of algebraic codes with builtin security criteria, called the high diffusion codes (HDcodes) for use in the HDcipher, (3) mathematical properties of these codes, (4) methods for construction of the codes, (5) bounds on the errorcorrecting capacity of the HDcipher, (6) mathematical derivation of the bound on resistance of HD cipher to linear and