CBEAM: Efficient Authenticated Encryption from Feebly One-Way ϕ Functions

We show how efficient and secure cryptographic mixing functions can be constructed from low-degree rotation-invariant ϕ functions rather than conventional S-Boxes. These novel functions have surprising properties; many exhibit inherent feeble (Boolean circuit) one-wayness and offer speed/area tradeoffs unobtainable with traditional constructs. Recent theoretical results indicate that even if the inverse is not explicitly computed in an implementation, its degree plays a fundamental role to the security of the iterated composition. To illustrate these properties, we present CBEAM, a Cryptographic Sponge Permutation based on a single 5 ×1-bit Boolean function. This simple nonlinear function is used to construct a 16-bit rotation-invariant ϕ function of Degree 4 (but with a very complex Degree 11 inverse), which in turn is expanded into an efficient 256-bit mixing function. In addition to flexible tradeoffs in hardware we show that efficient implementation strategies exist for software platforms ranging from low-end microcontrollers to the very latest x86-64 AVX2 instruction set. A rotational bit-sliced software implementation offers not only comparable speeds to AES but also increased security against cache side channel attacks. Our construction supports Sponge-based Authenticated Encryption, Hashing, and PRF/PRNG modes and is highly useful as a compact “all-in-one” primitive for pervasive security.

[1]  Benedikt Heinz,et al.  A Cache Timing Attack on AES in Virtualization Environments , 2012, Financial Cryptography.

[2]  Markku-Juhani O. Saarinen Beyond Modes: Building a Secure Record Protocol from a Cryptographic Sponge Permutation , 2014, CT-RSA.

[3]  Jason Smith,et al.  The SIMON and SPECK Families of Lightweight Block Ciphers , 2013, IACR Cryptol. ePrint Arch..

[4]  G. V. Assche,et al.  Permutation-based encryption , authentication and authenticated encryption , 2012 .

[5]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[6]  Yvo Desmedt,et al.  Advances in Cryptology — CRYPTO ’94 , 2001, Lecture Notes in Computer Science.

[7]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[8]  Guido Bertoni,et al.  Duplexing the sponge: single-pass authenticated encryption and other applications , 2011, IACR Cryptol. ePrint Arch..

[9]  Alex Biryukov,et al.  Advanced Slide Attacks , 2000, EUROCRYPT.

[10]  Kevin Marquet,et al.  Survey and benchmark of lightweight block ciphers for wireless sensor networks , 2013, 2013 International Conference on Security and Cryptography (SECRYPT).

[11]  G. V. Assche,et al.  On the security of the keyed sponge construction , 2011 .

[12]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[13]  Markku-Juhani O. Saarinen Related-Key Attacks Against Full Hummingbird-2 , 2013, FSE.

[14]  Ivica Nikolic,et al.  Rotational Cryptanalysis of ARX , 2010, FSE.

[15]  Alain P. Hiltgen,et al.  Towards a Better Understanding of One-Wayness: Facing Linear Permutations , 1998, EUROCRYPT.

[16]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[17]  Masayuki Abe Topics in Cryptology - CT-RSA 2007, The Cryptographers' Track at the RSA Conference 2007, San Francisco, CA, USA, February 5-9, 2007, Proceedings , 2006, CT-RSA.

[18]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[19]  Guido Bertoni,et al.  On the Indifferentiability of the Sponge Construction , 2008, EUROCRYPT.

[20]  Guido Bertoni,et al.  Sponge-Based Pseudo-Random Number Generators , 2010, CHES.

[21]  Markku-Juhani O. Saarinen Chosen-IV Statistical Attacks on eStream Ciphers , 2006, SECRYPT.

[22]  Markku-Juhani O. Saarinen Chosen-IV Statistical Attacks on eSTREAM Stream Ciphers , 2006 .

[23]  Joan Daemen,et al.  Cipher and hash function design strategies based on linear and differential cryptanalysis , 1995 .

[24]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[25]  Anne Canteaut,et al.  On the Influence of the Algebraic Degree of $F^{-1}$ on the Algebraic Degree of $G \circ F$ , 2013, IEEE Transactions on Information Theory.

[26]  Eli Biham,et al.  A Fast New DES Implementation in Software , 1997, FSE.

[27]  G. V. Assche,et al.  Sponge Functions , 2007 .

[28]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[29]  Elaine B. Barker,et al.  Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher , 2004 .

[30]  Stefan Mangard,et al.  Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010. Proceedings , 2010, CHES.

[31]  Mitsuru Matsui,et al.  The First Experimental Cryptanalysis of the Data Encryption Standard , 1994, CRYPTO.

[32]  Kaisa Nyberg,et al.  Advances in Cryptology — EUROCRYPT'98 , 1998 .

[33]  Guido Bertoni,et al.  Sakura: A Flexible Coding for Tree Hashing , 2014, ACNS.

[34]  Adi Shamir,et al.  New Attacks on Keccak-224 and Keccak-256 , 2012, FSE.

[35]  Eli Biham,et al.  Differential Cryptanalysis of the Data Encryption Standard , 1993, Springer New York.

[36]  Nigel P. Smart,et al.  Advances in Cryptology - EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings , 2008, EUROCRYPT.

[37]  Onur Aciiçmez,et al.  Cache Based Remote Timing Attack on the AES , 2007, CT-RSA.

[38]  Alex Biryukov,et al.  Slide Attacks , 1999, FSE.