sLiSCP: Simeck-Based Permutations for Lightweight Sponge Cryptographic Primitives

In this paper, we propose a family of lightweight cryptographic permutations, named sLiSCP, with the sole aim to provide a realistic minimal design that suits a variety of lightweight device applications. More precisely, we argue that for such devices the area dedicated for security purposes should not only be consumed by an encryption or hashing algorithm, but also be used to provide as many cryptographic functionalities as possible. Our main contribution is the design of a lightweight permutation employing a 4-subblock Type-2 Generalized Feistel-like Structure (GFS) and round-reduced unkeyed Simeck with either 48 or 64-bit block length as the two round functions, thus resulting in two lightweight instances of the permutation, sLiSCP-192 and sLiSCP-256. We leverage the extensive security analysis on both Simeck (Simon-like functions) and Type-2 GFSs and present bounds against differential and linear cryptanalysis. Moreover, we analyze sLiSCP against a wide range of distinguishing attacks, and accordingly, claim that there exist no structural distinguishers for sLiSCP with a complexity below \(2^{b/2}\) where b is the state size. We demonstrate how sLiSCP can be used as a unified round function in the duplex sponge construction to build (authenticated) encryption and hashing functionalities. The parallel hardware implementation area of the unified duplex mode of sLiSCP-192 (resp. sLiSCP-256) in CMOS 65 nm ASIC is 2289 (resp. 3039) GEs with a throughput of 29.62 (resp. 44.44) kbps.

[1]  Guido Bertoni,et al.  On the Indifferentiability of the Sponge Construction , 2008, EUROCRYPT.

[2]  Jongsung Kim,et al.  HIGHT: A New Block Cipher Suitable for Low-Resource Device , 2006, CHES.

[3]  Stefan Lucks The Saturation Attack - A Bait for Twofish , 2000, FSE.

[4]  Guido Bertoni,et al.  Sponge-Based Pseudo-Random Number Generators , 2010, CHES.

[5]  Martin Hell,et al.  A Stream Cipher Proposal: Grain-128 , 2006, 2006 IEEE International Symposium on Information Theory.

[6]  Andrey Bogdanov,et al.  On the (In)Equivalence of Impossible Differential and Zero-Correlation Distinguishers for Feistel- and Skipjack-Type Ciphers , 2014, ACNS.

[7]  Matt Henricksen,et al.  EPCBC - A Block Cipher Suitable for Electronic Product Code Encryption , 2011, CANS.

[8]  Christophe De Cannière,et al.  KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.

[9]  Yee Wei Law,et al.  KLEIN: A New Family of Lightweight Block Ciphers , 2010, RFIDSec.

[10]  Nicky Mouha,et al.  Report on Lightweight Cryptography , 2017 .

[11]  Martin Hell,et al.  Grain-128a: a new version of Grain-128 with optional authentication , 2011, Int. J. Wirel. Mob. Comput..

[12]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[13]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[14]  Willi Meier,et al.  Quark: A Lightweight Hash , 2010, Journal of Cryptology.

[15]  Thomas Peyrin,et al.  The PHOTON Family of Lightweight Hash Functions , 2011, IACR Cryptol. ePrint Arch..

[16]  Yongqiang Li,et al.  Optimal Differential Trails in SIMON-like Ciphers , 2017, IACR Trans. Symmetric Cryptol..

[17]  Alex Biryukov,et al.  Design Strategies for ARX with Provable Bounds: Sparx and LAX , 2016, ASIACRYPT.

[18]  Tetsu Iwata,et al.  Type 1.x Generalized Feistel Structures , 2014, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[19]  Bo Zhu,et al.  The Simeck Family of Lightweight Block Ciphers , 2015, CHES.

[20]  Samuel Neves,et al.  NORX: Parallel and Scalable AEAD , 2014, ESORICS.

[21]  Kaisa Nyberg,et al.  Generalized Feistel Networks , 1996, ASIACRYPT.

[22]  Andrey Bogdanov,et al.  Integral and Multidimensional Linear Distinguishers with Correlation Zero , 2012, ASIACRYPT.

[23]  Ari Juels,et al.  Authenticating Pervasive Devices with Human Protocols , 2005, CRYPTO.

[24]  Thomas Peyrin,et al.  The SKINNY Family of Block Ciphers and its Low-Latency Variant MANTIS , 2016, IACR Cryptol. ePrint Arch..

[25]  Alex Biryukov,et al.  Differential Analysis of Block Ciphers SIMON and SPECK , 2014, FSE.

[26]  Steve Babbage,et al.  The MICKEY Stream Ciphers , 2008, The eSTREAM Finalists.

[27]  Gregor Leander,et al.  A Cryptanalysis of PRINTcipher: The Invariant Subspace Attack , 2011, CRYPTO.

[28]  Kyoji Shibutani,et al.  Generalized Feistel networks revisited , 2012, Designs, Codes and Cryptography.

[29]  Mitsuru Matsui,et al.  A New Method for Known Plaintext Attack of FEAL Cipher , 1992, EUROCRYPT.

[30]  Whitfield Diffie,et al.  Special Feature Exhaustive Cryptanalysis of the NBS Data Encryption Standard , 1977, Computer.

[31]  Kyoji Shibutani,et al.  Piccolo: An Ultra-Lightweight Blockcipher , 2011, CHES.

[32]  Frederik Armknecht,et al.  Lightweight Authentication Protocols on Ultra-Constrained RFIDs - Myths and Facts , 2014, RFIDSec.

[33]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[34]  Bart Preneel,et al.  The parazoa family: generalizing the sponge hash functions , 2012, International Journal of Information Security.

[35]  Kazuhiko Minematsu,et al.  Improving the Generalized Feistel , 2010, FSE.

[36]  G. V. Assche,et al.  On the security of the keyed sponge construction , 2011 .

[37]  Shuang Wu,et al.  LHash: A Lightweight Hash Function , 2013, Inscrypt.

[38]  Vincent Rijmen,et al.  Cryptanalysis of Reduced-Round SIMON32 and SIMON48 , 2014, INDOCRYPT.

[39]  Liam Keliher,et al.  Exact maximum expected differential and linear probability for two-round Advanced Encryption Standard , 2007, IET Inf. Secur..

[40]  Andrey Bogdanov,et al.  spongent: A Lightweight Hash Function , 2011, CHES.

[41]  Guido Bertoni,et al.  The Road from Panama to Keccak via RadioGatún , 2009, Symmetric Cryptography.

[42]  Eli Biham,et al.  Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials , 1999 .

[43]  Stefan Lucks,et al.  Differential Cryptanalysis of Round-Reduced Simon and Speck , 2014, FSE.

[44]  Roger M. Needham,et al.  TEA, a Tiny Encryption Algorithm , 1994, FSE.

[45]  Marine Minier,et al.  Analysis of Impossible, Integral and Zero-Correlation Attacks on Type-II Generalized Feistel Networks Using the Matrix Method , 2015, FSE.

[46]  Anne Canteaut,et al.  Zero-Sum Distinguishers for Iterated Permutations and Application to Keccak-f and Hamsi-256 , 2010, Selected Areas in Cryptography.

[47]  B Guido,et al.  Cryptographic sponge functions , 2011 .

[48]  Stefan Kölbl,et al.  Observations on the SIMON Block Cipher Family , 2015, CRYPTO.

[49]  Elif Bilge Kavun,et al.  A Lightweight Implementation of Keccak Hash Function for Radio-Frequency Identification Applications , 2010, RFIDSec.

[50]  Yosuke Todo,et al.  Structural Evaluation by Generalized Integral Property , 2015, EUROCRYPT.

[51]  Guang Gong,et al.  WG: A family of stream ciphers with designed randomness properties , 2008, Inf. Sci..

[52]  Christophe De Cannière,et al.  Trivium: A Stream Cipher Construction Inspired by Block Cipher Design Principles , 2006, ISC.

[53]  Alex Biryukov,et al.  Slide Attacks , 1999, FSE.

[54]  Nicky Mouha,et al.  Simpira v2: A Family of Efficient Permutations Using the AES Round Function , 2016, ASIACRYPT.

[55]  Wenling Wu,et al.  Structural Evaluation for Generalized Feistel Structures and Applications to LBlock and TWINE , 2015, INDOCRYPT.

[56]  Sondre Rønjom,et al.  Invariant subspaces in Simpira , 2016, IACR Cryptol. ePrint Arch..

[57]  Vincent Rijmen,et al.  The Block Cipher Square , 1997, FSE.

[58]  Samuel Neves,et al.  NORX8 and NORX16: Authenticated Encryption for Low-End Systems , 2015, IACR Cryptol. ePrint Arch..

[59]  Florian Mendel,et al.  Submission to the CAESAR Competition , 2014 .

[60]  Dongdai Lin,et al.  Applying MILP Method to Searching Integral Distinguishers Based on Division Property for 6 Lightweight Block Ciphers , 2016, ASIACRYPT.

[61]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[62]  G. V. Assche,et al.  Permutation-based encryption , authentication and authenticated encryption , 2012 .

[63]  Kazuhiko Minematsu,et al.  $\textnormal{\textsc{TWINE}}$ : A Lightweight Block Cipher for Multiple Platforms , 2012, Selected Areas in Cryptography.

[64]  Guido Bertoni,et al.  Duplexing the sponge: single-pass authenticated encryption and other applications , 2011, IACR Cryptol. ePrint Arch..

[65]  Amr M. Youssef,et al.  Impossible Differential Attack on Reduced Round SPARX-64/128 , 2017, AFRICACRYPT.

[66]  Jason Smith,et al.  The SIMON and SPECK Families of Lightweight Block Ciphers , 2013, IACR Cryptol. ePrint Arch..

[67]  Christof Paar,et al.  Block Ciphers - Focus on the Linear Layer (feat. PRIDE) , 2014, CRYPTO.

[68]  Anne Canteaut,et al.  PRINCE - A Low-latency Block Cipher for Pervasive Computing Applications (Full version) , 2012, IACR Cryptol. ePrint Arch..

[69]  Wenling Wu,et al.  LBlock: A Lightweight Block Cipher , 2011, ACNS.

[70]  Yu Sasaki,et al.  On the Design Rationale of Simon Block Cipher: Integral Attacks and Impossible Differential Attacks against Simon Variants , 2016, ACNS.