The SKINNY Family of Block Ciphers and its Low-Latency Variant MANTIS

We present a new tweakable block cipher family SKINNY, whose goal is to compete with NSA recent design SIMON in terms of hardware/software performances, while proving in addition much stronger security guarantees with regards to differential/linear attacks. In particular, unlike SIMON, we are able to provide strong bounds for all versions, and not only in the single-key model, but also in the related-key or related-tweak model. SKINNY has flexible block/key/tweak sizes and can also benefit from very efficient threshold implementations for side-channel protection. Regarding performances, it outperforms all known ciphers for ASIC round-based implementations, while still reaching an extremely small area for serial implementations and a very good efficiency for software and micro-controllers implementations SKINNY has the smallest total number of AND/OR/XOR gates used for encryption process. Secondly, we present MANTIS, a dedicated variant of SKINNY for low-latency implementations, that constitutes a very efficient solution to the problem of designing a tweakable block cipher for memory encryption. MANTIS basically reuses well understood, previously studied, known components. Yet, by putting those components together in a new fashion, we obtain a competitive cipher to PRINCE in latency and area, while being enhanced with a tweak input.

[1]  Anne Canteaut,et al.  Another View of the Division Property , 2016, CRYPTO.

[2]  Lei Hu,et al.  Automatic Security Evaluation of Block Ciphers with S-bP Structures Against Related-Key Differential Attacks , 2013, Inscrypt.

[3]  Jean-Didier Legat,et al.  Efficient FPGA Implementations of Block Ciphers KHAZAD and MISTY1 , 2002 .

[4]  Anne Canteaut,et al.  PRINCE - A Low-Latency Block Cipher for Pervasive Computing Applications - Extended Abstract , 2012, ASIACRYPT.

[5]  Yu Sasaki,et al.  Meet-in-the-Middle Preimage Attacks on AES Hashing Modes and an Application to Whirlpool , 2011, FSE.

[6]  Christophe De Cannière,et al.  KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.

[7]  Kazuhiko Minematsu,et al.  $\textnormal{\textsc{TWINE}}$ : A Lightweight Block Cipher for Multiple Platforms , 2012, Selected Areas in Cryptography.

[8]  Jason Smith,et al.  SIMON and SPECK: Block Ciphers for the Internet of Things , 2015, IACR Cryptol. ePrint Arch..

[9]  Eli Biham,et al.  Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials , 1999 .

[10]  Claude Carlet,et al.  PICARO - A Block Cipher Allowing Efficient Higher-Order Side-Channel Resistance , 2012, ACNS.

[11]  Bogdanov Andrey,et al.  Midori: A Block Cipher for Low Energy , 2016 .

[12]  Jean-Jacques Quisquater,et al.  FPGA implementations of the ICEBERG block cipher , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[13]  S. Kyoji,et al.  Piccolo: An Ultra-Lightweight Blockcipher , 2011 .

[14]  Dawu Gu,et al.  Differential and Linear Cryptanalysis Using Mixed-Integer Linear Programming , 2011, Inscrypt.

[15]  Vincent Rijmen,et al.  Threshold implementations of small S-boxes , 2014, Cryptography and Communications.

[16]  Thomas Peyrin,et al.  FOAM: Searching for Hardware-Optimal SPN Structures and Components with a Fair Comparison , 2014, CHES.

[17]  Anne Canteaut,et al.  Construction of Lightweight S-Boxes Using Feistel and MISTY Structures , 2015, SAC.

[18]  Stefan Kölbl,et al.  Observations on the SIMON Block Cipher Family , 2015, CRYPTO.

[19]  Amir Moradi,et al.  Side-Channel Resistant Crypto for Less than 2,300 GE , 2011, Journal of Cryptology.

[20]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[21]  Jason Smith,et al.  The SIMON and SPECK Families of Lightweight Block Ciphers , 2013, IACR Cryptol. ePrint Arch..

[22]  Jian Guo,et al.  Implementing Lightweight Block Ciphers on x86 Architectures , 2013, IACR Cryptol. ePrint Arch..

[23]  Stephen Taylor,et al.  Memory encryption , 2014, ACM Comput. Surv..

[24]  Peter Williams,et al.  CPU Support for Secure Executables , 2011, TRUST.

[25]  Salima Benbernou,et al.  A survey on service quality description , 2013, CSUR.

[26]  D. Chaum,et al.  Cryptanalysis of DES with a reduced number of rounds , 1986, CRYPTO 1986.

[27]  Christian Rechberger,et al.  Subspace Trail Cryptanalysis and its Applications to AES , 2017, IACR Trans. Symmetric Cryptol..

[28]  Anne Canteaut,et al.  Reflection ciphers , 2017, Des. Codes Cryptogr..

[29]  Thomas Peyrin,et al.  Tweaks and Keys for Block Ciphers: The TWEAKEY Framework , 2014, ASIACRYPT.

[30]  Yosuke Todo,et al.  Structural Evaluation by Generalized Integral Property , 2015, EUROCRYPT.

[31]  Andrey Bogdanov,et al.  A 3-Subset Meet-in-the-Middle Attack: Cryptanalysis of the Lightweight Block Cipher KTANTAN , 2010, IACR Cryptol. ePrint Arch..

[32]  Gregor Leander,et al.  Linear Cryptanalysis: Key Schedules and Tweakable Block Ciphers , 2017, IACR Trans. Symmetric Cryptol..

[33]  Christof Paar,et al.  Pushing the Limits: A Very Compact and a Threshold Implementation of AES , 2011, EUROCRYPT.

[34]  Joe Kilian,et al.  How to Protect DES Against Exhaustive Key Search , 1996, CRYPTO.

[35]  David A. Wagner,et al.  Integral Cryptanalysis , 2002, FSE.

[36]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[37]  Thomas Peyrin,et al.  Counter-in-Tweak: Authenticated Encryption Modes for Tweakable Block Ciphers , 2016, CRYPTO.

[38]  María Naya-Plasencia,et al.  Block Ciphers That Are Easier to Mask: How Far Can We Go? , 2013, CHES.

[39]  David Chaum,et al.  Crytanalysis of DES with a Reduced Number of Rounds: Sequences of Linear Factors in Block Ciphers , 1985, CRYPTO.

[40]  Vincent Rijmen,et al.  Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches , 2011, Journal of Cryptology.

[41]  Vincent Rijmen,et al.  The Block Cipher Square , 1997, FSE.

[42]  Syed Kareem Uddin Trade-OFFS For Threshold Implementations Illustrated on AES , 2017 .

[43]  Amir Moradi,et al.  Side-Channel Analysis Protection and Low-Latency in Action - - Case Study of PRINCE and Midori - , 2016, ASIACRYPT.