RECTANGLE: A Bit-slice Ultra-Lightweight Block Cipher Suitable for Multiple Platforms

In this paper, we propose a new lightweight block cipher named RECTANGLE. The main idea of the design of RECTANGLE is to allow lightweight and fast implementations using bit-slice techniques. RECTANGLE uses an SPnetwork. The substitution layer consists of 16 4×4 S-boxes in parallel. The permutation layer is composed of 3 rotations. As shown in this paper, RECTANGLE offers great performance in both hardware and software environment, which proves enough flexibility for different application scenario. The following are 3 main advantages of RECTANGLE. First, RECTANGLE is extremely hardwarefriendly. For the 80-bit key version, a one-cycle-per-round parallel implementation only needs 1467 gates for a throughput of 246 Kbits/sec at 100KHz clock and an energy efficiency of 1.11 pJ/bit. Second, RECTANGLE achieves a very competitive software speed among the existing lightweight block ciphers due to its bit-slice style. Using 128-bit SSE instructions, a bit-slice implementation of RECTANGLE reaches an average encryption speed of about 5.38 cycles/byte for messages around 1000 bytes. Last but not least. We propose new design criteria for 4×4 S-boxes. RECTANGLE uses such a new type of S-box. Due to our careful selection of the S-box and the asymmetric design of the permutation layer, RECTANGLE achieves a very good security-performance tradeoff. Our extensive and deep security analysis finds distinguishers for up to 14 rounds only, and the highest number of rounds that we can attack, is 18 (out of 25).

[1]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[2]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[3]  Mitsuru Matsui,et al.  On Correlation Between the Order of S-boxes and the Strength of DES , 1994, EUROCRYPT.

[4]  Eli Biham,et al.  A Fast New DES Implementation in Software , 1997, FSE.

[5]  Ross Anderson,et al.  Serpent: A Proposal for the Advanced Encryption Standard , 1998 .

[6]  Alex Biryukov,et al.  Slide Attacks , 1999, FSE.

[7]  Mitsuru Matsui,et al.  Hardware Evaluation of the AES Finalists , 2000, AES Candidate Conference.

[8]  David A. Wagner,et al.  Integral Cryptanalysis , 2002, FSE.

[9]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[10]  Eli Biham,et al.  New types of cryptanalytic attacks using related keys , 1994, Journal of Cryptology.

[11]  Alex Biryukov,et al.  On Multiple Linear Approximations , 2004, IACR Cryptol. ePrint Arch..

[12]  Sandra Dominikus,et al.  Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[13]  Eli Biham,et al.  Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials , 1999, Journal of Cryptology.

[14]  Vincent Rijmen,et al.  AES implementation on a grain of sand , 2005 .

[15]  C. Paar,et al.  A Family of Light-Weight Block Ciphers Based on DES Suited for RFID Applications , 2006 .

[16]  S. Yang,et al.  AES-Based Security Coprocessor IC in 0.18-$muhbox m$CMOS With Resistance to Differential Power Analysis Side-Channel Attacks , 2006, IEEE Journal of Solid-State Circuits.

[17]  T. Good,et al.  Hardware results for selected stream cipher candidates , 2007 .

[18]  Christof Paar,et al.  New Lightweight DES Variants , 2007, FSE.

[19]  Jean-Jacques Quisquater,et al.  ASIC Implementations of the Block Cipher SEA for Constrained Applications , 2007 .

[20]  Mitsuru Matsui,et al.  On the Power of Bitslice Implementation on Intel Core2 Processor , 2007, CHES.

[21]  Gregor Leander,et al.  On the Classification of 4 Bit S-Boxes , 2007, WAIFI.

[22]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[23]  Christof Paar,et al.  Ultra-Lightweight Implementations for Smart Devices - Security for 1000 Gate Equivalents , 2008, CARDIS.

[24]  Orr Dunkelman,et al.  A Differential-Linear Attack on 12-Round Serpent , 2008, INDOCRYPT.

[25]  Kaisa Nyberg,et al.  Multidimensional Extension of Matsui's Algorithm 2 , 2009, FSE.

[26]  François-Xavier Standaert,et al.  A Statistical Saturation Attack against the Block Cipher PRESENT , 2009, CT-RSA.

[27]  Christophe De Cannière,et al.  KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.

[28]  Hongjun Wu,et al.  The Hash Function JH , 2009 .

[29]  Kenji Ohkuma,et al.  Weak Keys of Reduced-Round PRESENT for Linear Cryptanalysis , 2009, Selected Areas in Cryptography.

[30]  Markku-Juhani O. Saarinen Cryptanalysis of Hummingbird-1 , 2010, FSE.

[31]  Andrey Bogdanov,et al.  A 3-Subset Meet-in-the-Middle Attack: Cryptanalysis of the Lightweight Block Cipher KTANTAN , 2010, IACR Cryptol. ePrint Arch..

[32]  Joo Yeon Cho,et al.  Linear Cryptanalysis of Reduced-Round PRESENT , 2010, CT-RSA.

[33]  Yee Wei Law,et al.  KLEIN: A New Family of Lightweight Block Ciphers , 2010, RFIDSec.

[34]  Daniel W. Engels,et al.  The Hummingbird-2 Lightweight Authenticated Encryption Algorithm , 2011, RFIDSec.

[35]  T. Suzaki,et al.  TWINE : A Lightweight , Versatile Block Cipher , 2011 .

[36]  Gregor Leander,et al.  On Linear Hulls, Statistical Saturation Attacks, PRESENT and a Cryptanalysis of PUFFIN , 2011, EUROCRYPT.

[37]  Céline Blondeau,et al.  Multiple Differential Cryptanalysis: Theory and Practice , 2011, FSE.

[38]  Wenling Wu,et al.  LBlock: A Lightweight Block Cipher , 2011, ACNS.

[39]  Meiqin Wang,et al.  A Model for Structure Attacks, with Applications to PRESENT and Serpent , 2012, FSE.

[40]  Shiho Moriai,et al.  Lightweight Cryptography for the Cloud: Exploit the Power of Bitslice Implementation , 2012, CHES.

[41]  Thomas Peyrin,et al.  Practical Cryptanalysis of ARMADILLO2 , 2012, FSE.

[42]  Christoph Dobraunig,et al.  Compact Hardware Implementations of the Block Ciphers mCrypton, NOEKEON, and SEA , 2012, INDOCRYPT.

[43]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[44]  Jian Guo,et al.  Implementing Lightweight Block Ciphers on x86 Architectures , 2013, IACR Cryptol. ePrint Arch..

[45]  Vincent Rijmen,et al.  ALE: AES-Based Lightweight Authenticated Encryption , 2013, FSE.