• PDF / 687,079 Bytes
• 30 Pages / 439.37 x 666.142 pts Page_size
• 37 Downloads / 201 Views

DOWNLOAD

REPORT

bstract. We present, for the first time, a general strategy for designing ARX symmetric-key primitives with provable resistance against singletrail differential and linear cryptanalysis. The latter has been a long standing open problem in the area of ARX design. The wide-trail design strategy (WTS), that is at the basis of many S-box based ciphers, including the AES, is not suitable for ARX designs due to the lack of S-boxes in the latter. In this paper we address the mentioned limitation by proposing the long trail design strategy (LTS) – a dual of the WTS that is applicable (but not limited) to ARX constructions. In contrast to the WTS, that prescribes the use of small and efficient S-boxes at the expense of heavy linear layers with strong mixing properties, the LTS advocates the use of large (ARX-based) S-Boxes together with sparse linear layers. With the help of the so-called long-trail argument, a designer can bound the maximum differential and linear probabilities for any number of rounds of a cipher built according to the LTS. To illustrate the effectiveness of the new strategy, we propose Sparx – a family of ARX-based block ciphers designed according to the LTS. Sparx has 32-bit ARX-based S-boxes and has provable bounds against differential and linear cryptanalysis. In addition, Sparx is very efficient on a number of embedded platforms. Its optimized software implementation ranks in the top 6 of the most software-efficient ciphers along with Simon, Speck, Chaskey, LEA and RECTANGLE. As a second contribution we propose another strategy for designing ARX ciphers with provable properties, that is completely independent of the LTS. It is motivated by a challenge proposed earlier by Wall´en and uses the differential properties of modular addition to minimize the maximum differential probability across multiple rounds of a cipher. A new primitive, called LAX, is designed following those principles. LAX partly solves the Wall´en challenge. Keywords: ARX · Block ciphers · Differential cryptanalysis cryptanalysis · Lightweight · Wide-trail strategy

·

Linear

c International Association for Cryptologic Research 2016  J.H. Cheon and T. Takagi (Eds.): ASIACRYPT 2016, Part I, LNCS 10031, pp. 484–513, 2016. DOI: 10.1007/978-3-662-53887-6 18

Design Strategies for ARX with Provable Bounds: Sparx and LAX

1

485

Introduction

ARX, standing for Addition/Rotation/XOR, is a class of symmetric-key algorithms designed using only the following simple operations: modular addition, bitwise rotation and exclusive-OR. In contrast to S-box-based designs, where the only non-linear elements are the substitution tables (S-boxes), ARX designs rely on modular addition as the only source of non-linearity. Notable representatives of the ARX class include the stream ciphers Salsa20 [1] and ChaCha20 [2], the SHA-3 finalists Skein [3] and BLAKE [4] as well as several lightweight block ciphers such as TEA, XTEA [5], etc. Dinu et al. recently reported [6] that the most efficient software implementations on small processors belonged to ciphers from the ARX cla

Recommend Documents

Design Strategies and Creativity

174 23 6MB

Strategies for Trial Design and Analyses

168 93 4MB

Characterising Futuring Strategies for Biodiverse Speculative Design and Systems Design

188 105 39MB

Provable Properties

142 101 239KB

Marketing Strategies for Design-Build Contracting

171 38 17MB

Optimization Strategies for Efficient Antenna Design

209 56 14MB

Design and Analysis for Drug Abuse Potential Studies: Issues and Strategies for Implementing a Crossover Design

157 21 79KB

Bounds for Christoffel Functions

184 76 2MB

Territoriality and Renewable Resources. Sustainable Innovation Strategies for Circular Design

182 23 276MB

Efficient and Provable White-Box Primitives

189 97 427KB

A Model of Onion Routing with Provable Anonymity

165 32 475KB

Transition Strategies for Sustainable Community Systems Design and S

163 3 5MB