• PDF / 932,720 Bytes
• 25 Pages / 439.37 x 666.142 pts Page_size
• 36 Downloads / 176 Views

DOWNLOAD

REPORT

3

Temasek Laboratories, Nanyang Technological University, Singapore, Singapore {bsubhadeep,thomas.peyrin}@ntu.edu.sg School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore, Singapore [email protected], [email protected] School of Computer Science and Engineering, Nanyang Technological University, Singapore, Singapore [email protected] 4 NTT Secure Platform Laboratories, Tokyo, Japan [email protected] 5 ´ LASEC, Ecole Polytechnique F´ed´erale de Lausanne, Lausanne, Switzerland

Abstract. In this article, we revisit the design strategy of PRESENT, leveraging all the advances provided by the research community in construction and cryptanalysis since its publication, to push the design up to its limits. We obtain an improved version, named GIFT, that provides a much increased efficiency in all domains (smaller and faster), while correcting the well-known weakness of PRESENT with regards to linear hulls. GIFT is a very simple and clean design that outperforms even SIMON or SKINNY for round-based implementations, making it one of the most energy efficient ciphers as of today. It reaches a point where almost the entire implementation area is taken by the storage and the Sboxes, where any cheaper choice of Sbox would lead to a very weak proposal. In essence, GIFT is composed of only Sbox and bit-wiring, but its natural bitslice data flow ensures excellent performances in all scenarios, from area-optimised hardware implementations to very fast software implementation on high-end platforms. We conducted a thorough analysis of our design with regards to stateof-the-art cryptanalysis, and we provide strong bounds with regards to differential/linear attacks.

Keywords: Lightweight cryptography

1

· Block cipher · PRESENT · GIFT

Introduction

In the past decade, the development of ubiquitous computing applications triggered the rapid expansion of the lightweight cryptography research field. All these applications operating in very constrained devices may require certain c International Association for Cryptologic Research 2017  W. Fischer and N. Homma (Eds.): CHES 2017, LNCS 10529, pp. 321–345, 2017. DOI: 10.1007/978-3-319-66787-4 16

322

S. Banik et al.

symmetric-key cryptography components to guarantee privacy and/or authentication for the users, such as block or stream ciphers, hash functions or MACs. Existing cryptography standards such as AES [18] or SHA-2 [33] are not always suitable for these strong constraints. There have been extensive research conducted in this direction, with countless new primitives being introduced [2,4,5,12,15,22,39], many of them getting broken rather rapidly (designing a cipher with strong constraints is not an easy task). Conforming to general trend, the American National Institute for Science and Technology (NIST) recently announced that it will consider standardizing some lightweight functions in a few years [34]. Some lightweight algorithms such as PRESENT [12], PHOTON [21] and SPONGENT [11] have already been included into ISO standards

Recommend Documents

A gift of glass

147 27 742KB

The gift of shame

152 1 126KB

The gift of advice: communication in a bilateral gift exchange game

156 64 1MB

The Gift of Babel

163 15 3MB

Conclusion: Decay as Gift: Composting American Shit

156 81 3MB

Embodied Divinity and the Gift: The Case of Okinawan Kaminchu

167 85 5MB

Women, Religion, and the Gift An Abundance of Riches

137 34 5MB

Past, Present, Future

259 3 2MB

Nanodosimetry: Present and perspectives

170 38 52KB

Responses Past and Present

175 49 128KB

The Settler Colonial Present

190 40 1MB

Present and Future Challenges

218 7 39MB