ASC – A Stream Cipher with Built – In MAC Functionality
In this paper we present the design of a new encryption scheme. The scheme we propose is a very exible encryption and authentication primitive. We build this scheme on two relatively new design principles: t-functions and fast pseudo hadamard transforms. We recapitulate the theory behind these principles and analyze their security properties and efficiency. In more detail we propose a streamcipher which outputs a message authentication tag along with theencrypted data stream with only little overhead. Moreover we proposesecurity-speed tradeoffs. Our scheme is faster than other comparablet-function based designs while offering the same security level.
[1] Vladimir Anashin. Uniformly distributed sequences of p-adic integers,ii. arXiv Mathematics, 2002. http://arxiv.org/abs/math.NT/0209407.[2] Vladimir Anashin. Pseudorandom number generation byp-adic ergodic transformations. arXiv Mathematics, 2004.http://arxiv.org/abs/cs.CR/0401030.[3] Vladimir Anashin, Andrey Bogdanov, Ilya Kizhvatov, and SandeepKumar. Abc : A new fast exible stream cipher. eS-TREAM, ECRYPT Stream Cipher Project, Report 2005/001, 2005.http://www.ecrypt.eu.org/stream.[4] Eli Biham and Adi Shamir. Differential cryptanalysis of des-likecryptosystems. In Proceedings of CRYPTO 1990, volume 537 of LectureNotes in Computer Science. Springer Verlag, 1990.[5] Eli Biham and Adi Shamir. Differential cryptanalysis of snefru, khafre,redoc-ii, loki and lucifer. In Proceedings of CRYPTO 1991, volume 576of Lecture Notes in Computer Science. Springer Verlag, 1991.[6] Joan Daemen. Cipher and hash function design: strategies based onlinear and differential cryptanalysis. PhD thesis, Katholieke UniversiteitLeuven, 1995.[7] Tom St Denis. Fast pseudo-hadamard transforms. Cryptology ePrintArchive, Report 2004/010, 2004. http://eprint.iacr.org/.[8] ECRYPT. estream, the ecrypt stream cipher project, 2004.http://www.ecrypt.eu.org/stream/index.html.[9] J. A. Gordon and H. Retkin. Are big s-boxes best? In Proceedings of theWorkshop on Cryptography, volume 149 of Lecture Notes in ComputerScience. Springer Verlag, 1982.[10] Philip Hawkes, Michael Paddon, and Gregory G. Rose. The mundjastreaming mac. Cryptology ePrint Archive, Report 2004/271, 2004.http://eprint.iacr.org/.[11] Jin Hong, Dong Hoon Lee, Yongjin Yeom, Daewan Han, andSeongtaek Chee. T-function based stream cipher tsc-3. eS-TREAM, ECRYPT Stream Cipher Project, Report 2005/031, 2005.http://www.ecrypt.eu.org/stream.[12] Liam Keliher. Linear Cryptanalysis of Substitution-Permutation Net-works. PhD thesis, Queens University, Kingston, Canada, 2003.[13] Alexander Klimov. Applications of T-Functions in Cryptography. PhDthesis, The Weizmann Institute of Science, 2005.[14] Alexander Klimov and Adi Shamir. A new class of invertible mappings.In Proceedings of CHES 2002, volume 2523 of Lecture Notes inComputer Science. Springer Verlag, 2002.[15] Alexander Klimov and Adi Shamir. Cryptographic applications of t-functions. In Proceedings of SAC 2003, volume 3006 of Lecture Notesin Computer Science. Springer Verlag, 2003.[16] Alexander Klimov and Adi Shamir. New cryptographic primitives basedon multiword t-functions. In Proceedings of FSE 2004, volume 3017 ofLecture Notes in Computer Science. Springer Verlag, 2004.[17] Simon Kunzli, Pascal Junod, and Willi Meier. Distinguishing attacks ont-functions. In Proceedings of Mycrypt 2005, volume 3715 of LectureNotes in Computer Science. Springer Verlag, 2005.[18] Alexander Maximov. A new stream cipher mir-1. eS-TREAM, ECRYPT Stream Cipher Project, Report 2005/017, 2005.http://www.ecrypt.eu.org/stream.[19] David A. McGrew and John Viega. The galois/counter mode ofoperation (gcm). Submission to NIST Modes of Operation Process,2004. http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/gcm/.[20] Joydip Mitra and Palash Sarkar. Time-memory trade-off attacks onmultiplications and t-functions. In Proceedings of ASIACRYPT 2004,volume 3329 of Lecture Notes in Computer Science. Springer Verlag,2004.[21] Luke OConnor. On the distribution of characteristics in bijectivemappings. In Proceedings of EUROCRYPT 1993, volume 765 of LectureNotes in Computer Science. Springer Verlag, 1993.[22] Andrew Rukhin, Juan Soto, and James Nechvatal et al. A statis-tical test suite for the validation of random number generators andpseudo random number generators for cryptographic applications, 1997.http://csrc.nist.gov/rng/.[23] John Walker. Ent entropy calculation and analysis of putative randomsequences, 1985. http://www.fourmilab.ch/random/.[24] Doug Whiting, Russ Housley, and Niels Ferguson. Counter with cbc-mac (ccm). Submission to NIST Modes of Operation Process, 2004.http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/ccm/.[25] Doug Whiting, Bruce Schneier, Stephan Lucks, and Frederic Muller.Phelix - fast encryption and authentication in a single cryptographicprimitive. Ecrypt Stream Cipher Project, Report 2005/020, 2005.http://www.ecrypt.eu.org/stream.[26] Bartosz Zoltak. Vmpc-mac: A stream cipher based authenticatedencryption scheme. Cryptology ePrint Archive, Report 2004/301, 2004.http://eprint.iacr.org/.
[1] Vladimir Anashin. Uniformly distributed sequences of p-adic integers,ii. arXiv Mathematics, 2002. http://arxiv.org/abs/math.NT/0209407.[2] Vladimir Anashin. Pseudorandom number generation byp-adic ergodic transformations. arXiv Mathematics, 2004.http://arxiv.org/abs/cs.CR/0401030.[3] Vladimir Anashin, Andrey Bogdanov, Ilya Kizhvatov, and SandeepKumar. Abc : A new fast exible stream cipher. eS-TREAM, ECRYPT Stream Cipher Project, Report 2005/001, 2005.http://www.ecrypt.eu.org/stream.[4] Eli Biham and Adi Shamir. Differential cryptanalysis of des-likecryptosystems. In Proceedings of CRYPTO 1990, volume 537 of LectureNotes in Computer Science. Springer Verlag, 1990.[5] Eli Biham and Adi Shamir. Differential cryptanalysis of snefru, khafre,redoc-ii, loki and lucifer. In Proceedings of CRYPTO 1991, volume 576of Lecture Notes in Computer Science. Springer Verlag, 1991.[6] Joan Daemen. Cipher and hash function design: strategies based onlinear and differential cryptanalysis. PhD thesis, Katholieke UniversiteitLeuven, 1995.[7] Tom St Denis. Fast pseudo-hadamard transforms. Cryptology ePrintArchive, Report 2004/010, 2004. http://eprint.iacr.org/.[8] ECRYPT. estream, the ecrypt stream cipher project, 2004.http://www.ecrypt.eu.org/stream/index.html.[9] J. A. Gordon and H. Retkin. Are big s-boxes best? In Proceedings of theWorkshop on Cryptography, volume 149 of Lecture Notes in ComputerScience. Springer Verlag, 1982.[10] Philip Hawkes, Michael Paddon, and Gregory G. Rose. The mundjastreaming mac. Cryptology ePrint Archive, Report 2004/271, 2004.http://eprint.iacr.org/.[11] Jin Hong, Dong Hoon Lee, Yongjin Yeom, Daewan Han, andSeongtaek Chee. T-function based stream cipher tsc-3. eS-TREAM, ECRYPT Stream Cipher Project, Report 2005/031, 2005.http://www.ecrypt.eu.org/stream.[12] Liam Keliher. Linear Cryptanalysis of Substitution-Permutation Net-works. PhD thesis, Queens University, Kingston, Canada, 2003.[13] Alexander Klimov. Applications of T-Functions in Cryptography. PhDthesis, The Weizmann Institute of Science, 2005.[14] Alexander Klimov and Adi Shamir. A new class of invertible mappings.In Proceedings of CHES 2002, volume 2523 of Lecture Notes inComputer Science. Springer Verlag, 2002.[15] Alexander Klimov and Adi Shamir. Cryptographic applications of t-functions. In Proceedings of SAC 2003, volume 3006 of Lecture Notesin Computer Science. Springer Verlag, 2003.[16] Alexander Klimov and Adi Shamir. New cryptographic primitives basedon multiword t-functions. In Proceedings of FSE 2004, volume 3017 ofLecture Notes in Computer Science. Springer Verlag, 2004.[17] Simon Kunzli, Pascal Junod, and Willi Meier. Distinguishing attacks ont-functions. In Proceedings of Mycrypt 2005, volume 3715 of LectureNotes in Computer Science. Springer Verlag, 2005.[18] Alexander Maximov. A new stream cipher mir-1. eS-TREAM, ECRYPT Stream Cipher Project, Report 2005/017, 2005.http://www.ecrypt.eu.org/stream.[19] David A. McGrew and John Viega. The galois/counter mode ofoperation (gcm). Submission to NIST Modes of Operation Process,2004. http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/gcm/.[20] Joydip Mitra and Palash Sarkar. Time-memory trade-off attacks onmultiplications and t-functions. In Proceedings of ASIACRYPT 2004,volume 3329 of Lecture Notes in Computer Science. Springer Verlag,2004.[21] Luke OConnor. On the distribution of characteristics in bijectivemappings. In Proceedings of EUROCRYPT 1993, volume 765 of LectureNotes in Computer Science. Springer Verlag, 1993.[22] Andrew Rukhin, Juan Soto, and James Nechvatal et al. A statis-tical test suite for the validation of random number generators andpseudo random number generators for cryptographic applications, 1997.http://csrc.nist.gov/rng/.[23] John Walker. Ent entropy calculation and analysis of putative randomsequences, 1985. http://www.fourmilab.ch/random/.[24] Doug Whiting, Russ Housley, and Niels Ferguson. Counter with cbc-mac (ccm). Submission to NIST Modes of Operation Process, 2004.http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/ccm/.[25] Doug Whiting, Bruce Schneier, Stephan Lucks, and Frederic Muller.Phelix - fast encryption and authentication in a single cryptographicprimitive. Ecrypt Stream Cipher Project, Report 2005/020, 2005.http://www.ecrypt.eu.org/stream.[26] Bartosz Zoltak. Vmpc-mac: A stream cipher based authenticatedencryption scheme. Cryptology ePrint Archive, Report 2004/301, 2004.http://eprint.iacr.org/.
@article{"International Journal of Information, Control and Computer Sciences:62487", author = "Kai-Thorsten Wirt", title = "ASC – A Stream Cipher with Built – In MAC Functionality", abstract = "In this paper we present the design of a new encryption scheme. The scheme we propose is a very exible encryption and authentication primitive. We build this scheme on two relatively new design principles: t-functions and fast pseudo hadamard transforms. We recapitulate the theory behind these principles and analyze their security properties and efficiency. In more detail we propose a streamcipher which outputs a message authentication tag along with theencrypted data stream with only little overhead. Moreover we proposesecurity-speed tradeoffs. Our scheme is faster than other comparablet-function based designs while offering the same security level.
", keywords = "Cryptography, Combined Primitives, Stream Cipher, MAC, T-Function, FPHT.", volume = "1", number = "5", pages = "1421-6", }
