Survey and Benchmark of Block Ciphers for Wireless Sensor Networks

Cryptographic algorithms play an important role in the security architecture of wireless sensor networks (WSNs). Choosing the most storage- and energy-efficient block cipher is essential, due to the facts that these networks are meant to operate without human intervention for a long period of time with little energy supply, and that available storage is scarce on these sensor nodes. However, to our knowledge, no systematic work has been done in this area so far.We construct an evaluation framework in which we first identify the candidates of block ciphers suitable for WSNs, based on existing literature and authoritative recommendations. For evaluating and assessing these candidates, we not only consider the security properties but also the storage- and energy-efficiency of the candidates. Finally, based on the evaluation results, we select the most suitable ciphers for WSNs, namely Skipjack, MISTY1, and Rijndael, depending on the combination of available memory and required security (energy efficiency being implicit). In terms of operation mode, we recommend Output Feedback Mode for pairwise links but Cipher Block Chaining for group communications

Generating S-Boxes from Semi-fields Pseudo-extensions

Block ciphers, such as the AES, correspond to a very important family of secret-key cryptosystems. The security of such systems partly relies on what is called the S-box. This is a vectorial Boolean function f : F n 2 ֒→ F n 2 , where n is the size of the blocks. It is often the only non linear opera-tion in the algorithm. The most well-known attacks against block ciphers algorithms are the known-plaintext attacks called differential cryptanal-ysis [4, 10] and linear cryptanalysis [11]. To protect such cryptosystems against linear and differential attacks, S-boxes are designed to fulfill some cryptographic criteria (balancedness, high nonlinearity, high algebraic de-gree, avalanche, or transparency [2, 12]) and are usually defined on finite fields, like F2n [7, 3]. Unfortunately, it seems difficult to find good S-Boxes, at least for bijective ones: random generation does not work [8, 9] and the one used in the AES or Camellia are actually variations around a single function, the inverse function in F2n . Would the latter function have an unforeseen weakness (for instance if more practical algebraic attacks are developped), it would be desirable to have some replacement candidates. For that matter, we propose to weaken a little bit the algebraic part of the design of S-Boxes and use finite semi-fields instead of finite fields to build such S-Boxes. Finite semi-fields relax the associativity and com-mutativity of the multiplication law. While semi-fields of a given order are unique up to isomorphism, on the contrary semi-fields of a given order can be numerous: nowadays, on the one hand, it is for instance easy to generate all the 36 semi-fields of order 2 4 , but, on the other hand, it is not even known how many semi-fields are there of order 2 8 . Therefore, we propose to build S-Boxes via semi-fields pseudo extensions of the form S 2 2 4 , where S 2 4 is any semi-field of order 2 4 , and mimic in this structure the use of the inverse function in a finite field. We report here the construction of 10827 S-Boxes, 7052 non CCZ-equivalent, with maximal nonlinearity, differential invariants, degrees and bit interdependency. Among the latter 2963 had fix points, and among the ones without fix points, 3846 had the avalanche level of AES and 243 1 the better avalanche level of Camellia. Among the latter 232 have a better transparency level than the inverse function on a finite field

Dynamic MDS Matrices for Substantial Cryptographic Strength

Ciphers get their strength from the mathematical functions of confusion and diffusion, also known as substitution and permutation. These were the basics of classical cryptography and they are still the basic part of modern ciphers. In block ciphers diffusion is achieved by the use of Maximum Distance Separable (MDS) matrices. In this paper we present some methods for constructing dynamic (and random) MDS matrices.Comment: Short paper at WISA'10, 201

Parallelizing the Camellia and SMS4 Block Ciphers - Extended version

The n-cell GF-NLFSR (Generalized Feistel-NonLinear Feedback Shift Register) structure [8] is a generalized unbalanced Feistel network that can be considered as a generalization of the outer function FO of the KASUMI block cipher. An advantage of this cipher over other n-cell generalized Feistel networks, e.g. SMS4 [11] and Camellia [5], is that it is parallelizable for up to n rounds. In hardware implementations, the benefits translate to speeding up encryption by up to n times while consuming similar area and significantly less power. At the same time n-cell GF-NLFSR structures offer similar proofs of security against differential cryptanalysis as conventional n-cell Feistel structures. We also ensure that parallelized versions of Camellia and SMS4 are resistant against other block cipher attacks such as linear, boomerang, integral, impossible differential, higher order differential,interpolation, slide, XSL and related-key differential attacks

Cryptoraptor : high throughput reconfigurable cryptographic processor for symmetric key encryption and cryptographic hash functions

textIn cryptographic processor design, the selection of functional primitives and connection structures between these primitives are extremely crucial to maximize throughput and flexibility. Hence, detailed analysis on the specifications and requirements of existing crypto-systems plays a crucial role in cryptographic processor design. This thesis provides the most comprehensive literature review that we are aware of on the widest range of existing cryptographic algorithms, their specifications, requirements, and hardware structures. In the light of this analysis, it also describes a high performance, low power, and highly flexible cryptographic processor, Cryptoraptor, that is designed to support both today's and tomorrow's encryption standards. To the best of our knowledge, the proposed cryptographic processor supports the widest range of cryptographic algorithms compared to other solutions in the literature and is the only crypto-specific processor targeting the future standards as well. Unlike previous work, we aim for maximum throughput for all known encryption standards, and to support future standards as well. Our 1GHz design achieves a peak throughput of 128Gbps for AES-128 which is competitive with ASIC designs and has 25X and 160X higher throughput per area than CPU and GPU solutions, respectively.Electrical and Computer Engineerin

Wave-Shaped Round Functions and Primitive Groups

Round functions used as building blocks for iterated block ciphers, both in the case of Substitution-Permutation Networks and Feistel Networks, are often obtained as the composition of different layers which provide confusion and diffusion, and key additions. The bijectivity of any encryption function, crucial in order to make the decryption possible, is guaranteed by the use of invertible layers or by the Feistel structure. In this work a new family of ciphers, called wave ciphers, is introduced. In wave ciphers, round functions feature wave functions, which are vectorial Boolean functions obtained as the composition of non-invertible layers, where the confusion layer enlarges the message which returns to its original size after the diffusion layer is applied. This is motivated by the fact that relaxing the requirement that all the layers are invertible allows to consider more functions which are optimal with regard to non-linearity. In particular it allows to consider injective APN S-boxes. In order to guarantee efficient decryption we propose to use wave functions in Feistel Networks. With regard to security, the immunity from some group-theoretical attacks is investigated. In particular, it is shown how to avoid that the group generated by the round functions acts imprimitively, which represent a serious flaw for the cipher