1 / 18

A Ultra-Light Block Cipher KB1

A Ultra-Light Block Cipher KB1. Changhoon Lee Center for Information Security Technologies, Korea University. crypto77@cist.korea.ac.kr. Contents. Introduction Background Design Goals Description of Block Cipher KB1 Security Analysis Implementation Efficiency Conclusion.

nickolas-macris
Download Presentation

A Ultra-Light Block Cipher KB1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Ultra-Light Block Cipher KB1 Changhoon Lee Center for Information Security Technologies, Korea University. crypto77@cist.korea.ac.kr

  2. Contents • Introduction • Background • Design Goals • Description of Block Cipher KB1 • Security Analysis • Implementation Efficiency • Conclusion

  3. Introduction (1/2) • Background • The ubiquitous computing paradigm is being watched with interest. • Typical ubiquitous computing devices impose new constraints in block cipher design due to their size and shape. • Tiny processors embedded in ubiquitous computing devices have a miniature battery • The chip area required hardware implementation of a block cipher should be small enough. • In this environments, it is required low-power, low- cost and light-weight block ciphers.

  4. Introduction (2/2) • There are few known ciphers which are suitable to these environments. • In order to prepare new computing paradigm in advance, we must develop new block cipher which are suitable to these environments • The block cipher KB1 is designed with above new constraints in ubiquitous computing environments in mind.

  5. Design Goals • To design a block cipher with extreme efficiency in resource usage • and power consumption. • To come up with a block cipher optimized for resource-constrained applications.  use the parameters of 64-bit block length and 128-bit key length • To achieve low complexity in hardware while providing sufficient security.

  6. Algorithm Specifications (1/9) • KB1 • 64-bit block with a 128-bit key size by iterating a round function 32 times. • Initial Transformation, Round Transformation, Final Transformation IT Key Schedule Round 1 ……………….. Round 32 FT

  7. P7 P6 P5 P4 P3 P2 P1 P0 MK3 MK2 MK1 MK0 X0,7 X0,6 X0,5 X0,4 X0,3 X0,2 X0,1 X0,0 Algorithm Specifications (2/9) • Initial Transformation • The Pi (i=0,2,4,6) bytes of plaintext are XORed (or added) with a part of the master key • |Pi|=8 bits and |MKi|=8 bits Round 1

  8. Algorithm Specifications (3/9) • Round Transformation • Non-linear operation “+” mod 28 • eXclusive-OR operation • Diffusion functions F0 and F1 • F0(X)=(X<<<1)^(X<<<2)^(X<<<7), • F1(X)=(X<<<3)^(X<<<4)^(X<<<6), where |X|=8 bits

  9. Xi-1,7 Xi-1,6 Xi-1,5 Xi-1,4 Xi-1,3 Xi-1,2 Xi-1,1 Xi-1,0 SK[4i- 1] SK[4i- 2] SK[4i- 4] SK[4i- 3] F0 F1 F0 F1 Xi,0 Xi,7 Xi,6 Xi,5 Xi,4 Xi,3 Xi,2 Xi,1 Algorithm Specifications (4/9) • The j-th input bytes Xi,j (j=0,2,4,6) of i-th round are updated by the input of (i-1)-th round, the round keys, and F functions. • The remaining input bytes Xi,j (j=1,3,5,7) of (i)-th round are transferred by the j-th input bytes Xi-1,j (j=0,2,4,6) of (i-1)-th round, respectively.

  10. X32,7 X32,6 X32,5 X32,4 X32,3 X32,2 X32,1 X32,0 MK15 MK14 MK13 MK12 C7 C6 C5 C4 C3 C2 C1 C0 Algorithm Specifications (5/9) • Final Transformation • The j-th output bytes (j=1,3,5,7) of the 32-th round, (X32,j), are XORed (or added) with a part of the master key. Round 32

  11. Algorithm Specifications (6/9) • Key Schedule • Two steps : Generating whitening keys, Generating round keys • Step 1 : Generating whitening keys. • The first 4 bytes of 128-bit master key MK=(MK0,…, MK16), (MK0, MK1, MK2, MK3 ), are used as the initial whitening keys. • The last 4 bytes of 128-bit master key, (MK12, MK13, MK14, MK15 ), are used as the final whitening keys.

  12. g SK[2i] g SK[2i+1] Permutation  Algorithm Specifications (7/9) • Step 2 : Generating round keys MK=MK15|| … || MK0 MK=MK15|| … || MK0 2i g SK[2i] 2i+1 g SK[2i+1] Permutation  i = 0,…,63

  13. i x y SK[j] z Algorithm Specifications (8/9) • “g” function : g(x,y,z,w)=((x+y) z)+ i • i : an internal state of LFSR h which is defined by the primitive polynomial x7+x3+1 over F2[x] • initial state 0 =(s6, s5, s4, s3, s2, s1, s0)=(1,0,1,1,0,1,0) • si+6=si+2 si-1 • i =(si+6, si+5, si+4, si+3, si+2, si+1, si)

  14. Algorithm Specifications (9/9) • “” : A bit-permutation which has 64 cycles. [128] = { 62, 75, 72, 57, 94, 101, 108, 45, 18, 51, 46, 81, 36, 125, 122, 27, 42, 49, 26, 115, 0, 85, 58, 99, 88, 31, 106, 47, 40, 3, 14, 107, 76, 37, 56, 1, 98, 13, 110, 113, 8, 73, 120, 59, 52, 39, 30, 97, 68, 93, 92, 25, 80, 77, 6, 117, 86, 5, 10, 17, 38, 69, 112, 43, 24, 55, 4, 65, 124, 11, 84, 91, 20, 121, 70, 19, 118, 71, 100, 111, 96, 89, 74, 35, 48, 7, 32, 105, 102, 41, 50, 83, 34, 53, 60, 21, 114, 87, 126, 15, 12, 67, 78, 119, 66, 123, 2, 95, 28, 33, 82, 109, 22, 23, 64, 9, 104, 103, 44, 61, 54, 127, 116, 29, 90, 63, 16, 79};

  15. Security Analysis • Strength against known attacks  KB1 has sufficient resistances against known attacks

  16. Implementation Efficiency • Hardware Effieciency • Efficiency in low-cost hardware implementation is one of main design objectives of KB1. • The following hardware implementation of KB1 means that it can be implemented using around 3K to 4K gates with high enough performances. < Hardware complexity of the KB1 processor >

  17. Conclusion • Presented a 64-bit block cipher KB1 which has been designed for use in resource-constrained environments, such as tiny ubiquitous devices. • Introduced its security and efficiency. • Our hardware implementation of KB1 shows that it can be implemented using around 3K to 4K gates. • So, KB1 are well-suited for our targeted applications, such as RFID, any power/space-limited applications. In this talk,

  18. Thank You !

More Related