Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Ultra-Light Block Cipher KB1 Changhoon Lee Center for Information Security Technologies, Korea University.

Published byLydia Farmer Modified over 9 years ago

Similar presentations

Presentation on theme: "A Ultra-Light Block Cipher KB1 Changhoon Lee Center for Information Security Technologies, Korea University."— Presentation transcript:

1 A Ultra-Light Block Cipher KB1 Changhoon Lee Center for Information Security Technologies, Korea University. crypto77@cist.korea.ac.kr

2 Contents  Introduction  Background  Design Goals  Description of Block Cipher KB1  Security Analysis  Implementation Efficiency  Conclusion

3 Introduction (1/2)  Background  The ubiquitous computing paradigm is being watched with interest.  Typical ubiquitous computing devices impose new constraints in block cipher design due to their size and shape.  Tiny processors embedded in ubiquitous computing devices have a miniature battery  The chip area required hardware implementation of a block cipher should be small enough.  In this environments, it is required low-power, low- cost and light-weight block ciphers.

4 Introduction (2/2)  There are few known ciphers which are suitable to these environments.  In order to prepare new computing paradigm in advance, we must develop new block cipher which are suitable to these environments  The block cipher KB1 is designed with above new constraints in ubiquitous computing environments in mind.

5 Design Goals  To design a block cipher with extreme efficiency in resource usage and power consumption.  To come up with a block cipher optimized for resource-constrained applications.  use the parameters of 64-bit block length and 128-bit key length  To achieve low complexity in hardware while providing sufficient security.

6 Algorithm Specifications (1/9)  KB1  64-bit block with a 128-bit key size by iterating a round function 32 times.  Initial Transformation, Round Transformation, Final Transformation IT Round 1 Round 32 FT ……………….. Key Schedule

7 Algorithm Specifications (2/9)  Initial Transformation  The P i (i=0,2,4,6) bytes of plaintext are XORed (or added) with a part of the master key  |P i |=8 bits and |MK i |=8 bits X 0,7 X 0,6 X 0,5 X 0,4 X 0,3 X 0,2 X 0,1 X 0,0 P7P7 P6P6 P5P5 P4P4 P3P3 P2P2 P1P1 P0P0 MK 3 MK 2 MK 1 MK 0 Round 1

8 Algorithm Specifications (3/9)  Round Transformation  Non-linear operation “+” mod 2 8  eXclusive-OR operation  Diffusion functions F 0 and F 1  F 0 (X)=(X<<<1)^(X<<<2)^(X<<<7),  F 1 (X)=(X<<<3)^(X<<<4)^(X<<<6), where |X|=8 bits

9  The j-th input bytes X i,j (j=0,2,4,6) of i-th round are updated by the input of (i-1)-th round, the round keys, and F functions.  The remaining input bytes X i,j (j=1,3,5,7) of (i)-th round are transferred by the j-th input bytes X i-1,j (j=0,2,4,6) of (i-1)-th round, respectively. X i-1,7 X i-1,6 X i-1,5 X i-1,4 X i-1,3 X i-1,2 X i-1,1 X i-1,0 F0F0 F0F0 F1F1 F1F1 X i,7 X i,6 X i,5 X i,4 X i,3 X i,2 X i,1 X i,0 SK[4i- 4] SK[4i- 3] SK[4i- 2]SK[4i- 1] Algorithm Specifications (4/9)

10 Algorithm Specifications (5/9)  Final Transformation  The j-th output bytes (j=1,3,5,7) of the 32-th round, (X 32,j ), are XORed (or added) with a part of the master key. Round 32 X 32,7 X 32,6 X 32,5 X 32,4 X 32,3 X 32,2 X 32,1 X 32,0 MK 15 MK 14 MK 13 MK 12 C7C7 C6C6 C5C5 C4C4 C3C3 C2C2 C1C1 C0C0

11 Algorithm Specifications (6/9)  Key Schedule  Two steps : Generating whitening keys, Generating round keys  Step 1 : Generating whitening keys.  The first 4 bytes of 128-bit master key MK=(MK 0,…, MK 16 ), (MK 0, MK 1, MK 2, MK 3 ), are used as the initial whitening keys.  The last 4 bytes of 128-bit master key, (MK 12, MK 13, MK 14, MK 15 ), are used as the final whitening keys.

12 Algorithm Specifications (7/9)  Step 2 : Generating round keys 2i2i Permutation  g SK[2i]  2i+1 g SK[2i+1] i = 0,…,63 MK=MK 15 || … || MK 0 g g SK[2i] SK[2i+1] Permutation 

13 Algorithm Specifications (8/9)  “g” function : g(x,y,z,w)=((x+y) z)+  i   i : an internal state of LFSR h which is defined by the primitive polynomial x 7 +x 3 +1 over F 2 [x]  initial state  0 =(s 6, s 5, s 4, s 3, s 2, s 1, s 0 )=(1,0,1,1,0,1,0)  s i+6 =s i+2 s i-1   i =(s i+6, s i+5, s i+4, s i+3, s i+2, s i+1, s i ) SK[j] ii x y z

14 Algorithm Specifications (9/9)  “  ” : A bit-permutation which has 64 cycles.  [128] = { 62, 75, 72, 57, 94, 101, 108, 45, 18, 51, 46, 81, 36, 125, 122, 27, 42, 49, 26, 115, 0, 85, 58, 99, 88, 31, 106, 47, 40, 3, 14, 107, 76, 37, 56, 1, 98, 13, 110, 113, 8, 73, 120, 59, 52, 39, 30, 97, 68, 93, 92, 25, 80, 77, 6, 117, 86, 5, 10, 17, 38, 69, 112, 43, 24, 55, 4, 65, 124, 11, 84, 91, 20, 121, 70, 19, 118, 71, 100, 111, 96, 89, 74, 35, 48, 7, 32, 105, 102, 41, 50, 83, 34, 53, 60, 21, 114, 87, 126, 15, 12, 67, 78, 119, 66, 123, 2, 95, 28, 33, 82, 109, 22, 23, 64, 9, 104, 103, 44, 61, 54, 127, 116, 29, 90, 63, 16, 79};

15 Security Analysis  Strength against known attacks AttacksNumber of RoundsAttack Complexity Differential Cryptanalysis 13/322 62 CP, 2 122 times Linear Cryptanalysis 13/322 57 KP, 2 114.2 times Impossible D.C18/322 45 CP, 2 109 times Square Attack16/322 42 CP, 2 51 times Boomerang Attack 13/322 63 CP, 2 124.3 times  KB1 has sufficient resistances against known attacks

16 Implementation Efficiency  Hardware Effieciency  Efficiency in low-cost hardware implementation is one of main design objectives of KB1.  The following hardware implementation of KB1 means that it can be implemented using around 3K to 4K gates with high enough performances. Component Gate count 8-bit XOR17 8-bit +41 8-bit register36 LFSR49 F0,F140 g function629(533) Key scheduler2365(2269) Round function838 Control unit562 Total3795(3699)

17 Conclusion In this talk,  Presented a 64-bit block cipher KB1 which has been designed for use in resource-constrained environments, such as tiny ubiquitous devices.  Introduced its security and efficiency.  Our hardware implementation of KB1 shows that it can be implemented using around 3K to 4K gates.  So, KB1 are well-suited for our targeted applications, such as RFID, any power/space-limited applications.

18 Thank You !

Download ppt "A Ultra-Light Block Cipher KB1 Changhoon Lee Center for Information Security Technologies, Korea University."

Similar presentations

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.
Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.

Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.

Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5

Cryptography and Network Security Chapter 5
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
The Advanced Encryption Standard (AES) Simplified.

The Advanced Encryption Standard (AES) Simplified.
Block Ciphers and the Data Encryption Standard

Block Ciphers and the Data Encryption Standard
Hashing Algorithms: SHA-3 CSCI 5857: Encoding and Encryption.

Hashing Algorithms: SHA-3 CSCI 5857: Encoding and Encryption.
Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)

Rachana Y. Patil 1 Data Encryption Standard (DES) (DES)
Data Encryption Standard (DES)

Data Encryption Standard (DES)
KATAN & KTANTAN A Family of Small and Efficient Hardware-Oriented Block Ciphers Christophe De Cannière 1, Orr Dunkelman 1,2, Miroslav Knežević 1 (1) Katholieke.

KATAN & KTANTAN A Family of Small and Efficient Hardware-Oriented Block Ciphers Christophe De Cannière 1, Orr Dunkelman 1,2, Miroslav Knežević 1 (1) Katholieke.
Block ciphers 1 Session 3. Contents Design of block ciphers Non-linear transformations 2/25.

Block ciphers 1 Session 3. Contents Design of block ciphers Non-linear transformations 2/25.
FEAL FEAL 1.

FEAL FEAL 1.
Akelarre 1 Akelarre Akelarre 2 Akelarre  Block cipher  Combines features of 2 strong ciphers o IDEA — “mixed mode” arithmetic o RC5 — keyed rotations.

Akelarre 1 Akelarre Akelarre 2 Akelarre  Block cipher  Combines features of 2 strong ciphers o IDEA — “mixed mode” arithmetic o RC5 — keyed rotations.
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.

1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.

Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.

Similar presentations

Ads by Google