Fruit-80: A Secure Ultra-Lightweight Stream Cipher for Constrained Environments
In Fast Software Encryption (FSE) 2015, while presenting a new idea (i.e., the design of stream ciphers with the small internal state by using a secret key, not only in the initialization but also in the keystream generation), Sprout was proposed. Sprout was insecure and an improved version of Sprou...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2018-03-01
|
| Series: | Entropy |
| Subjects: | |
| Online Access: | http://www.mdpi.com/1099-4300/20/3/180 |
| id |
doaj-aaa4f27feb2b4bb9b23002ee5523e75a |
|---|---|
| record_format |
Article |
| spelling |
doaj-aaa4f27feb2b4bb9b23002ee5523e75a2020-11-25T00:12:21ZengMDPI AGEntropy1099-43002018-03-0120318010.3390/e20030180e20030180Fruit-80: A Secure Ultra-Lightweight Stream Cipher for Constrained EnvironmentsVahid Amin Ghafari0Honggang Hu1Key Laboratory of Electromagnetic Space Information, Chinese Academy of Sciences, School of Information Science and Technology, University of Science and Technology of China, Hefei 230026, ChinaKey Laboratory of Electromagnetic Space Information, Chinese Academy of Sciences, School of Information Science and Technology, University of Science and Technology of China, Hefei 230026, ChinaIn Fast Software Encryption (FSE) 2015, while presenting a new idea (i.e., the design of stream ciphers with the small internal state by using a secret key, not only in the initialization but also in the keystream generation), Sprout was proposed. Sprout was insecure and an improved version of Sprout was presented in FSE 2017. We introduced Fruit stream cipher informally in 2016 on the web page of IACR (eprint) and few cryptanalysis were published on it. Fortunately, the main structure of Fruit was resistant. Now, Fruit-80 is presented as a final version which is easier to implement and is secure. The size of LFSR and NFSR in Fruit-80 is only 80 bits (for 80-bit security level), while for resistance to the classical time-memory-data tradeoff (TMDTO) attacks, the internal state size should be at least twice that of the security level. To satisfy this rule and to design a concrete cipher, we used some new design ideas. It seems that the bottleneck of designing an ultra-lightweight stream cipher is TMDTO distinguishing attacks. A countermeasure was suggested, and another countermeasure is proposed here. Fruit-80 is better than other small-state stream ciphers in terms of the initialization speed and area size in hardware. It is possible to redesign many of the stream ciphers and achieve significantly smaller area size by using the new idea.http://www.mdpi.com/1099-4300/20/3/180stream cipherultra-lightweightlightweightGrainsmall-stateNFSRLFSRhardware implementation |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Vahid Amin Ghafari Honggang Hu |
| spellingShingle |
Vahid Amin Ghafari Honggang Hu Fruit-80: A Secure Ultra-Lightweight Stream Cipher for Constrained Environments Entropy stream cipher ultra-lightweight lightweight Grain small-state NFSR LFSR hardware implementation |
| author_facet |
Vahid Amin Ghafari Honggang Hu |
| author_sort |
Vahid Amin Ghafari |
| title |
Fruit-80: A Secure Ultra-Lightweight Stream Cipher for Constrained Environments |
| title_short |
Fruit-80: A Secure Ultra-Lightweight Stream Cipher for Constrained Environments |
| title_full |
Fruit-80: A Secure Ultra-Lightweight Stream Cipher for Constrained Environments |
| title_fullStr |
Fruit-80: A Secure Ultra-Lightweight Stream Cipher for Constrained Environments |
| title_full_unstemmed |
Fruit-80: A Secure Ultra-Lightweight Stream Cipher for Constrained Environments |
| title_sort |
fruit-80: a secure ultra-lightweight stream cipher for constrained environments |
| publisher |
MDPI AG |
| series |
Entropy |
| issn |
1099-4300 |
| publishDate |
2018-03-01 |
| description |
In Fast Software Encryption (FSE) 2015, while presenting a new idea (i.e., the design of stream ciphers with the small internal state by using a secret key, not only in the initialization but also in the keystream generation), Sprout was proposed. Sprout was insecure and an improved version of Sprout was presented in FSE 2017. We introduced Fruit stream cipher informally in 2016 on the web page of IACR (eprint) and few cryptanalysis were published on it. Fortunately, the main structure of Fruit was resistant. Now, Fruit-80 is presented as a final version which is easier to implement and is secure. The size of LFSR and NFSR in Fruit-80 is only 80 bits (for 80-bit security level), while for resistance to the classical time-memory-data tradeoff (TMDTO) attacks, the internal state size should be at least twice that of the security level. To satisfy this rule and to design a concrete cipher, we used some new design ideas. It seems that the bottleneck of designing an ultra-lightweight stream cipher is TMDTO distinguishing attacks. A countermeasure was suggested, and another countermeasure is proposed here. Fruit-80 is better than other small-state stream ciphers in terms of the initialization speed and area size in hardware. It is possible to redesign many of the stream ciphers and achieve significantly smaller area size by using the new idea. |
| topic |
stream cipher ultra-lightweight lightweight Grain small-state NFSR LFSR hardware implementation |
| url |
http://www.mdpi.com/1099-4300/20/3/180 |
| work_keys_str_mv |
AT vahidaminghafari fruit80asecureultralightweightstreamcipherforconstrainedenvironments AT hongganghu fruit80asecureultralightweightstreamcipherforconstrainedenvironments |
| _version_ |
1725399612503621632 |