Presentation is loading. Please wait.

Presentation is loading. Please wait.

Scalable Involutional PP-1 Block Cipher for Limited Resources K. Chmiel, A. Grocholewska-Czuryło, J. Stokłosa Poznan University of Technology Institute.

Similar presentations


Presentation on theme: "Scalable Involutional PP-1 Block Cipher for Limited Resources K. Chmiel, A. Grocholewska-Czuryło, J. Stokłosa Poznan University of Technology Institute."— Presentation transcript:

1 Scalable Involutional PP-1 Block Cipher for Limited Resources K. Chmiel, A. Grocholewska-Czuryło, J. Stokłosa Poznan University of Technology Institute of Control and Information Engineering Poznan, Poland

2 Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 2 Basic assumptions of the PP-1 cipher project Scalability – extendable data block size and key size; Resources – limited (small memory, simple processor); -the same resources for encryption and decryption: -one involutional S-box (i.e. S 1 = S ), -one involutional P-box (i.e. P 1 = P ), -the same round keys; -simple elementary operations: -modulo 2 sum, -addition, -subtraction, -shifts; Implementation – efficient in software and hardware.

3 Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 3 Data processing path Fig. 2. Nonlinear element NL (j = 1, 2,..., t) Fig. 1. One round of the PP-1 (i = 1, 2,..., r) Remarks: data blocks of n = t64 bits are processed in r rounds (t = 1, 2, 3,... ), two n-bit round keys k i =k 2i–1 and k i =k 2i are used in round i.

4 Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 4 64-bit variant of PP-1 Fig. 3. Encryption and decryption performed by PP-1 (n = 64)

5 Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 5 Round key scheduling Fig. 5. KS the main part of an iteration (j = 1, 2,..., t) Fig. 4. One iteration of key scheduling (i = 0, 1,..., 2r) Remarks: the cipher key k for the PP-1 algorithm is a sequence of n or 2n bits, the round keys k 1, k 2,..., k 2r are produced on outputs of iterations #1 to #2r. depends on k

6 Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 6 Details of round key scheduling Remarks: function E value, is equal to XOR of 4MSBs of the two leftmost S-boxes, entry X 0 of iteration #0, is supplied by the n-bit constant B, inputs K i depend on cipher key k: n-bit or 2n-bit (k = k H ||k L ).. Entry X 0 : X 0 = B = B 1 ||B 2 ||...||B t where 64-bit B 1 = 912B4769B2496E7C, B j = Prm(B j–1 ) for j = 2, 3,..., t, Prm is calculated for nBb = 64 and nSb = 8. Inputs K i : K 2 = RL(B (A (K 0 K 1 ))) Function E: e i = E(b 1 b 2...b n ) = (b 1 b 9 )(b 2 b 10 )(b 3 b 11 )(b 4 b 12 ) for V i = b 1 b 2...b n, where b 1 is the MSB. K i = RL(K i1 ) for i = 3, 4,..., 2r

7 Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 7 Involutional substitution S Fig. 6. Involutional 8 8-bit S-box S S(6F) = DA, S(DA) = 6F L H Method: generated using multiplicative inverse procedure, similar to AES, processed to remove existence of affine transformations between component Boolean functions. Parameters: nonlinearity – 110 (maxTA = 18), 2 nd maximum XOR DDT value – 4 (maxTD = 4).

8 Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 8 Involutional permutation P Fig. 8. P for 8 8 bit matrices (n =64) Remarks: dissipates 8-bit output subblocks of S-boxes S in the n-bit block of a round, can be implemented by transposition of 8 8 bit matrices in processor words. Fig. 7. Bit mappings of involutional bit permutation P and their illustration (n =64)

9 Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 9 Scalable permutation P Fig. 9. Algorithms to construct permutation P and their illustration (n = 64) Method (n = 64): algorithm Prm calculates bit mappings in Prm, to dissipate 4-bit subblocks in 32-bit block, algorithm P calculates involutional pairs of bit mappings in 64-bit P. Prm(x, nBb, nSb) {argument, number of block bits (e.g.64), number of S-box bits (e.g. 8)} 1. nS nBb div nSb {number of S-boxes} 2. Sno x mod nS +1 {S-box number(from 1)} 3. Sb (x 1) div nS + 1 {S-box bit (from 1)} 4. y (Sno 1) nSb + Sb {value of bit mapping} 5. return y P(pno, nBb, nSb) {pair number (from 1), number of block bits (e.g. 64), number of S-box bits (e.g. 8)} 1. y Prm(pno, nBb div 2, nSb div 2) {value of Prm} 2. px 2 pno 1 {odd argument (value) of bit mapping} 3. py 2 y {even value (argument) of bit mapping} 4. return (px, py)

10 Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 10 Differential and Linear Approximation p = N(X,Y) / 2 n X' {0,..,2 n –1}, Y' {0,..,2 m –1} Fig. 10. Differential and linear approximation of function f : {0,1} n {0,1} m f(X) f(X X') = Y' p X {1,..,n}, Y {1,..,m} Y[Y] = X[X] p = N(X,Y) / 2 n | p| = | p – 1/2 | effectiveness of differential approximation effectiveness of linear approximation

11 Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 11 Approximation Tables Fig. 11. Function f: {0,1} 4 {0,1} 2 and its approximation tables TDf and TAf TDf[X, Y] = N(X, Y) TAf[X, Y] = N(X, Y) = N(X, Y) - 2 n-1 maxTD = max{TDf[X', Y'] : X' 0 Y' 0} maxTA = max{|TAf[X', Y']| : X' Y' }

12 Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 12 Quality of S-box S (PP-1) Fig. 12. Comparison of S-box S to randomly selected S-boxes (n = 8, m = 8)

13 Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 13 DES Algorithm Fig. 13. General structure and function f of DES (IBM 1977) c 1 (j) ||c 2 (j) = c 2 (j-1) ||c 1 (j-1) f(c 2 (j-1), k j ) for j = 1, 2,..., 15 c 1 (j) ||c 2 (j) = c 1 (j-1) f(c 2 (j-1), k j )||c 2 (j-1) for j = 16

14 Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 14 Quality of S-boxes S1-S8 (DES) Fig. 14. Comparison of S-boxes S1-S8 to randomly selected S-boxes (n = 6, m = 4)

15 Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 15 Evaluation of PP-1 Fig. 15. Number r of rounds for n-bit block ( s = 8, q a = 2, q p = 1) r ( n/2 – log q p ) / ( s/2 – log q a ) | p a + | | p p + | | p i + | q a /2 s/2 +1 | p p + | q p /2 n/2 +1 | p a + | (1/2) (q a /2 s/2 ) r (q a /2 s/2 ) r q p /2 n/2 comparative algorithm (1) (5) (4) (2) (3) (7) (6)

16 Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 16 Evaluation of DES Fig. 16. Comparative algorithm and evaluation of DES quality Evaluation methods: exact – the best nonzero linear approximation of a cipher is determined, rough – the best nonzero linear approximation of a cipher is assumed to be a composition of the best nonzero linear approximation of a single iteration, intermediate –the best zero-nonzero approximation of a cipher is found, that fulfils approximation conditions. improved S1, S5, S7

17 Scalable Involutional PP-1 Block Cipher for Limited Resources CECC 2010 © Krzysztof Chmiel 17 Conclusions PP-1, is a new scalable block cipher that is simple, efficient and secure; PP-1 is aimed to be used on platforms with limited resources, and especially with a limited amount of memory; Due to the fact that PP-1 uses only very simple arithmetic operations, the cipher can be implemented on different platforms such as smart- cards, TV decoders, mobiles, etc.; We could not find any significant constraint in PP-1 and have not inserted any hidden weakness.


Download ppt "Scalable Involutional PP-1 Block Cipher for Limited Resources K. Chmiel, A. Grocholewska-Czuryło, J. Stokłosa Poznan University of Technology Institute."

Similar presentations


Ads by Google