New NASH encryption algorithm
An original new block encryption algorithm is proposed for implementation on widely used general-purpose microcontrollers. The NASH algorithm is based on the principles of modern “lightweight cryptography”, but uses managed shifts, which, while maintaining the level of persistence, is limited to a smaller number of rounds, increasing data processing speed. The NASH algorithm can be used to protect the exchange of data between devices on the so-called “Internet of Things” networks, as well as to protect data recorded on compact personal storage media (flash memory, microSD cards, etc.).
Keywords: encryption, block encryption algorithm, lightweight cryptography, round function, managed shifts, key sweep.
Due to the widespread use in industrial systems, control systems and consumer mass devices in the consumer market of general-purpose microcontrollers, they have become relatively cheap and widely available. At the same time, their capabilities have changed so much that it became possible to talk about the implementation of complex cryptographic transformations [1, 2]. However, the implementation of encryption standards on microcontrollers cannot provide an acceptable encryption rate. Therefore, to achieve high speed, several special encryption algorithms have been proposed, called “lightweight” [3, 4, 5]. The most effective among them is the algorithms SPECK and SIMON, developed by the NSA [6, 7]. They express the idea of an encryption algorithm, consisting of a large number of simple transformations, which was expressed in the letters of the 50s to the NSA by Nobel Prize winner in economics John Nasham [9].
')
We set as our goal to develop a lightweight block encryption algorithm that would not be inferior in strength to the NSA algorithms mentioned above, but would allow a certain reduction in the number of rounds, which makes it even faster. In honor of John Nash, we called the NASH algorithm.
The NASH algorithm is as follows. The text is divided into semi-blocks of 2 ** n bits, the block is encrypted with r rounds into sequences of round keys k (i) received from the master key using the “key expansion” algorithm. The data block is divided into left and right semi-blocks (L (i), R (i)) of 2 ** n bits each, with which the following transformations are performed on the (i + 1) -th round
The encryption equations for the data block in the (i + 1) -th round look like this:
R (i + 1) = L (i)
L (i + 1) = ((L (i) ⊞k (i)) ⋙F (L (i), L (i) ⊞k (i))) ⊕R (i)
In the last round of block encryption, the semi-blocks L (i + 1), R (i + 1) do not switch places.
The size of the semi-block is 2 ** n, where n = 5 or 6, respectively, the size of the semi-block is 32 or 64 bits. Accordingly, a block size of 64 or 128 bits is proposed.
Mixing with the round key k (i): ⊞ is the addition function of two integers modulo 2 ^ n.
Managed cyclic shift:
Interpret the half block L (i) as a vector of values of a Boolean function of n variables, and the first output bit F is obtained as the value of this function on a set of bits from L (i) ⊞k (i) of the form 2 ** i-1, where i = 1 , ..., n, that is, as the value L (i) ((L (i) ⊞k (i)) [2 ** 1-1, ..., 2 ** n-1]) , the numbering of the bits of the half block from 0 to 2 ** n-1.
We interpret L (i) ⊞k (i) as a vector of values of a Boolean function of n variables, and the second output bit F is obtained as the value of this function on a set of bits from L (i) of the form 2 ** i-1, where i = 1, ..., n, that is, as (L (i) ⊞k (i)) (L (i) [2 ** 1-1, ..., 2 ** n-1]) , the numbering of the bits of the half block from 0 to 2 ^ n-1.
For a block size of 64 bits (half a block, respectively, 32 bits):
00 corresponds to a cyclic shift of 11;
01 corresponds to a cyclic shift of 14;
10 corresponds to a cyclic shift by 10;
11 corresponds to a cyclic shift by 19.
Number of rounds r:
for block size 64 (half block - 32): r = 24;
for a block size of 128 (a half block is 64): r = 28.
Key size: 128, 192 or 256 bits.
L (0) = c (0), R (0) = c (1), where the value of the constant c (i) is obtained as follows.
The key is divided into L blocks of length 2 ^ n, another 8-L blocks are obtained as the values of the square root of the first prime numbers (√2, √3, √5, etc., leaving only the mantissa - the fractional part without order. C99 / C11 80-bit long double take bits from the last 64 bits).
These blocks correspond with (0), with (1), ..., with (7).
Further, when calculating with (i), we take the constant with (i) with the index (i mod 6) +2 and add it modulo 2 with the round number with (i) = i⨁ ((i mod 6) +2) .
For the round key, take k (i) = L (i + 1).
Keywords: encryption, block encryption algorithm, lightweight cryptography, round function, managed shifts, key sweep.
Due to the widespread use in industrial systems, control systems and consumer mass devices in the consumer market of general-purpose microcontrollers, they have become relatively cheap and widely available. At the same time, their capabilities have changed so much that it became possible to talk about the implementation of complex cryptographic transformations [1, 2]. However, the implementation of encryption standards on microcontrollers cannot provide an acceptable encryption rate. Therefore, to achieve high speed, several special encryption algorithms have been proposed, called “lightweight” [3, 4, 5]. The most effective among them is the algorithms SPECK and SIMON, developed by the NSA [6, 7]. They express the idea of an encryption algorithm, consisting of a large number of simple transformations, which was expressed in the letters of the 50s to the NSA by Nobel Prize winner in economics John Nasham [9].
')
We set as our goal to develop a lightweight block encryption algorithm that would not be inferior in strength to the NSA algorithms mentioned above, but would allow a certain reduction in the number of rounds, which makes it even faster. In honor of John Nash, we called the NASH algorithm.
Algorithm diagram
The NASH algorithm is as follows. The text is divided into semi-blocks of 2 ** n bits, the block is encrypted with r rounds into sequences of round keys k (i) received from the master key using the “key expansion” algorithm. The data block is divided into left and right semi-blocks (L (i), R (i)) of 2 ** n bits each, with which the following transformations are performed on the (i + 1) -th round
The encryption equations for the data block in the (i + 1) -th round look like this:
R (i + 1) = L (i)
L (i + 1) = ((L (i) ⊞k (i)) ⋙F (L (i), L (i) ⊞k (i))) ⊕R (i)
In the last round of block encryption, the semi-blocks L (i + 1), R (i + 1) do not switch places.
Details of the round conversion
The size of the semi-block is 2 ** n, where n = 5 or 6, respectively, the size of the semi-block is 32 or 64 bits. Accordingly, a block size of 64 or 128 bits is proposed.
Mixing with the round key k (i): ⊞ is the addition function of two integers modulo 2 ^ n.
Managed cyclic shift:
- for a block size of 64 bits (a half block is 32 bits) - a cyclic shift to the right by one of 4 values (11, 14, 10, 19).
- for a block size of 128 bits (the size of a half block is 64 bits), a right-shift by one of 4 values (37, 34, 38, 29).
Shift control function
Interpret the half block L (i) as a vector of values of a Boolean function of n variables, and the first output bit F is obtained as the value of this function on a set of bits from L (i) ⊞k (i) of the form 2 ** i-1, where i = 1 , ..., n, that is, as the value L (i) ((L (i) ⊞k (i)) [2 ** 1-1, ..., 2 ** n-1]) , the numbering of the bits of the half block from 0 to 2 ** n-1.
We interpret L (i) ⊞k (i) as a vector of values of a Boolean function of n variables, and the second output bit F is obtained as the value of this function on a set of bits from L (i) of the form 2 ** i-1, where i = 1, ..., n, that is, as (L (i) ⊞k (i)) (L (i) [2 ** 1-1, ..., 2 ** n-1]) , the numbering of the bits of the half block from 0 to 2 ^ n-1.
For a block size of 64 bits (half a block, respectively, 32 bits):
00 corresponds to a cyclic shift of 11;
01 corresponds to a cyclic shift of 14;
10 corresponds to a cyclic shift by 10;
11 corresponds to a cyclic shift by 19.
Number of rounds r:
for block size 64 (half block - 32): r = 24;
for a block size of 128 (a half block is 64): r = 28.
Key size: 128, 192 or 256 bits.
Function for generating round keys
L (0) = c (0), R (0) = c (1), where the value of the constant c (i) is obtained as follows.
The key is divided into L blocks of length 2 ^ n, another 8-L blocks are obtained as the values of the square root of the first prime numbers (√2, √3, √5, etc., leaving only the mantissa - the fractional part without order. C99 / C11 80-bit long double take bits from the last 64 bits).
These blocks correspond with (0), with (1), ..., with (7).
Further, when calculating with (i), we take the constant with (i) with the index (i mod 6) +2 and add it modulo 2 with the round number with (i) = i⨁ ((i mod 6) +2) .
For the round key, take k (i) = L (i + 1).
Related Literature
1.Microcontrollers-and-Processors. 2016 URL: www.nxp.com / products / microcntrollers-and-processors
2. Interenet of Things. 2016 URL: http: // www.gemalto.com/iot
3. McKay K., Bassham L., Turan M., Mouha N., DRAFT NISTIR 8114 Report on Lightweight Cryptography NISTIR , 2016 URL: www.nist.gov
4. D. Dinu, Y. Le Corre, D. Khovratovich, L. Perrin, J. Großschädl, A. Biryukov, Triathlon of Lightweight Block, Ciphers for the Internet of Things, Report on Lightweight Cryptography; Information Technology Laboratory NIST, 2015 URL: www.nist.gov
5. N. Mouha, B. Mennink, A. Van Herrewege, D. Watanabe, B. Preneel, I. Verbauwhede, Chaskey: a Lightweight MAC Algorithm for Microcontrollers, Lightweight Cryptography Workshop 2015, 2015 URL: www.nist.gov
6. H. Tschofenig, M. Pegourie-Gonnard, Performance of State-of-the-Art Cryptography on ARM-based Microprocessors, NIST Lightweight Cryptography Workshop 2015
7. R. Beaulieu, D. Shors, J. Smith, S. Treatman-Clark, B. Weeks, W., Wings, Simon and Speck for the Internet, Things, National Security Agency 9800 Savage Road, Fort Meade , MD, 20755, USA, Memo 9 July 2015
8. C. Shannon, Communication theory of secret systems, Bell Systems Techn. J. (1949) 656-715
9. J. Nash, Letter to NSA, 1955, URL: www.nsa.gov/public_info/press_room/2012/nash_exhibit_shtm
2. Interenet of Things. 2016 URL: http: // www.gemalto.com/iot
3. McKay K., Bassham L., Turan M., Mouha N., DRAFT NISTIR 8114 Report on Lightweight Cryptography NISTIR , 2016 URL: www.nist.gov
4. D. Dinu, Y. Le Corre, D. Khovratovich, L. Perrin, J. Großschädl, A. Biryukov, Triathlon of Lightweight Block, Ciphers for the Internet of Things, Report on Lightweight Cryptography; Information Technology Laboratory NIST, 2015 URL: www.nist.gov
5. N. Mouha, B. Mennink, A. Van Herrewege, D. Watanabe, B. Preneel, I. Verbauwhede, Chaskey: a Lightweight MAC Algorithm for Microcontrollers, Lightweight Cryptography Workshop 2015, 2015 URL: www.nist.gov
6. H. Tschofenig, M. Pegourie-Gonnard, Performance of State-of-the-Art Cryptography on ARM-based Microprocessors, NIST Lightweight Cryptography Workshop 2015
7. R. Beaulieu, D. Shors, J. Smith, S. Treatman-Clark, B. Weeks, W., Wings, Simon and Speck for the Internet, Things, National Security Agency 9800 Savage Road, Fort Meade , MD, 20755, USA, Memo 9 July 2015
8. C. Shannon, Communication theory of secret systems, Bell Systems Techn. J. (1949) 656-715
9. J. Nash, Letter to NSA, 1955, URL: www.nsa.gov/public_info/press_room/2012/nash_exhibit_shtm
Source: https://habr.com/ru/post/337388/
All Articles