Skip to main content
SpringerLink
Log in

RECTANGLE: a bit-slice lightweight block cipher suitable for multiple platforms

RECTANGLE: 适合多个平台的比特切片的轻量级分组密码

  • Research Paper
  • Published:
Science China Information Sciences Aims and scope Submit manuscript

Abstract

In this paper, we propose a new lightweight block cipher named RECTANGLE. The main idea of the design of RECTANGLE is to allow lightweight and fast implementations using bit-slice techniques. RECTANGLE uses an SP-network. The substitution layer consists of 16 4×4 S-boxes in parallel. The permutation layer is composed of 3 rotations. As shown in this paper, RECTANGLE offers great performance in both hardware and software environment, which provides enough flexibility for different application scenario. The following are 3 main advantages of RECTANGLE. First, RECTANGLE is extremely hardware-friendly. For the 80-bit key version, a one-cycle-per-round parallel implementation only needs 1600 gates for a throughput of 246 Kbits/s at 100 kHz clock and an energy efficiency of 3.0 pJ/bit. Second, RECTANGLE achieves a very competitive software speed among the existing lightweight block ciphers due to its bit-slice style. Using 128-bit SSE instructions, a bit-slice implementation of RECTANGLE reaches an average encryption speed of about 3.9 cycles/byte for messages around 3000 bytes. Last but not least, we propose new design criteria for the RECTANGLE S-box. Due to our careful selection of the S-box and the asymmetric design of the permutation layer, RECTANGLE achieves a very good security-performance tradeoff. Our extensive and deep security analysis shows that the highest number of rounds that we can attack, is 18 (out of 25).

摘要

创新点

本论文提出一个新的轻量级分组密码 RECTANGLE. RECTANGLE 具有以下 4 个特点: (1.) 具有很好的抵抗数学类攻击的安全冗余度; (2). 容易进行侧信道防护; (3). 设计基于比特切片技术, 同时具有很好的硬件和软件实现; (4). 我们公开了 RECTANGLE 的设计准则. RECTANGLE 的 S 盒选取, 我们提出了新的设计准则; RECTANGLE 的 P 置换设计也非常关键, RECTANGLE 的 P 置换仅由 3 次循环移位组成, 同时适合硬件和软件实现; RECTANGLE 的 S 盒和 P 置换组合在一起, 使整体的密码算法具有很弱的差分/线性路径的聚集, 从而使 RECTANGLE 具有很好的安全性和实现效率的折中.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Leander G, Paar C, Poschmann A, et al. New lightweight DES variants. In: Proceedings of 14th International Workshop on Fast Software Encryption, Luxembourg, 2007. 196–210

    Chapter  Google Scholar 

  2. Engels D, Saarinen M-J O, Schweitzer P, et al. The hummingbird-2 lightweight authenticated encryption algorithm. In: Proceedings of 7th International Workshop on Security and Privacy, Amherst, 2011. 19–31

    Google Scholar 

  3. De Canniêre C, Dunkelman O, Knezević M. KATAN and KTANTAN—a family of small and efficient hardware-oriented block ciphers. In: Proceedings of 11th International Workshop on Cryptographic Hardware and Embedded Systems, Lausanne, 2009. 272–288

    Google Scholar 

  4. Gong Z, Nikova S, Law Y W. KLEIN: a new family of lightweight block ciphers. In: Juels A, Paar C, eds. RFID Security and Privacy. Berlin/Heidelberg: Springer-Verlag, 2011. 1–18

    Google Scholar 

  5. Wu W L, Zhang L. LBlock: a lightweight block cipher. In: Proceedings of 9th International Conference on Applied Cryptography and Network Security, Nerja, 2011. 327–344

    Google Scholar 

  6. Guo J, Peyrin T, Poschmann A, et al. The LED block cipher. In: Proceedings of 13th International Workshop on Cryptographic Hardware and Embedded Systems, Nara, 2011. 326–341

    Google Scholar 

  7. Shibutani K, Isobe T, Hiwatari H, et al. Piccolo: an ultra-lightweight blockcipher. In: Proceedings of 13th International Workshop on Cryptographic Hardware and Embedded Systems, Nara, 2011. 342–357

    Google Scholar 

  8. Bogdanov A, Knudsen L R, Leander G, et al. PRESENT: an ultra-lightweight block cipher. In: Proceedings of 9th International Workshop on Cryptographic Hardware and Embedded Systems, Vienna, 2007. 450–466

    Google Scholar 

  9. Beaulieu R, Shors D, Smith J, et al. The SIMON and SPECK families of lightweight block ciphers. Cryptology ePrint Archive, Report 2013/404, 2013. http://eprint.iacr.org/

    Google Scholar 

  10. Suzaki T, Minematsu K, Morioka S, et al. Twine: a lightweight block cipher for multiple platforms. In: Proceedings of 19th International Workshop Selected Areas in Cryptography, Toronto, 2012. 339–354

    Google Scholar 

  11. Benadjila R, Guo J, Lomné V, et al. Implementing lightweight block ciphers on x86 architectures. In: Proceedings of 20th International Workshop on Selected Areas in Cryptography, Burnaby, 2010. 324–351

    Google Scholar 

  12. Matsuda S, Moriai S. Lightweight cryptography for the cloud: exploit the power of bitslice implementation. In: Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Leuven, 2012. 408–425

    Google Scholar 

  13. Bogdanov A, Rechberger C. A 3-subset meet-in-the-middle attack: cryptanalysis of the lightweight block cipher KTANTAN. In: Proceedings of 17th International Workshop Selected Areas in Cryptography, Waterloo, 2010. 229–240

    Google Scholar 

  14. Naya-Plasencia M, Peyrin T. Practical cryptanalysis of ARMADILLO2. In: Proceedings of 19th International Workshop on Fast Software Encryption, Washington, 2012. 146–162

    Chapter  Google Scholar 

  15. Saarinen M-J O. Cryptanalysis of Hummingbird-1. In: Proceedings of 18th International Workshop on Fast Software Encryption, Lyngby, 2011. 328–341

    Chapter  Google Scholar 

  16. Leander G. On linear hulls, statistical saturation attacks, PRESENT and a cryptanalysis of PUFFIN. In: Proceedings of 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tallinn, 2011. 303–322

    Google Scholar 

  17. Blondeau C, Gérard B. Multiple differential cryptanalysis: theory and practice. In: Proceedings of 18th International Workshop on Fast Software Encryption, Lyngby, 2011. 35–54

    Chapter  Google Scholar 

  18. Cho J Y. Linear cryptanalysis of reduced-round PRESENT. In: Proceedings of the Cryptographers’ Track at the RSA Conference, San Francisco, 2010. 302–317

    Google Scholar 

  19. Ohkuma K. Weak keys of reduced-round PRESENT for linear cryptanalysis. In: Proceedings of 16th International Workshop on Selected Areas in Cryptography, Calgary, 2009. 249–265

    Chapter  Google Scholar 

  20. Wang M Q, Sun Y, Tischhauser E, et al. A model for structure attacks, with applications to PRESENT and Serpent. In: Proceedings of 19th International Workshop on Fast Software Encryption, Washington, 2012. 49–68

    Chapter  Google Scholar 

  21. Biham E. A fast new DES implementation in software. In: Proceedings of 4th International Workshop on Fast Software Encryption, Haifa, 1997. 260–272

    Chapter  Google Scholar 

  22. Anderson R J, Biham E, Knudsen L R. Serpent: a proposal for the advanced encryption standard. NIST AES proposal, 1998

    Google Scholar 

  23. Wu H J. The hash function JH. Submission to NIST, 2008. http://icsd.i2r.a-star.edu.sg/staff/hongjun/jh/jh.pdf

    Google Scholar 

  24. Bertoni G, Daemen J, Peeters M, et al. Keccak Specifications. NIST SHA-3 Submission, 2008. http://keccak.noekeon.org/

    Google Scholar 

  25. Daemen J, Peeters M, Van Assche M, et al. Nessie Proposal: the Block Cipher Noekeon, Nessie submission, 2000. http://gro.noekeon.org/

    Google Scholar 

  26. De Canniêre C, Preneel B. Trivium. In: Robshaw M, Billet O, eds. New Stream Cipher Designs—the eSTREAM Finalists. Berlin: Springer, 2008. 244–266

    Chapter  Google Scholar 

  27. Matsui M, Nakajima J. On the power of bitslice implementation on Intel Core2 processor. In: Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Vienna, 2007. 121–134

    Google Scholar 

  28. Biham E, Shamir A. Differential cryptanalysis of DES-like cryptosystems. J Cryptol, 1991, 4: 3–72

    Article  MathSciNet  MATH  Google Scholar 

  29. Matsui M. Linear cryptanalysis method for DES cipher. In: Proceedings of Workshop on the Theory and Application of Cryptographic Techniques, Lofthus, 1993. 386–397

    Google Scholar 

  30. Daemen J, Rijmen V. The Design of Rijndael: AES—the Advanced Encryption Standard. Berlin/Heidelberg: Springer-Verlag, 2002

    Book  Google Scholar 

  31. Matsui M. On Correlation between the order of S-boxes and the strength of DES. In: Proceedings of Workshop on the Theory and Application of Cryptographic Techniques, Perugia, 1994. 366–375

    Google Scholar 

  32. Biryukov A, De Canniêre C, Quisquater M. On multiple linear approximations. In: Proceedings of 24th Annual International Cryptology Conference, Santa Barbara, 2004. 1–22

    Google Scholar 

  33. Hermelin M, Cho J Y, Nyberg K. Multidimensional extension of Matsui’s Algorithm 2. In: Proceedings of 16th International Workshop on Fast Software Encryption, Leuven, 2009. 209–227

    Chapter  Google Scholar 

  34. Collard B, Standaert F X. A statistical saturation attack against the block cipher PRESENT. In: Proceedings of the Cryptographers’ Track at the RSA Conference, San Francisco, 2009. 195–210

    Google Scholar 

  35. Blondeau C, Nyberg K. Links between truncated differential and multidimensional linear properties of block ciphers and underlying attack complexities. In: Proceedings of 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Copenhagen, 2014. 165–182

    Google Scholar 

  36. Biham E, Biryukov A, Shamir A. Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials. In: Proceedings of International Conference on the Theory and Application of Cryptographic Techniques, Prague, 1999. 12–23

    Google Scholar 

  37. Daemen J, Knudsen L R, Rijmen V. The block cipher Square. In: Proceedings of the International Workshop on Fast Software Encryption, Haifa, 1997. 149–165

    Chapter  Google Scholar 

  38. Knudsen L R, Wagner D. Integral cryptanalysis. In: Proceedings of 9th International Workshop on Fast Software Encryption, Leuven, 2002. 112–127

    Chapter  Google Scholar 

  39. Biryukov A, Wagner D. Slide attacks. In: Proceedings of 6th International Workshop on Fast Software Encryption, Rome, 1999. 245–259

    Chapter  Google Scholar 

  40. Biham E. New types of cryptanalytic attacks using related keys. J Cryptol, 1994, 7: 229–246

    Article  MATH  Google Scholar 

  41. Zhang W T, Bao Z Z, Rijmen V, et al. A new classification of 4-bit optimal S-boxes and its application to PRESENT, RECTANGLE and SPONGENT. In: Proceedings of 22th International Workshop on Fast Software Encryption, Istanbul, 2015

    Google Scholar 

  42. RECTANGLE hardware impelementation codes. http://homes.esat.kuleuven.be/~byang/rectangle/

  43. Moradi A, Poschmann A, Ling S, et al. Pushing the limits: a very compact and a threshold implementation of AES. In: Proceedings of 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tallinn, 2011. 69–88

    Google Scholar 

  44. Rolfes C, Poschmann A, Leander G, et al. Ultra-lightweight implementations for smart devices—security for 1000 gate equivalents. In: Proceedings of 8th IFIP WG 8.8/11.2 International Conference on Smart Card Research and Advanced Applications, London, 2008. 89–103

    Chapter  Google Scholar 

  45. Good T, Benaissa M. Hardware results for selected stream cipher candidates. In: Preproceedings of SASC 2007, eSTREAM, ECRYPT Stream Cipher Project. http://www.ecrypt.eu.org/stream, 2007. 191–204

    Google Scholar 

  46. Hwang D D, Tiri K, Hodjat A, et al. AES-based security coprocessor IC in 0.18µm CMOS with resistance to differential power analysis side-channel attacks. IEEE J Solid-State Circuits, 2006, 41: 781–791

    Article  Google Scholar 

  47. Eisenbarth T, Gong Z, Güneysu T, et al. Compact implementation and performance evaluation of block ciphers in ATtiny devices. In: Proceedings of 5th International Conference on Cryptology in Africa, Ifrane, 2012. 172–187

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China

    WenTao Zhang, ZhenZhen Bao & DongDai Lin

  2. Department of Electrical Engineering ESAT/COSIC and iMinds, Security Department, KU Leuven, Leuven, 3001, Belgium

    Vincent Rijmen, BoHan Yang & Ingrid Verbauwhede

Authors
  1. WenTao Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. ZhenZhen Bao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. DongDai Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Vincent Rijmen
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. BoHan Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Ingrid Verbauwhede
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to WenTao Zhang or Vincent Rijmen.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhang, W., Bao, Z., Lin, D. et al. RECTANGLE: a bit-slice lightweight block cipher suitable for multiple platforms. Sci. China Inf. Sci. 58, 1–15 (2015). https://doi.org/10.1007/s11432-015-5459-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11432-015-5459-7

Keywords

关键词

Search

Navigation