Skip to main content
SpringerLink
Log in

Forkcipher: A New Primitive for Authenticated Encryption of Very Short Messages

  • Conference paper
  • First Online:
Advances in Cryptology – ASIACRYPT 2019 (ASIACRYPT 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11922))

Abstract

Highly efficient encryption and authentication of short messages is an essential requirement for enabling security in constrained scenarios such as the CAN FD in automotive systems (max. message size 64 bytes), massive IoT, critical communication domains of 5G, and Narrowband IoT, to mention a few. In addition, one of the NIST lightweight cryptography project requirements is that AEAD schemes shall be “optimized to be efficient for short messages (e.g., as short as 8 bytes)”.

In this work we introduce and formalize a novel primitive in symmetric cryptography called forkcipher. A forkcipher is a keyed primitive expanding a fixed-lenght input to a fixed-length output. We define its security as indistinguishability under a chosen ciphertext attack (for n-bit inputs to 2n-bit outputs). We give a generic construction validation via the new iterate-fork-iterate design paradigm.

We then propose \( {\mathsf {ForkSkinny}} \) as a concrete forkcipher instance with a public tweak and based on SKINNY: a tweakable lightweight cipher following the TWEAKEY framework. We conduct extensive cryptanalysis of \( {\mathsf {ForkSkinny}} \) against classical and structure-specific attacks.

We demonstrate the applicability of forkciphers by designing three new provably-secure nonce-based AEAD modes which offer performance and security tradeoffs and are optimized for efficiency of very short messages. Considering a reference block size of 16 bytes, and ignoring possible hardware optimizations, our new AEAD schemes beat the best SKINNY-based AEAD modes. More generally, we show forkciphers are suited for lightweight applications dealing with predominantly short messages, while at the same time allowing handling arbitrary messages sizes.

Furthermore, our hardware implementation results show that when we exploit the inherent parallelism of \( {\mathsf {ForkSkinny}} \) we achieve the best performance when directly compared with the most efficient mode instantiated with SKINNY.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    See the discussion section in full version [10].

  2. 2.

    We demonstrate that when used in a minimalistic mode of operation, a secure tweakable forkcipher yields a miniature FIL AEAD scheme which achieves tweakable PRI security.

  3. 3.

    We again conflate the label for the primitive with the label of the encryption algorithm.

  4. 4.

    At the time of writing, the best attacks on SKINNY cover at most 55% of the cipher.

  5. 5.

    Available at https://sites.google.com/site/skinnycipher/implementation.

References

  1. 3GPP TS 22.261: Service requirements for next generation new services and markets. https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=3107

  2. 3GPP TS 36.213: Evolved Universal Terrestrial Radio Access (E-UTRA); Physical layer procedures. https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=2427

  3. CAN FD Standards and Recommendations. https://www.can-cia.org/news/cia-in-action/view/can-fd-standards-and-recommendations/2016/9/30/

  4. ISO 11898–1:2015: Road vehicles - Controller area network (CAN) - Part 1: Data link layer and physical signalling. https://www.iso.org/standard/63648.html

  5. NB-IoT: Enabling New Business Opportunities. http://www.huawei.com/minisite/iot/img/nb_iot_whitepaper_en.pdf

  6. Specification of Secure Onboard Communication. https://www.autosar.org/fileadmin/user_upload/standards/classic/4-3/AUTOSAR_SWS_SecureOnboardCommunication.pdf

  7. Abdelkhalek, A., Sasaki, Y., Todo, Y., Tolba, M., Youssef, A.M.: MILP modeling for (large) s-boxes to optimize probability of differential characteristics. IACR Trans. Symmetric Cryptol. 2017(4), 99–129 (2017)

    Google Scholar 

  8. Anderson, E., Beaver, C., Draelos, T., Schroeppel, R., Torgerson, M.: ManTiCore: encryption with joint cipher-state authentication. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 440–453. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-27800-9_38

    Chapter  Google Scholar 

  9. Andreeva, E., et al.: COLM v1 (2014). https://competitions.cr.yp.to/round3/colmv1.pdf

  10. Andreeva, E., Lallemand, V., Purnal, A., Reyhanitabar, R., Roy, A., Vizar, D.: Forkcipher: a new primitive for authenticated encryption of very short messages. Cryptology ePrint Archive, Report 2019/1004 (2019). https://eprint.iacr.org/2019/1004

  11. Andreeva, E., Neven, G., Preneel, B., Shrimpton, T.: Seven-property-preserving iterated hashing: ROX. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 130–146. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-76900-2_8

    Chapter  Google Scholar 

  12. Ankele, R., Banik, S., Chakraborti, A., List, E., Mendel, F., Sim, S.M., Wang, G.: Related-key impossible-differential attack on reduced-round Skinny. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 208–228. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61204-1_11

    Chapter  Google Scholar 

  13. Ankele, R., Kölbl, S.: Mind the gap - a closer look at the security of block ciphers against differential cryptanalysis. In: Cid, C., Jacobson Jr., M. (eds.) SAC 2018. LNCS, vol. 11349, pp. 163–190. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-10970-7_8

    Chapter  Google Scholar 

  14. Aumasson, J.P., et al.: CHAE: challenges in authenticated encryption. ECRYPT-CSA D1.1, Revision 1.05, 1 March 2017

    Google Scholar 

  15. Avanzi, R.: Method and apparatus to encrypt plaintext data. US patent 9294266B2 (2013). https://patents.google.com/patent/US9294266B2/

  16. Banik, S., et al.: Midori: a block cipher for low energy. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 411–436. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48800-3_17

    Chapter  Google Scholar 

  17. Banik, S., et al.: Cryptanalysis of forkaes. Cryptology ePrint Archive, Report 2019/289 (2019). https://eprint.iacr.org/2019/289

  18. Beierle, C., et al.: The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 123–153. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53008-5_5

    Chapter  Google Scholar 

  19. Beierle, C., et al.: Skinny-AEAD and Skinny-Hash. NIST LWC Candidate (2019)

    Google Scholar 

  20. Bellare, M.: Practice-oriented provable-security. In: Okamoto, E., Davida, G., Mambo, M. (eds.) ISW 1997. LNCS, vol. 1396, pp. 221–231. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0030423

    Chapter  MATH  Google Scholar 

  21. Bellare, M., Goldreich, O., Mityagin, A.: The power of verification queries in message authentication and authenticated encryption. IACR Cryptology ePrint Archive 2004, 309 (2004)

    Google Scholar 

  22. Bellare, M., Kohno, T., Namprempre, C.: Breaking and provably repairing the SSH authenticated encryption scheme: a case study of the encode-then-encrypt-and-mac paradigm. ACM Trans. Inf. Syst. Secur. 7(2), 206–241 (2004)

    Article  Google Scholar 

  23. Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44448-3_41

    Chapter  Google Scholar 

  24. Bellare, M., Ristenpart, T.: Multi-property-preserving hash domain extension and the EMD transform. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 299–314. Springer, Heidelberg (2006). https://doi.org/10.1007/11935230_20

    Chapter  Google Scholar 

  25. Bellare, M., Rogaway, P.: Encode-then-encipher encryption: how to exploit nonces or redundancy in plaintexts for efficient cryptography. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 317–330. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44448-3_24

    Chapter  MATH  Google Scholar 

  26. Bernstein, D.J.: Cryptographic competitions: CAESAR. http://competitions.cr.yp.to

  27. Bertoni, G., Daemen, J., Hoffert, S., Peeters, M., Van Assche, G., Van Keer, R.: Farfalle: parallel permutation-based cryptography. IACR Transactions on Symmetric Cryptology 2017, (2017). https://tosc.iacr.org/index.php/ToSC/article/view/855

  28. Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. J. Cryptol. 4(1), 3–72 (1991)

    Article  MathSciNet  Google Scholar 

  29. Borghoff, J., et al.: PRINCE – a low-latency block cipher for pervasive computing applications. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 208–225. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34961-4_14

    Chapter  Google Scholar 

  30. Dobraunig, C., Eichlseder, M., Mendel, F., Schläffer, M.: ASCON v1.2 (2014). https://competitions.cr.yp.to/round3/asconv12.pdf

  31. Hoang, V.T., Krovetz, T., Rogaway, P.: Robust authenticated-encryption AEZ and the problem that it solves. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 15–44. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_2

    Chapter  Google Scholar 

  32. Jean, J., Nikolić, I., Peyrin, T., Seurin, Y.: Deoxys v1.41 v1 (2016). https://competitions.cr.yp.to/round3/deoxysv141.pdf

  33. Jean, J., Nikolić, I., Peyrin, T.: Tweaks and keys for block ciphers: the TWEAKEY framework. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 274–288. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45608-8_15

    Chapter  Google Scholar 

  34. Katz, J., Yung, M.: Unforgeable encryption and chosen ciphertext secure modes of operation. In: Goos, G., Hartmanis, J., van Leeuwen, J., Schneier, B. (eds.) FSE 2000. LNCS, vol. 1978, pp. 284–299. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44706-7_20

    Chapter  MATH  Google Scholar 

  35. Kranz, T., Leander, G., Wiemer, F.: Linear cryptanalysis: key schedules and tweakable block ciphers. IACR Trans. Symmetric Cryptol. 2017(1), 474–505 (2017)

    Google Scholar 

  36. Krovetz, T., Rogaway, P.: OCB v1.1 (2014). https://competitions.cr.yp.to/round3/ocbv11.pdf

  37. Krovetz, T., Rogaway, P.: The software performance of authenticated-encryption modes. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 306–327. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21702-9_18

    Chapter  MATH  Google Scholar 

  38. Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31–46. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_3

    Chapter  Google Scholar 

  39. Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48285-7_33

    Chapter  Google Scholar 

  40. McGrew, D.A., Viega, J.: The security and performance of the Galois/Counter Mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343–355. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30556-9_27

    Chapter  Google Scholar 

  41. Namprempre, C., Rogaway, P., Shrimpton, T.: Reconsidering generic composition. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 257–274. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55220-5_15

    Chapter  Google Scholar 

  42. NIST: DRAFT Submission Requirements and Evaluation Criteria for the Lightweight Cryptography Standardization Process (2018). https://csrc.nist.gov/Projects/Lightweight-Cryptography

  43. Paterson, K.G., Yau, A.K.L.: Cryptography in theory and practice: the case of encryption in ipsec. IACR Cryptology ePrint Archive 2005, 416 (2005). http://eprint.iacr.org/2005/416

  44. Paterson, K.G., Yau, A.K.L.: Cryptography in theory and practice: the case of encryption in IPsec. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 12–29. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_2

    Chapter  Google Scholar 

  45. Reyhanitabar, M.R., Susilo, W., Mu, Y.: Analysis of property-preservation capabilities of the ROX and ESh hash domain extenders. In: Boyd, C., González Nieto, J. (eds.) ACISP 2009. LNCS, vol. 5594, pp. 153–170. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02620-1_11

    Chapter  MATH  Google Scholar 

  46. Rogaway, P.: Authenticated-encryption with associated-data. ACM CCS 2002, 98–107 (2002)

    Google Scholar 

  47. Rogaway, P.: Practice-oriented provable security and the social construction of cryptography. IEEE Secur. Priv. 14(6), 10–17 (2016)

    Article  Google Scholar 

  48. Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373–390. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_23

    Chapter  Google Scholar 

  49. Sadeghi, S., Mohammadi, T., Bagheri, N.: Cryptanalysis of reduced round SKINNY block cipher. IACR Trans. Symmetric Cryptol. 2018(3), 124–162 (2018)

    Google Scholar 

  50. Sui, H., Wu, W., Zhang, L., Wang, P.: Attacking and fixing the CS mode. In: Qing, S., Zhou, J., Liu, D. (eds.) ICICS 2013. LNCS, vol. 8233, pp. 318–330. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-02726-5_23

    Chapter  Google Scholar 

  51. Tolba, M., Abdelkhalek, A., Youssef, A.M.: Impossible differential cryptanalysis of reduced-round SKINNY. In: Joye, M., Nitaj, A. (eds.) AFRICACRYPT 2017. LNCS, vol. 10239, pp. 117–134. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-57339-7_7

    Chapter  Google Scholar 

  52. Whiting, D., Housley, R., Ferguson, N.: Counter with CBC-MAC (CCM). IETF RFC 3610 (Informational), September 2003. http://www.ietf.org/rfc/rfc3610.txt

  53. Wu, H.: ACORN v3 (2014). https://competitions.cr.yp.to/round3/acornv3.pdf

  54. Wu, H., Huang, T.: MORUS v2 (2014). https://competitions.cr.yp.to/round3/morusv2.pdf

  55. Wu, H., Preneel, B.: AEGIS v1.1 (2014). https://competitions.cr.yp.to/round3/aegisv11.pdf

  56. Zhang, P., Zhang, W.: Differential cryptanalysis on block cipher skinny with MILP program. Secur. Commun. Netw. 2018, 3780407:1–3780407:11 (2018)

    Google Scholar 

  57. Zhang, W., Rijmen, V.: Division cryptanalysis of block ciphers with a binary diffusion layer. IET Inf. Secur. 13(2), 87–95 (2019)

    Article  Google Scholar 

Download references

Ackowledgements

Elena Andreeva was supported in part by the Research Council KU Leuven C1 on Security and Privacy for Cyber-Physical Systems and the Internet of Things with contract number C16/15/058 and by the Research Council KU Leuven, C16/18/004, through the EIT Health RAMSES project, through the IF/C1 on New Block Cipher Structures, and through the NIST project. In addition, this work was supported by the European Commission through the Horizon 2020 research and innovation programme under grant agreement H2020-DS-2014-653497 PANORAMIX and through the grant H2020-DS-SC7-2016-740507 Eunity. The work is supported in part by funding from imec of the Flemish Government. Antoon Purnal is supported by the Horizon 2020 research and innovation programme under Cathedral ERC Advanced Grant 695305. Reza Reyhanitabar’s work on this project was initiated when he was with KU Leuven and supported by an EU H2020-MSCA-IF fellowship under grant ID 708815, continued and submitted when he was with Elektrobit Automotive GmbH, and revised while he is now with TE Connectivity. Arnab Roy is supported by the EPSRC grant No. EPSRC EP/N011635/1.

Author information

Author notes

  1. Reza Reyhanitabar

    Present address: TE Connectivity, Niederwinkling, Germany

Authors and Affiliations

  1. imec-COSIC, KU Leuven, Leuven, Belgium

    Elena Andreeva & Antoon Purnal

  2. Université de Lorraine, CNRS, Inria, LORIA, Nancy, France

    Virginie Lallemand

  3. University of Bristol, Bristol, UK

    Arnab Roy

  4. CSEM, Neuchâtel, Switzerland

    Damian Vizár

Authors
  1. Elena Andreeva
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Virginie Lallemand
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Antoon Purnal
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Reza Reyhanitabar
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Arnab Roy
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Damian Vizár
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Elena Andreeva .

Editor information

Editors and Affiliations

  1. University of Auckland, Auckland, New Zealand

    Steven D. Galbraith

  2. Security Fundamentals Lab, NICT, Tokyo, Japan

    Shiho Moriai

Rights and permissions

Reprints and permissions

Copyright information

© 2019 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Andreeva, E., Lallemand, V., Purnal, A., Reyhanitabar, R., Roy, A., Vizár, D. (2019). Forkcipher: A New Primitive for Authenticated Encryption of Very Short Messages. In: Galbraith, S., Moriai, S. (eds) Advances in Cryptology – ASIACRYPT 2019. ASIACRYPT 2019. Lecture Notes in Computer Science(), vol 11922. Springer, Cham. https://doi.org/10.1007/978-3-030-34621-8_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-34621-8_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-34620-1

  • Online ISBN: 978-3-030-34621-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation