ABSTRACT
WG-8 is a lightweight instance of the Welch-Gong (WG) stream cipher family, targeting for resource-constrained devices like RFID tags, smart cards, and wireless sensor nodes. Recent work has demonstrated the advantages of tower field constructions for finite field arithmetic in the AES and WG-16 ciphers. In this paper we explore three different tower field constructions for WG-8. The first tower field is tailored to FPGA cells. The second tower field uses a Type-I optimal normal basis. The third tower field exploits algebraic properties of the WG permutation and trace functions. All of the methods use a parallel LFSR to provide data rates from one to eleven bits per clock cycle. Among the three tower fields, the Type-I ONB construction offers the best trade-off in area, speed, and power consumption. However, a plain monolithic look-up table implementation with 256 entries is smaller and faster than the tower field constructions. Our analysis of the tower field options and comparisons to each other and to the monolithic look-up table will provide lessons for future work in exploring novel tower field constructions for WG and other ciphers.
- Using look-up tables as shift registers (srl16) in spartan-3 generation fpgas. Xilinx Inc., available at http://www.xilinx.com/support/documentation/application_notes/xapp465.pdf, May 2005.Google Scholar
- M. D. Aagaard, G. Gong, and R. K. Mota. Hardware implementations of the wg-5 cipher for passive rfid tags. In 6th IEEE International Symposium on Hardware-Oriented Security and Trust, pages 24--29, June 2013.Google ScholarCross Ref
- S. Babbage and M. Dodd. The stream cipher mickey 2.0. ECRYPT Stream Cipher, available at http://www.ecrypt.eu.org/stream/p3ciphers/mickey/mickey_p3.pdf, 2006.Google Scholar
- R. Beaulieu, D. Shors, J. Smith, S. Treatman-Clark, B. Weeks, and L. Wingers. The simon and speck families of lightweight block ciphers. Cryptology ePrint Archive, Report 2013/404, available at https://eprint.iacr.org/2013/404.Google Scholar
- A. Bogdanov, L. R. Knudsen, G. Leander, C. Paar, A. Poschmann, M. J. Robshaw, Y. Seurin, and C. Vikkelsoe. Present: An ultra-lightweight block cipher. In The 9th International Workshop on Cryptographic Hardware and Embedded Systems, pages 450--466. Springer, 2007. Google ScholarDigital Library
- J. Borghoff, A. Canteaut, T. Güneysu, E. B. Kavun, M. Knezevic, L. R. Knudsen, G. Leander, V. Nikov, C. Paar, C. Rechberger, et al. Prince--a low-latency block cipher for pervasive computing applications. In Advances in Cryptology, pages 208--225. Springer, 2012. Google ScholarDigital Library
- D. Canright. A very compact s-box for aes. In Cryptographic Hardware and Embedded Systems--CHES 2005, pages 441--455. Springer, 2005. Google ScholarDigital Library
- C. De Cannière. Trivium: A stream cipher construction inspired by block cipher design principles. In Information Security, pages 171--186. Springer, 2006. Google ScholarDigital Library
- H. El-Razouk, A. Reyhani-Masoleh, and G. Gong. New implementations of the wg stream cipher. Centre for Applied Cryptographic Research Technical Reports, CACR 2012-31.Google Scholar
- D. Engels, X. Fan, G. Gong, H. Hu, and E. M. Smith. Hummingbird: ultra-lightweight cryptography for resource-constrained devices. In Financial Cryptography and Data Security, pages 3--18. Springer, 2010. Google ScholarDigital Library
- D. Engels, M.-J. O. Saarinen, P. Schweitzer, and E. M. Smith. The hummingbird-2 lightweight authenticated encryption algorithm. In RFID Security and Privacy, pages 19--31. Springer, 2012. Google ScholarDigital Library
- X. Fan, K. Mandal, and G. Gong. Wg-8: A lightweight stream cipher for resource-constrained smart devices. In 9th International Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness, 2013.Google ScholarCross Ref
- X. Fan, N. Zidaric, M. Aagaard, and G. Gong. Efficient hardware implementation of the stream cipher wg-16 with composite field arithmetic. In to appear in the Proceedings of the 2013 ACM CCS Workshop on Trustworthy Embedded Devices (TrustED 2013), November 2013. Google ScholarDigital Library
- J. Guo, T. Peyrin, A. Poschmann, and M. Robshaw. The led block cipher. In The 13th International Workshop on Cryptographic Hardware and Embedded Systems-CHES 2011, pages 326--341. Springer, September 2011. Google ScholarDigital Library
- M. Hell, T. Johansson, and W. Meier. Grain: a stream cipher for constrained environments. International Journal of Wireless and Mobile Computing, 2(1):86--93, May 2007. Google ScholarDigital Library
- D. Hong, J. Sung, S. Hong, J. Lim, S. Lee, B.-S. Koo, C. Lee, D. Chang, J. Lee, K. Jeong, et al. Hight: A new block cipher suitable for low-resource device. In The 8th International Workshop on Cryptographic Hardware and Embedded Systems-CHES 2006, pages 46--59. Springer, October 2006. Google ScholarDigital Library
- D. Hwang, M. Chaney, S. Karanam, N. Ton, and K. Gaj. Comparison of fpga-targeted hardware implementations of estream stream cipher candidates. The State of the Art of Stream Ciphers, pages 151--162, 2008.Google Scholar
- C. Lam, M. Aagaard, and G. Gong. Hardware implementations of multi-output welch-gong ciphers. Centre for Applied Cryptographic Research Technical Reports, CACR 2011-01.Google Scholar
- Y. Nawaz and G. Gong. Wg: A family of stream ciphers with designed randomness properties. Information Sciences, 178(7):1903--1916, 2008. Google ScholarDigital Library
- T. Shirai, K. Shibutani, T. Akishita, S. Moriai, and T. Iwata. The 128-bit blockcipher clefia. In Fast software encryption, pages 181--195. Springer, 2007. Google Scholar
Index Terms
- Design space exploration of the lightweight stream cipher WG-8 for FPGAs and ASICs
Recommendations
Efficient hardware implementation of the stream cipher WG-16 with composite field arithmetic
TrustED '13: Proceedings of the 3rd international workshop on Trustworthy embedded devicesThe Welch-Gong (WG) stream cipher family was designed based on the WG transformation and is able to generate keystreams with mathematically proven randomness properties such as long period, balance, ideal tuple distribution, ideal two-level ...
Cryptanalysis of Lightweight WG-8 Stream Cipher
WG-8 is a new lightweight variant of the well-known Welch–Gong (WG) stream cipher family, and takes an 80-bit secret key and an 80-bit initial vector (IV) as inputs. So far no attack on the WG-8 stream cipher has been published except the attacks by the ...
Cryptanalysis of WG-8 and WG-16 stream ciphers
In 2008, the WG family of stream ciphers was designed by Navaz and Gong to secure lightweight applications for RFIDs and smart cards. In 2012, a distinguishing attack was discovered against the WG-7 stream cipher by Orumiehchiha, Pieprzyk and Steinfeld. ...
Comments