New lightweight block cipher algorithm

Discussion in 'C++' started by Julio C. Hernandez Castro, Oct 20, 2006.

  1. Dear all,

    We have just developped a new block cipher called Raiden, following a
    Feistel Network structure by means of genetic programming. Our
    intention now consists on getting as much feedback as possible from
    users, so we encourage you to test the algorithm and send us your
    opinion. We would also like to receive enhancements and new versions of
    the algorithm, developed in other source languages and platforms.

    Our idea on developing this cipher is to propose it as an alternative
    to TEA block cipher. TEA is a very interesting cipher with lots of real
    applications. It is very simple and fast, and it reaches an acceptable
    level of security by the application of a lot of cycles.

    Nowadays TEA has been broken, and several weaknesses of the algorithm
    have been discovered. Since most of these weaknesses are related to its
    Key Shedule routine, the authors, Roger Needham and David Wheeler
    proposed an extended version of the algorithm with a more complex one.
    This new version, which they called XTEA, did not have the expected
    success of its antecessor, in part because it is slower.

    The algorithm known weaknesses, as well as its popularity, have made us
    to think it was the time to develop an alternative to TEA. This
    alternative, presented in this page, must have the next features:

    * It must be as quick as TEA, to be used in the same real world
    applications
    * It must be stronger, to avoid TEA weaknesses

    To develop this new block cipher we have used a genetic
    programming-based technique. More on this to follow in a coming
    scientific paper.

    Description of Raiden
    ----------------------------

    Raiden is a very small and compact cipher. It works with blocks of 64
    bits and keys of 128. As it can be seen below, the algorithm has the
    same main structure as TEA: it is structured in cycles, where one cycle
    contains two feistel rounds, and for both of them, the same round key
    is used. In each round, the output of the round function on a sub block
    is used to feed the other one. The round function of the algorithm has
    the same size as TEA's one, but, as commented in section Raiden
    Strength, it seems to be stronger.

    The Key Schedule routine is more complex than TEA's, but it is simple
    enough to not overload the cipher execution time. To maximize the
    entropy introduced by this function, in each round, its output feeds
    the position i%4 of the key array. This makes the key array passed to
    the function to evolve as the algorithm is executed, and thus
    generating new round keys for each cycle with that 128 bit array. This
    also makes that function to behave much as a PRNG. After analyzing the
    algorithm, as commented in it homepage
    (http://raiden-cipher.sourceforge.net/ in the Results section), we
    propose the execution of sixteen cycles. Below, the code of Raiden
    encoding routine is shown.


    void raiden(unsigned long *data,unsigned long *result,unsigned long
    *key)
    {

    unsigned long b0=data[0],
    b1=data[1],i,k[4]={key[0],key[1],key[2],key[3]}, sk;
    for(i=0; i< 16; i++)
    {
    sk=k[i%4]=((k[0]+k[1])+((k[2]+k[3])^(k[0]<<k[2])));
    b0 +=((sk+b1)<<9)^((sk-b1)^((sk+b1)>>14));
    b1 +=((sk+b0)<<9)^((sk-b0)^((sk+b0)>>14));
    }
    result[0]=b0;
    result[1]=b1;
    }

    The cipher receives the plain text in 'data' parameter, and puts the
    cipher text in the 'result'. Key contains the 128 bit cipher key.
    The cipher follows a Feistel structure, so the decoding is made in the
    same way than the encoding but applying the round keys in the inverse
    order. This is the Raiden decoding routine.

    void decode_raiden(unsigned long *data,unsigned long *result,unsigned
    long *key)
    {

    unsigned long b0=data[0],
    b1=data[1],i,k[4]={key[0],key[1],key[2],key[3]},
    subkeys[16];
    for(i=0;i< 16;i++){
    //Subkeys are calculated
    k[i%4]=((k[0]+k[1])+((k[2]+k[3])^(k[0]<<k[2])));
    subkeys=k[i%4];
    }
    for(i=15; i!=-1; i--)
    {
    //Process is applied in the inverse order
    b1 -= ((subkeys+b0)<<9)^((subkeys-b0)^
    ((subkeys+b0)>>14));
    b0 -= ((subkeys+b1)<<9)^((subkeys-b1)^
    ((subkeys+b1)>>14));
    }
    result[0]=b0;
    result[1]=b1;
    }

    In this case, the function receives the ciphertext in the 'data'
    parameter and puts the plain text in the 'result'. The round keys are
    calculated at the beginning of the function, and then they are applied
    in the inverse order as they were when ciphering.

    The algorithm is free to anyone, and has been developed in ANSI C
    source code under Linux.
    We propose you to develop new versions of it using other programming
    languages and platforms.

    Raiden Strength
    ---------------------

    The main weaknesses of TEA, such as the Related Key Cryptanalysis, or
    the equivalent keys, are related with its Key Shedule routine. Thus,
    one of the main objectives when developing this new cipher has been to
    develop an stronger Key Shedule function than TEA's.

    The function developed is also very simple, but not as much as TEA's.
    TEA Key Shedule function consists only on adding a constant
    (0x9e3779b9) to a variable. Thus, it is very simple to, knowing the
    round key of cycle i, obtain the keys corresponding to the previous and
    the following cycles. This is not the case in our algorithm, in which
    doing so it is not a trivial problem.

    Therefore, the Key Shedule function behaves more as a Hash Function or
    pseudorandom number generator, and does not have the same weaknesses as
    TEA Key Schedule. Raiden's Round Function provided much better results
    in the statistical tests than TEA's one, so we can conclude it is also
    stronger, and, therefore, that the whole algorithm is also stronger.

    When we analyzed the algorithm using the statistical tests ENT,
    Diehard, NIST and Sexton, we realized that Raiden results when applied
    16 cycles were, in many ocassions better, and at least comparable, to
    TEA results when applied 32. This made us to conclude Raiden is
    stronger than TEA and that 16 cycles would be an enough security margin
    for the algorithm to be applied. The mentioned results can be consulted
    in the Results of statistical tests on Raiden section at
    http://raiden-cipher.sourceforge.net/

    About the Authors
    ------------------------

    Raiden has been developed by:

    Julio Cesar Hernandez Castro, e-mail: jcesar_at_inf_dot_uc3m_dot_es
    Javier Polimon Olabarrieta, jpolimon_at_gmail_dot_com

    Don't hesitate to contact the authors with your feedback.
    Julio C. Hernandez Castro, Oct 20, 2006
    #1
    1. Advertising

  2. On Fri, 20 Oct 2006, Julio C. Hernandez Castro wrote:
    >
    > Dear all,


    No kidding!

    > We have just developped a new block cipher called Raiden, following a
    > Feistel Network structure by means of genetic programming. Our
    > intention now consists on getting as much feedback as possible from
    > users, so we encourage you to test the algorithm and send us your
    > opinion. We would also like to receive enhancements and new versions of
    > the algorithm, developed in other source languages and platforms.


    Is there a reason you crossposted this announcement to everywhere
    on Usenet /except/ sci.crypt? Followups set.

    (The rest of the post follows, untrimmed, for the benefit of sci.crypt
    readers.)

    -Arthur


    > Our idea on developing this cipher is to propose it as an alternative
    > to TEA block cipher. TEA is a very interesting cipher with lots of real
    > applications. It is very simple and fast, and it reaches an acceptable
    > level of security by the application of a lot of cycles.
    >
    > Nowadays TEA has been broken, and several weaknesses of the algorithm
    > have been discovered. Since most of these weaknesses are related to its
    > Key Shedule routine, the authors, Roger Needham and David Wheeler
    > proposed an extended version of the algorithm with a more complex one.
    > This new version, which they called XTEA, did not have the expected
    > success of its antecessor, in part because it is slower.
    >
    > The algorithm known weaknesses, as well as its popularity, have made us
    > to think it was the time to develop an alternative to TEA. This
    > alternative, presented in this page, must have the next features:
    >
    > * It must be as quick as TEA, to be used in the same real world
    > applications
    > * It must be stronger, to avoid TEA weaknesses
    >
    > To develop this new block cipher we have used a genetic
    > programming-based technique. More on this to follow in a coming
    > scientific paper.
    >
    > Description of Raiden
    > ----------------------------
    >
    > Raiden is a very small and compact cipher. It works with blocks of 64
    > bits and keys of 128. As it can be seen below, the algorithm has the
    > same main structure as TEA: it is structured in cycles, where one cycle
    > contains two feistel rounds, and for both of them, the same round key
    > is used. In each round, the output of the round function on a sub block
    > is used to feed the other one. The round function of the algorithm has
    > the same size as TEA's one, but, as commented in section Raiden
    > Strength, it seems to be stronger.
    >
    > The Key Schedule routine is more complex than TEA's, but it is simple
    > enough to not overload the cipher execution time. To maximize the
    > entropy introduced by this function, in each round, its output feeds
    > the position i%4 of the key array. This makes the key array passed to
    > the function to evolve as the algorithm is executed, and thus
    > generating new round keys for each cycle with that 128 bit array. This
    > also makes that function to behave much as a PRNG. After analyzing the
    > algorithm, as commented in it homepage
    > (http://raiden-cipher.sourceforge.net/ in the Results section), we
    > propose the execution of sixteen cycles. Below, the code of Raiden
    > encoding routine is shown.
    >
    >
    > void raiden(unsigned long *data,unsigned long *result,unsigned long
    > *key)
    > {
    >
    > unsigned long b0=data[0],
    > b1=data[1],i,k[4]={key[0],key[1],key[2],key[3]}, sk;
    > for(i=0; i< 16; i++)
    > {
    > sk=k[i%4]=((k[0]+k[1])+((k[2]+k[3])^(k[0]<<k[2])));
    > b0 +=((sk+b1)<<9)^((sk-b1)^((sk+b1)>>14));
    > b1 +=((sk+b0)<<9)^((sk-b0)^((sk+b0)>>14));
    > }
    > result[0]=b0;
    > result[1]=b1;
    > }
    >
    > The cipher receives the plain text in 'data' parameter, and puts the
    > cipher text in the 'result'. Key contains the 128 bit cipher key.
    > The cipher follows a Feistel structure, so the decoding is made in the
    > same way than the encoding but applying the round keys in the inverse
    > order. This is the Raiden decoding routine.
    >
    > void decode_raiden(unsigned long *data,unsigned long *result,unsigned
    > long *key)
    > {
    >
    > unsigned long b0=data[0],
    > b1=data[1],i,k[4]={key[0],key[1],key[2],key[3]},
    > subkeys[16];
    > for(i=0;i< 16;i++){
    > //Subkeys are calculated
    > k[i%4]=((k[0]+k[1])+((k[2]+k[3])^(k[0]<<k[2])));
    > subkeys=k[i%4];
    > }
    > for(i=15; i!=-1; i--)
    > {
    > //Process is applied in the inverse order
    > b1 -= ((subkeys+b0)<<9)^((subkeys-b0)^
    > ((subkeys+b0)>>14));
    > b0 -= ((subkeys+b1)<<9)^((subkeys-b1)^
    > ((subkeys+b1)>>14));
    > }
    > result[0]=b0;
    > result[1]=b1;
    > }
    >
    > In this case, the function receives the ciphertext in the 'data'
    > parameter and puts the plain text in the 'result'. The round keys are
    > calculated at the beginning of the function, and then they are applied
    > in the inverse order as they were when ciphering.
    >
    > The algorithm is free to anyone, and has been developed in ANSI C
    > source code under Linux.
    > We propose you to develop new versions of it using other programming
    > languages and platforms.
    >
    > Raiden Strength
    > ---------------------
    >
    > The main weaknesses of TEA, such as the Related Key Cryptanalysis, or
    > the equivalent keys, are related with its Key Shedule routine. Thus,
    > one of the main objectives when developing this new cipher has been to
    > develop an stronger Key Shedule function than TEA's.
    >
    > The function developed is also very simple, but not as much as TEA's.
    > TEA Key Shedule function consists only on adding a constant
    > (0x9e3779b9) to a variable. Thus, it is very simple to, knowing the
    > round key of cycle i, obtain the keys corresponding to the previous and
    > the following cycles. This is not the case in our algorithm, in which
    > doing so it is not a trivial problem.
    >
    > Therefore, the Key Shedule function behaves more as a Hash Function or
    > pseudorandom number generator, and does not have the same weaknesses as
    > TEA Key Schedule. Raiden's Round Function provided much better results
    > in the statistical tests than TEA's one, so we can conclude it is also
    > stronger, and, therefore, that the whole algorithm is also stronger.
    >
    > When we analyzed the algorithm using the statistical tests ENT,
    > Diehard, NIST and Sexton, we realized that Raiden results when applied
    > 16 cycles were, in many ocassions better, and at least comparable, to
    > TEA results when applied 32. This made us to conclude Raiden is
    > stronger than TEA and that 16 cycles would be an enough security margin
    > for the algorithm to be applied. The mentioned results can be consulted
    > in the Results of statistical tests on Raiden section at
    > http://raiden-cipher.sourceforge.net/
    >
    > About the Authors
    > ------------------------
    >
    > Raiden has been developed by:
    >
    > Julio Cesar Hernandez Castro, e-mail: jcesar_at_inf_dot_uc3m_dot_es
    > Javier Polimon Olabarrieta, jpolimon_at_gmail_dot_com
    >
    > Don't hesitate to contact the authors with your feedback.
    >
    >
    Arthur J. O'Dwyer, Oct 20, 2006
    #2
    1. Advertising

  3. Klaus Pommerening, Oct 23, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ahmed Moustafa
    Replies:
    0
    Views:
    773
    Ahmed Moustafa
    Nov 15, 2003
  2. morrell
    Replies:
    1
    Views:
    946
    roy axenov
    Oct 10, 2006
  3. Forrest
    Replies:
    2
    Views:
    522
    Forrest
    Aug 13, 2005
  4. Dylan McClung
    Replies:
    0
    Views:
    121
    Dylan McClung
    Oct 15, 2009
  5. Jonathan Groll

    AES block cipher artifacts

    Jonathan Groll, Jul 6, 2010, in forum: Ruby
    Replies:
    2
    Views:
    151
    Jonathan Groll
    Jul 6, 2010
Loading...

Share This Page