Information Technology Reference
In-Depth Information
the precomputation time, and they also require extra RAM to hold the precomputed
subkeys. This RAM requirement does not exist in the implementations of algorithms,
which compute their keys during the encryption/decryption operation. Cellular
phones technology demands specific characteristics of the cryptography science.
Algorithms have to be compatible with wireless devices restricted standards in hard-
ware resources.
Two new block ciphers, SPECTR-H64 and CIKS-1, based on Data-Dependent
Permutations (DDP) were developed the last two years [1-2]. These encryption algo-
rithms are both 64-bit block ciphers suitable for software and especially for hardware
implementation. They are iterative cryptosystems based on fast operations (controlled
permutation boxes, XOR, fixed permutations) suitable to cheap hardware [3]. The
key scheduling is very simple in order to provide high encryption speed in the case of
frequent change of initial key. These ciphers use fixed permutations (rotations),
which do not raise the hardware implementation cost, and do not causes any addi-
tional time delay for encryption/decryption.
In this paper, the implementation cost of the DDP boxes used in CIKS-1 and
SPECTR-H64 is analyzed. Different hardware devices (FPGA and ASIC), are used in
order to study the VLSI integration of the permutations of this kind, by using the
allocated resources, and operating frequency. In addition, two different architectures
are proposed for the implementation of the CIKS-1 and SPECTR-H64 ciphers. The
first uses the full rolling technique and minimizes the allocated resources. The second
one is based on a pipelined development design and has high speed performance.
Finally, the proposed CIKS-1 and SPECTR-H64 implementations are compared with
other widely used ciphers, in order to have a detailed view of implementation cost
and performance, of these two DDP-based ciphers.
This work is organized as follows: in Section 2, the DDP are described. In the
same section the implementation cost is illustrated and the integration performance is
presented. In Section 3, the full rolling and pipelined architectures for CIKS-1 and
SPECTR-H64 implementation are introduced. In the next Section 4, the VLSI inte-
gration synthesis results of the proposed architectures are given. In addition, compari-
son with other ciphers implementations is presented. Finally, conclusions are dis-
cussed in Section 5.
2
Data Depended Permutations (DDP)
In 1994 using data-dependent rotations (DDR) R. Rivest designed a simple cryptosys-
tem RC5 [4] suitable for fast software implementation. Different studies [5-6] have
provided a good understanding of how RC5's structure and DDR contribute to its
security. Last years DDR appear to be very interesting to cryptography. They attract
cryptographers' attention because of their efficiency while being used in cooperation
with some other simple data operations. The DDR help to thwart successfully differ-
ential and linear cryptanalysis [6]. Several studies provide some theoretical attacks
based on the fact that few bits in a register define selection of concrete modification
of the current rotation operation. Some improving in the use of DDR is introduced in
