AKF: A key alternating Feistel scheme for lightweight cipher designs

Highlights

• We propose a key alternating Feistel scheme, AKF, for lightweight block cipher designs.

• We analyze the security of AKF.

• We reintroduce the cipher ITUbee based on AKF where ITUbee is a recent cipher proposed at LightSec2013 conference.

• We give a detailed differential cryptanalysis of ITUbee.

Abstract

In the classical Feistel structure the usage of alternating keys makes the cipher insecure against the related key attacks. In this work, we propose a new block cipher scheme, AKF, based on a Feistel structure with alternating keys but resistant against related key attacks. AKF leads constructions of lightweight block ciphers suitable for resource restricted devices such as RFID tags and wireless sensor nodes.

Using AKF we also present a software oriented lightweight block cipher, ITUbee, especially suitable for wireless sensor nodes. We show that ITUbee has a better performance than most of the ciphers which were compared in a recent work.

Introduction

Ubiquitous computing has been getting prominent because of the increase in daily life utilization. In this type of applications resource constrained devices such as RFID tags and sensor nodes are deployed. To meet the security and privacy issues in the applications cryptographic primitives which require less resources have been proposed under the topic lightweight cryptography. A lightweight block cipher is a main primitive in cryptographic requirements for ubiquitous computation. The need for lightweight block ciphers has triggered a lot of cipher constructions: PRESENT [1], PRINTcipher [2], LED [3], Prince [4], HIGHT [5], KLEIN [6], DESXL [7], KATAN [8], mCrypton [9], SEA [10], TEA [11] and LBlock [12].

Some of the proposed ciphers include novel ideas and challenging rationales while some of them have standard structures. One of the challenging rationale is the lack of key schedules such as done in PRINTcipher which can be included in Type 1A category introduced in [13]. Another way is to use key alternating cipher designs addressed in [14]. Key alternating ciphers are based on the Even–Mansour Scheme proposed in [15]. The definition of the scheme is $E_{F,k_1,k_2}=F(P\oplus k_1)\oplus k_2$ where F is a publicly known permutation over n-bit strings, $k_1$ and $k_2$ are n-bit secret keys and P is a plaintext. Nowadays there has been a lot of work on analysis of this scheme and iterated Even–Mansour scheme (called also as key alternating cipher) which is depicted in Fig. 1 [16], [17], [18], [19] and there is a recent work presented at FSE 2014 which is about on security analysis of key alternating Feistel ciphers (KAF) [20].

While some ciphers based on iterated Even–Mansour scheme have been proposed such as LED and Prince, to the best of our knowledge there is no cipher based on key alternating Feistel scheme. GOST can be given as an example cipher based on a Feistel structure and a key schedule analogous to the key alternating cipher's schedule [21]. Usage of key alternating Feistel scheme gives some advances over performances of ciphers. Because of the Feistel structure same program code can be used both for encryption and decryption operations which reduces the memory usage. Also with the usage of no key schedule the memory and time requirements can be decreased. However, the nonexistence of a key schedule or the usage of alternating keys in a Feistel structure makes the cipher insecure against related key attacks [22]. In this study, we construct a block cipher scheme, AKF, using a Feistel structure with alternating keys in such a way that the security of our newly proposed scheme may not be altered. AKF is the first scheme which includes key alternating and Feistel structure providing security against related key attacks while key alternating Feistel ciphers are generally vulnerable to related key attacks as in the case of GOST [22].

In addition, using this scheme we reintroduce a new software oriented lightweight block cipher, ITUbee. This cipher is especially designed for microcontroller based resource constrained devices having a limited battery power such as wireless sensor nodes. We have emulated the execution of ITUbee on the Atmel ATtiny45 8-bit microcontroller using Atmel Studio 6 and evaluated the energy consumption and memory usage of the cipher. The results show that ITUbee consumes less energy than most of the ciphers whose performance results were given in a recent work [23]. Also, less memory requirement of ITUbee is noticeable.

The paper is structured as follows. In Section 2, we introduce our novel cipher scheme AKF and analyze the security including the related key attacks. Then in Section 3, we give the definition of ITUbee with design rationale, security analysis, and performance results. Section 4 concludes the study.