[ieee africon 2007 - windhoek, south africa (2007.10.26-2007.10.28)] africon 2007 - rebc2 cipher

7

Click here to load reader

Upload: a

Post on 18-Mar-2017

214 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: [IEEE AFRICON 2007 - Windhoek, South Africa (2007.10.26-2007.10.28)] AFRICON 2007 - REBC2 cipher

256KKN

iir mod

1

0∑

=

=

Abstract—REBC2 is a new cryptosystem based on the rotor

enhanced block cipher which was proposed by the authors in NRSC 2002. The concept of a rotor enhanced block cipher is considered from a new point of view, which is to use rotors to achieve two basic cryptographic operations: permutation, and substitution. A round key is generated using rotor too from the previos rounds’ key. That generated key is used to achieve ciphertext key dependency. To enhance non-linearity and to resist linear cryptanalysis, REBC2 has variable block and key lengths. Each round has its own block length which depends on rounds’ key length Another feature of REBC2 is that the used rotors are not ordinary rotating arrays containing large amount of static data, but are rather implemented using round key dependent mathematical linear expressions, which was firstly proposed by the authors in KAMFEE. This produced less memory for implementation, normalized ciphertext statistics, and low processing speed trend. Index Terms—Cryptography, Coercive force, Encryption, Rotor.

I. INTRODUCTION EBC is a classical cryptosystem which was introduced by the authors in NRSC 2002 [1]. REBC key length is 320 bits, divided to 10 sub-keys, each of 32 bits. REBC block

length is 192 bites, divided into 6 sub-blocks, each of 32 bits. REBC consists of 12 rounds, the input of each round is the output from the previos round. The key of each round is a 10 bits rotated version of the previos round key. A rotor of 64 cylinders, each containing 256 elements –presenting all possible ASCII characters- is used after the 6th round to enhance the cryptosystem’s performance and increase its period. Each round of REBC consists of successive operations of substitutions, permutations, and key dependency operations. REBC uses six different key dependent sbox for substitution. Such key dependency is achieved by arranging the contents of each sbox using the round key. Using 32 bits bitwise XOR, modulo 232 additions and multiplications between sub-keys and sub-blocks resulted in key dependency. The new proposed REBC2 uses a key length varying between 32 bytes to 256 bytes. The length depends on the prior encryption process key. The block length is equal to key length. Key generation involves a rotor to avoid weak keys. REBC2 uses two types of key dependent rotors: substitution rotor and permutation rotor to archive substitution and permutation processes. Key dependency is achieved using

bitwise XOR. Although the REBC2 encryption process consists of only one round, REBC2 achieved a perfect ciphertext statistics when compared with AES. Generally REBC2 considered the next solid brick in the authors' wall of cryptography obstacle after KAMFEE [2], Cyclone [3], and RotRix [4].

II. REBC2 STRUCTURE

A. Key generation Each individual encryption process has its own key. The key is generated using a key-rotor of eight cylinders; each rotor contains 256 elements representing all the ASCII characters. The first key is generated from the user key; the second key is generated from the first key, and so on till the end of plaintext. Encryption key length is calculated as shown in equation (1). (1) Where Kr is the encryption key length, N is the previos encryption process key length, Ki is the encryption key, and I is the position of elements inside the encryption key. In general if resultant Kr is less than 32, then set Kr = 32. That will guarantee minimum encryption key length of 32 bytes; whivh in time will guarantee that at least one complete permutation is executed. As block length equals key length, so that the minimum allowed key length is selected greater than the longest accepted English word (28 letters) [5] and on the same time is a multiple of two, so 32 bytes was selected. Such selection will enhance security, without any significant effect on the dynamic memory of implemented software. We will consider the 3 possible cases of generating the encryption key. The first case when Kr is greater than N, as shown in figure (1). The second case when Kr equals N, as shown in figure (2). The third case can be sub divided into many cases; the first two cases will be described here. That is when N is greater than Kr and less than 2 Kr, as shown in figure (3). The other is when N is greater that 2 Kr and less than 3 Kr, as shown in figure (4).

B. REBC2 variable block length and its dependency The REBC2 block length is to be equal to the encryption key length, which varyies for each individual encryption step, taking into consideration that each encryption process consists of one round. So the block length depends on the prior encryption key length as described by equation (1), taking into consideration that the block length varies between 32 bytes and 256 bytes.

REBC2 Cipher H. ElKamchouchi, A. ElShafee, Members, IEEE

Alexandria University [email protected], [email protected]

R

1-4244-0987-X/07/$25.00 ©2007 IEEE.

Page 2: [IEEE AFRICON 2007 - Windhoek, South Africa (2007.10.26-2007.10.28)] AFRICON 2007 - REBC2 cipher

C. REBC2 encryption process REBC2 consists of three basic operations; substitution, permutation, and key dependency. Substitution is performed using a rotor with 256 cylinders, each cylinder containing 256 characters representing the ASCII characters. Such substitution rotor is shown in figure (5). Each byte of plaintext is successively substituted in each cylinder of rotors. After each encryption process for a plaintext byte, the rotor cylinders are rotated. Permutation is achieved using a permutation rotor. This permutation rotor consists of 256 cylinders, each cylinder contains 32 elements, representing all possible 5 bits values. The input plaintext is divided into 32 sub-blocks; each is permutated using the permutation rotor. After each permutation of the entire 32 bytes of each sub-block, the permutation rotor is rotated, and then the last sub-block is one byte left rotated. Figures (6) to (8) show the structure of the permutation rotor. Key dependency is the last step in the encryption process. It is simply a bitwise XOR of plaintext and the generated key. Since the REBC2 block length is equal to the generated key length. It is considered a one to one operation. Figure (9) shows the process. Generally; a single encryption process is as follows: encryption key generation, substitution rotor generation, substitution process, permutation rotor generation, permutation process, and then key dependency. Figure (10) shows an overall diagram for the REBC2 encryption process. The following code is captured from original REBC2 implementation written using C/C++; void enc(unsigned char in[],unsigned char out[]){ unsigned long n,rest,m; unsigned char tmp[256],tmp2[256],tmp3[9][32],tmp4[9][32]; for(n=0;n<blength;n++) tmp[n]=sub_rotor(in[n]); rest=blength-floor(blength/32)*32; for(n=0;n<blength;n++) tmp3[floor(n/32)][n%32]=tmp[n]; for(n=0;n<(floor(blength/32));n++)

{for(m=0;m<32;m++) tmp4[n][m]=tmp3[n][per_rotor_array[m]];}

for(m=0;m<(rest);m++) tmp4[n][m]=tmp3[n][m+1]; tmp4[n][rest-1]=tmp3[n][0]; for(n=0;n<blength;n++) tmp2[n]=tmp4[floor(n/32)][n%32]; for(n=0;n<blength;n++) out[n]=tmp2[n]^round_key[n];}

D. REBC2 implementation REBC used an ordinary rotor of 64 cylinders each, of 256 elements representing all ASCII characters. The rotors used in REBC2 are implemented using a mathematical expression which was firstly proposed by the authors in KAMFEE [2] algorithm.

Figure (1) encryption key generation for N < Kr

Figure (2) encryption key generation for N = Kr

Figure (3) encryption key generation for Kr < N < 2 Kr

Figure (4) encryption key for 2 Kr < N < 3 Kr

Figure (5) substitution rotor

Figure (6) first sub-block permutation

Figure (7) second sub-block permutation

Figure (8) last sub-block permutation

Br; represents the block length of the encryption process r.

Page 3: [IEEE AFRICON 2007 - Windhoek, South Africa (2007.10.26-2007.10.28)] AFRICON 2007 - REBC2 cipher

256mod])[( iii jbxaY ++×=

Figure (9) key dependency process

Figure (10) REBC2 encryption process

For a single cylinder; (2) (3) (4) Where; Yi : encrypted characters of order i xi : plaintext character of order i. a : pre-selected random character. b : selected character from generated encryption key. Equation (2) presents the initial state of a cylinder. Equation (3) presents the cylinder after one step. Equation (4) presents the cylinder after two steps. Modulo 256 guarantees the 256 steps of rotation, which means that after 256 rotations, the equation of the 256 steps will give the same results of the initial equation. Generally, for the ith cylinder, and jth rotation order, consider equation (5); (5) where j = 1, 2, 3, …., 256. The parameter a of equation (5) is randomly selected from the set of invertible ASCII characters, and parameter b of equation (5) is generated from substituting the characters of the encryption key in the key rotor. This means that each encryption process has its individual substitution rotor and permutation rotor. The REBC2 decryption process uses the inverse of each encryption operation in the reverse order used in the encryption process.

III. REBC2 FEATURES

A. REBC2 static memory requirements Table (1) static memory requirements for REBC2

Element Name

Structure No. of Elements

Memory Reqired

Key rotor 8 cylinders, each of 256 elements, implemented by 8 linear equations

1 8 × 2 = 16 bytes

Substitu-tion rotor

256 cylinders, each of 256 elements, implemented by 256 linear equations

1 256 bytes

Permuta-tion rotor

256 cylinders, each of 256 elements, implemented by 256 linear equations

1 256 bytes

Total 528 bytes ≈ 0.5 Kbytes

B. REBC2 Dynamic memory requirements Table (2) Dynamic memory requirements for REBC2

Element Name

Structure No. of Elements

Memory Reqired

Substitut-ion rotor

256 cylinders, each of 256 elements, implemented by 256 linear equations

1 256 bytes

Permuta-tion rotor

256 cylinders, each of 32 elements, implemented by 256 linear equations

1 256 bytes*

Three rotors rotation positions

Key, substation rotor, and permutation rotor

1 8 + 256 + 256 = 520 bytes

Block Maximum length

1 256 bytes

Generated key

Maximum length

1 256 bytes

Total 1544 bytes ≈ 1.5 kbytes

256mod)( bxaY ii +=256mod)1( 11 ++= ++ bxaY ii256mod)2( 22 ++= ++ bxaY ii

Page 4: [IEEE AFRICON 2007 - Windhoek, South Africa (2007.10.26-2007.10.28)] AFRICON 2007 - REBC2 cipher

* The permutation rotor is presented using variables of 5 bits length. On the other hand, the implementation of the process is based upon bytes (minimal storage unit of PC registers).

C. REBC2 period A period refers to the number of plain characters encrypted by a cryptosystem, that returns to its initial state, so if the plain blocks repeated –using the same key- the produced cipher blocks will be identical to the prior ones. A period is typically equal to its block length. REBC2 has two different rotors, and a variable key re-generated in each encryption process. These two rotors are also re-generated in each encryption process depending on a pre-generated key. To facilitate period calculation, rotors' re-generation will be ignored and the minimum key length (32 bytes) will be used in calculations.

Table (3) REBC2 period Rotor Description Period

Substitution rotor

256 cylinders, each of 256 elements

(232)256 ≈ 1.09 × 102466

Permutation rotor

256 cylinders, each of 256 elements

(232)256 ≈ 1.09 × 102466

Key Minimum length 32 bytes

32

Total (1.58 E 768913) (1.09 E 2466) ≈ 1.58 (9.156 E 2471)

D. REBC2 operation modes Operation modes are developed for block ciphers such as DES [6], GOST [7], RIJNDAEL [8]. REBC2 period is very large as shown in table (3), REBC2 needs no mode of operations.

E. REBC2 brute force attack Table (4) REBC2 brute force attack

Secret Data Description Brute Force Attack User key 32 to 256

bytes (256)256 ≈ 3.23E616

Key rotor - 2 × (256P8) ≈ 3.3E19Substitution rotor

- 256P128 ≈ 2.23E291

Permutation rotor

- 256P128 ≈ 2.23E291

Total 5.3E1218 P: states for permutation operation (nPr).

F. REBC2 ciphertext statistics REBC2 gives perfect ciphertext statistics; all characters showed an equal distribution when compared with Rijndael. To clarify that, many types of plaintext files were encrypted using REBC2, and Rijndael [8]. A software program implementing REBC2 was developed using C/C++ language under windows32 platform, as well as a software program implementing Rijndael. The results of the developed Rijndael software were compared to the "Brain Goldman" implementation [9]. To test the period of REBC2, a special plaintext file containing a repeated character named delta plaintext file was encrypted using both REBC2 and Rijndael. Figures from (11) to (14) show plaintext statistics, REBC2

ciphertext statistics, delta plaintext file statistics, and REBC2 ciphertext statistics of delta plaintext file. Figures (15), and (16) show Rijndael ciphertext statistics, and Rijndael ciphertext statistics produced from delta plaintext file. Figure (17) shows REBC2 plaintext abd ciphertext statistics plotted in ascending order. From figure (12) it was found that the maximum frequency produced from REBC2 ciphertext which resulted from normal plaintext was 117 while the minimum frequency produced was 63 giving a 54 variance value. For figure (13) it was found that the maximum frequency produced from Rijndael ciphertext was 117 but the minimum frequency was 59 giving a 58 variance value which is greater than REBC2 encrypting the same plaintext using the same key. The same case is repeated every time the test was performed. Applying the same test on ciphertext produced from delta files [figures (14) to (16)], table (4) summarizes the results.

Table (4) REBC2 and Rijndael ciphertext variance REBC2 Rijndael Text

type Min Max Var. Min Max Var. Normal 63 117 54 59 117 58

Delta 64690

66154 1464 0 1048543

1048543

Another experiment was performed which is calculating the variance in frequency of ASCII characters for REBC2 and Rijndael. The distance between cipher characters produced by REBC2 and Rijndael for the same plain character and using the same key was calculated. Figure (18) shows the relation between distances and the frequency number of occurrence of that distance when applying normal plaintext. Figure (19) shows the relation between distances and the frequency when applying delta plaintext.

G. REBC2 cryptanalysis Due to variable block and key length of the REBC2 from one encryption process to another, differential, linear, and related key cryptanalysis becomes very difficult [10]. It would be a quite challenge for cryptanalyst to produce a general linear expression relating input plaintext and output plaintext. The simplest difficulty is the block and key variation, while the hardest difficulty is the complexity of its internal structure presented by two rotors, which are re-generated in the beginning of each ciphering process.

Figure (11) Plaintext statistics.

Page 5: [IEEE AFRICON 2007 - Windhoek, South Africa (2007.10.26-2007.10.28)] AFRICON 2007 - REBC2 cipher

Figure (12) REBC2 ciphertext statistics.

Figure (13) Delta plaintext statistics.

Figure (14) REBC2 ciphertext statistics (for delta file). The initialization key selected by the user used to generate the key of the first encryption process using the key rotor, and to specify first encryption process key length, as described in equation (1). So if the initialization key contents or size are weak, the complexity of the key generation process guarantees the eliminatation of the weakness effects on the encryption process. The preselected parts of the key, substitution, and permutation rotors are chosen to avoid producing weak blocks. Figure (20) shows the initial key length key contents

selected randomly and the corresponding first encryption process key length.

Figure (15) Rijndael ciphertext statistics.

Figure (16) Rijndael ciphertext statistics (for delta file).

Figure (17) Ciphertext and plaintext statistics, in ascending order for REBC2 cipher.

IV. CONCLUSIONS REBC2 stands for Rotor Enhanced Block Cipher version 2.0, which is the concept of REBC 1.0, achieving basic cryptographic terms using rotor instead of using ordinary methods back-to-back with rotor to achieve the requested goals of the design such as perfect statistics, and large period.

Page 6: [IEEE AFRICON 2007 - Windhoek, South Africa (2007.10.26-2007.10.28)] AFRICON 2007 - REBC2 cipher

REBC2 requires less static and dynamic memory to run than Rijndael. REBC2 processing speed is also greater than Rijndael. The REBC2 period makes it suitable for encrypting huge messages without the need of block cipher modes.

Figure (18) Distance between ASCII characters of REBC2 ciphertext and Rijndael ciphertext (normal plaintext).

Figure (19) Distance between ASCII characters of REBC2 ciphertext and Rijndael ciphertext (delta plaintext).

Figure (20) Initial key length and corresponding 1st encryption process key length.

V. REFERENCES [1] Elkamchouchi, H.M.; Elshafee, A.M., “REBC, Rotor Enhanced Block Cipher”; Radio Science Conference, 2002. (NRSC 2002). Proceedings of the Nineteenth National, 19-21 March 2002 Page(s):262 - 269. Digital Object Identifier 10.1109/NRSC.2002.1022631

[2] Elkamchouchi, H.M.; Elshafee, A.M., ”Dynamically key-controlled symmetric block cipher KAMFEE”; Radio Science Conference, 2003. NRSC 2003. Proceedings of the Twentieth National, 18-20 March 2003 Page(s):C19 - 1-12, Digital Object Identifier 10.1109/NRSC.2003.1217353

[3] ElKamchouchi, H.; ElShafee, A., “Cyclone, the two dimensional rotor, rotor’s new generation”; Radio Science Conference, 2005. NRSC 2005. Proceedings of the Twenty-Second National, March 15-17, 2005 Page(s):269 – 276.

[4] ElKamchouchi, H.; ElShafee, A., “RotRix, The Arrayed Rotors”; Radio Science Conference, 2006. NRSC 2006. Proceedings of the Twenty-Third National.

[5] http://en.wikipedia.org/wiki/Antidisestablishmentarianism

[6] Alfred Menezes, Paul Van Oorschot & Scott Vanstone, "Handbook of applied cryptography", CRC Press,1996.

[7] Bruce Schneier, ”Applied Cryptography“, Wiley Computer Publishing, 1996.

[8] Joan Daemen, Vincent Rijmen, “AES Proposal: RIJNDAEL”,http://www.esat.kuleuven.ac.be / ~rijmen/ rijndael/, 1999.

[9] http://fp.gladman.plus.com/cryptography_technology /rijndael/index.htm

[10] M. Matsui, "Linear Cryptanalysis Method for DES Ciphe r", Advances in cryptology – EUROCRYPT '93, Springer-Verlag, pp. 386-397, 1994.

Page 7: [IEEE AFRICON 2007 - Windhoek, South Africa (2007.10.26-2007.10.28)] AFRICON 2007 - REBC2 cipher

Copyright Information

© 2007 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists,

or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.