Stream Ciphers Research Papers - Academia.edu (original) (raw)

Inherent to the wireless sensor networks are the two major problems of the broadcasting vulnerability, the limited computational capability and power budget. Even though security is a must in most applications, current sophisticated... more

Inherent to the wireless sensor networks are the two major problems of the broadcasting vulnerability, the limited computational capability and power budget. Even though security is a must in most applications, current sophisticated security protocols are not amenable to the primitiveness of the sensors. In this paper, we introduce a novel security protocol for wireless network of sensors that is very secure, yet simple and efficient. At the core of our security protocol is a simple and fast stream cipher cryptosystem that utilizes permutation vectors as encryption keys, forcing an intruder to a brute-force time complexity of Ω(2 n). In addition, our mechanism alleviates the effect of sensor capture, via its synchronized re-keying feature. In addition to the encryption efficiency, our system utilizes the group deployment of newly joining sensors for sensors power budgeting considerations. Experimental results show very promising future of our system in the wireless networks domain, excelling over other peers of modern cryptosystems (AES, DES, TripleDES), especially in the power budget arena.

In this paper, the complexity of applying a guess and determine attack to so-called Linear Feedback Shift register (LFSR)-based stream ciphers is analyzed. This family of stream ciphers uses a single or several LFSR and a filtering... more

In this paper, the complexity of applying a guess and determine attack to so-called Linear Feedback Shift register (LFSR)-based stream ciphers is analyzed. This family of stream ciphers uses a single or several LFSR and a filtering function F : GF (2) n ! GF (2) m to generate the blocks of m 1 keystream bits at the time. In difference to a classical guess and determine attack, a method based on guessing certain bits in order to determine the remaining secret key/state bits, our approach efficiently takes advantage of the reduced preimage space for relatively large m and at the same time employing the design structure of the cipher. Several variations of the algorithm are derived to circumvent the sensitivity of attack to the input data, n; m and the key length. In certain cases, our attack outperforms classical algebraic attacks [10]; these being considered as one of the most efficient cryptanalyst tools for this type of ciphers.

Data security is now a crucial issue now in our day to day life. The protection of personal identity, personal finances depend on the protection of important and irreplaceable information. Cryptography is the science of converting some... more

Data security is now a crucial issue now in our day to day life. The protection of personal identity, personal finances depend on the protection of important and irreplaceable information. Cryptography is the science of converting some readable information into something unreadable format, which are hard to decipher. In modern times, cryptography has adopted a new medium: human DNA. At a time when conventional cryptography has been losing strength to more advanced cryptanalysis, DNA cryptography has added more elements of confusion and diffusion. The use of DNA sequences to encrypt data has strengthened the existing classical encryption algorithms. Thus, DNA cryptography has added another dimension to conventional cryptography. In the present paper the authors have made a systematics study on DNA encryption algorithms and how it can be used along with standard classical encryption algorithms.

Data security is now a crucial issue now in our day to day life. The protection of personal identity, personal finances depend on the protection of important and irreplaceable information. Cryptography is the science of converting some... more

Data security is now a crucial issue now in our day to day life. The protection of personal identity, personal finances depend on the protection of important and irreplaceable information. Cryptography is the science of converting some readable information into something unreadable format, which are hard to decipher. In modern times, cryptography has adopted a new medium: human DNA. At a time when conventional cryptography has been losing strength to more advanced cryptanalysis, DNA cryptography has added more elements of confusion and diffusion. The use of DNA sequences to encrypt data has strengthened the existing classical encryption algorithms. Thus, DNA cryptography has added another dimension to conventional cryptography. In the present paper the authors have made a systematics study on DNA encryption algorithms and how it can be used along with standard classical encryption algorithms. KeywordsDNA cryptography, substitution ciphers, block ciphers, symmetric key encryption, Pl...

Cryptography is fast growing field. To design cryptographically strong and efficient crypto-algorithms, cryptographers should have the understanding of all the latest primitives and how to combine them, and the procedure to check the... more

Cryptography is fast growing field. To design cryptographically strong and efficient crypto-algorithms, cryptographers should have the understanding of all the latest primitives and how to combine them, and the procedure to check the immunity against all the present day cryptanalytic methods. One is a good cryptographer if one is a good cryptanalyst and vice versa. This paper examines different design primitives adopted by of various existing block ciphers and stream ciphers and the comparative analysis is illustrated based on different parameters. These primitives can be advantageous in developing a new hybrid crypto-algorithm which is secure and immune to various cryptanalytic attacks.

ارائه روشی کارآمد برای انجام ضرب اسکالر در گروه خم های بیضوی

Guess-and-determine (GD) attacks are general attacks on stream ciphers, which have often been implemented in an ad hoc manner. The authors introduce a heuristic approach to the design of GD attacks, that is a dynamic programming method... more

Guess-and-determine (GD) attacks are general attacks on stream ciphers, which have often been implemented in an ad hoc manner. The authors introduce a heuristic approach to the design of GD attacks, that is a dynamic programming method using a Viterbi-like algorithm which is a well-known decoding algorithm for convolutional codes. The authors also show that with this method, the resulting GD attacks, named heuristic GD (HGD) attacks, on TIPSY, SNOW1 and SNOW2 lead to less computational complexity than the previously known GD attacks. The main advantage of HGD attacks, over ad hoc GD attacks, is that while being powerful, they can be designed algorithmically for classes of stream ciphers, holding a certain condition. Using this method, the authors examine the resistance of SOSEMANUK, a word-oriented stream cipher proposed for the Ecrypt Stream Cipher Project. The complexity of the designed GD attack, O(2 224 ), is much less than the complexity of exhaustive search attack on the internal state, O(2 384 ), but larger than the claimed security level, that is O(2 128 ).

We introduce the notion of covering sequence of a Boolean function, related to the derivatives of the function. We give complete characterizations of balancedness, correlation immunity and resiliency of Boolean functions by means of their... more

We introduce the notion of covering sequence of a Boolean function, related to the derivatives of the function. We give complete characterizations of balancedness, correlation immunity and resiliency of Boolean functions by means of their covering sequences. By considering particular covering sequences, we define subclasses of (correlation-immune) resilient functions. We derive upper bounds on their algebraic degrees and on their nonlinearities. We give constructions of resilient functions belonging to these classes. We show that they achieve the best known trade-off between order of resiliency, nonlinearity and algebraic degree.

In 2007, Gaborit et al. proposed the stream cipher SYND as an improvement of the pseudo random number generator due to Fischer and Stern. This work shows how to improve considerably the efficiency the SYND cipher without using the... more

In 2007, Gaborit et al. proposed the stream cipher SYND as an improvement of the pseudo random number generator due to Fischer and Stern. This work shows how to improve considerably the efficiency the SYND cipher without using the so-called regular encoding and without compromising the security of the modified SYND stream cipher. Our proposal, called XSYND, uses a generic state transformation which is reducible to the Regular Syndrome Decoding problem (RSD), but has better computational characteristics than the regular encoding. A first implementation shows that XSYND runs much faster than SYND for a comparative security level (being more than three times faster for a security level of 128 bits, and more than 6 times faster for 400-bit security), though it is still only half as fast as AES in counter mode. Parallel computation may yet improve the speed of our proposal, and we leave it as future research to improve the efficiency of our implementation.

Wireless sensor networks (WSNs) are composed of tiny devices with limited computation and battery capacities. For such resource-constrained devices, data transmission is a very energyconsuming operation. To maximize WSN lifetime, it is... more

Wireless sensor networks (WSNs) are composed of tiny devices with limited computation and battery capacities. For such resource-constrained devices, data transmission is a very energyconsuming operation. To maximize WSN lifetime, it is essential to minimize the number of bits sent and received by each device. One natural approach is to aggregate sensor data along the path from sensors to the sink. Aggregation is especially challenging if end-to-end privacy between sensors and the sink (or aggregate integrity) is required. In this article, we propose a simple and provably secure encryption scheme that allows efficient additive aggregation of encrypted data. Only one modular addition is necessary for ciphertext aggregation. The security of the scheme is based on the indistinguishability property of a pseudorandom function (PRF), a standard cryptographic primitive. We show that aggregation based on this scheme can be used to efficiently compute statistical values, such as mean, variance, and standard deviation of sensed data, while achieving significant bandwidth savings. To protect the integrity of the aggregated data, we construct an end-to-end Some preliminary results were originally published in Castellucia et al. [2005]. The present article is a reworked and extended version. Major new components include the security analysis and the technique for authentication of encrypted aggregated data.

This paper is about the design of multivariate public key schemes, as well as block and stream ciphers, in relation to recent attacks that exploit various types of multivariate algebraic relations. We survey these attacks focusing on... more

This paper is about the design of multivariate public key schemes, as well as block and stream ciphers, in relation to recent attacks that exploit various types of multivariate algebraic relations. We survey these attacks focusing on their common fundamental principles and on how to avoid them. From this we derive new very general design criteria, applicable for very different cryptographic components. These amount to avoiding (if possible) the existence of, in some sense "too simple" algebraic relations. Though many ciphers that do not satisfy this new paradigm probably still remain secure, the design of ciphers will never be the same again.

This paper deals with the theory and application of Cellular Automata (CAI for a class of block ciphers and stream ciphers. Based on CA state transitions certain fundamental transformations are defined which are block ciphering functions... more

This paper deals with the theory and application of Cellular Automata (CAI for a class of block ciphers and stream ciphers. Based on CA state transitions certain fundamental transformations are defined which are block ciphering functions of the proposed enciphering scheme. These fundamental transformations are found to generate the simple (alternating) group of even permutations which in turn is a subgroup of the permutation group. These functions are implemented with a class of programmable cellular automata (PCA) built around rules 51, 153, and 195. Further, high quality pseudorandom pattern generators built around rule 90 and 150 programmable cellular automata with a rule selector (Le., combining function) has been proposed as running key generators in stream ciphers. Both the schemes provide better security against different types of attacks. With a simple, regular, modular and cascadable structure of CA, hardware implementation of such schemes idealy suit for VLSI implementation.

Z'aba, Muhammad Reza and Wong, Kenneth and Dawson, Edward and Simpson, Leonie (2010) Algebraic analysis of small scale LEX-BES. In: Proceeding of the 2nd International Cryptology Conference 2010, 29 June - 1 July 2010, Melaka,... more

Z'aba, Muhammad Reza and Wong, Kenneth and Dawson, Edward and Simpson, Leonie (2010) Algebraic analysis of small scale LEX-BES. In: Proceeding of the 2nd International Cryptology Conference 2010, 29 June - 1 July 2010, Melaka, Malaysia. ... Muhammad Reza Z'aba, ...

A practical problem in symmetric cryptography is finding constructions of Boolean functions leading to reasonably large sets of functions satisfying some desired cryptographic criteria. The main known construction, called... more

A practical problem in symmetric cryptography is finding constructions of Boolean functions leading to reasonably large sets of functions satisfying some desired cryptographic criteria. The main known construction, called Maiorana-McFarland, has been recently extended. Some other constructions exist, but lead to smaller classes of functions. Here, we study more in detail the nonlinearities and the resiliencies of the functions produced by all these constructions. Further we see how to obtain functions satisfying the propagation criterion (among which bent functions) with these methods, and we give a new construction of bent functions based on the extended Maiorana-McFarland's construction.

The need for wireless communication systems has increased rapidly in the past few years and wireless communication has become more convenient in business and society. However, the air interface is vulnerable to eavesdropping, hence... more

The need for wireless communication systems has increased rapidly in the past few years and wireless communication has become more convenient in business and society. However, the air interface is vulnerable to eavesdropping, hence encryption in wireless communication systems is a necessity to keep sensitive information confidential and to prevent fraud. Furthermore, wireless devices such as Bluetooth devices and mobile phones require an encryption algorithm that is secure, fast and simple to implement. There are several cryptosystems for stream cipher applications such as A5/x used in GSM mobile communications. However, A5/x are vulnerable to cryptanalytic attacks. In this paper, a new clockcontrolled cryptosystem intended for hardware implementation is proposed. The design has attractive properties such as simplicity and scalability. The cryptographical properties including period, balancedness, linear complexity and probability distribution are analyzed. The design provides the basic security requirements, and is resistant to known cryptanalytic attacks. It is shown that the irregular clocking introduced provides a certain level of strengthened security against several cryptanalytic attacks. These properties enhance its use as a suitable cryptosystem for stream cipher applications.

Encryption is an important mechanism used to protect private information from unauthorized access. Thus, cipher systems play an important role in the communication and storage systems. But, designing a cipher system of good properties,... more

Encryption is an important mechanism used to protect private information from unauthorized access. Thus, cipher systems play an important role in the communication and storage systems. But, designing a cipher system of good properties, such as high degree of security and efficiency, is a complex process. Therefore, this paper considers this problem, and presents an attempt to find a general approach for designing good cipher systems automatically. In this paper we focus on an important class of cipher systems which is stream ciphers. The proposed approach is based on the evolutionary computation techniques, and the method chosen here is the simulated annealing programming which is an integration of genetic programming and simulated annealing algorithm. The proposed algorithm has been implemented in order to test its effectiveness in solving the underlying problem.

Z'aba, Muhammad Reza and Wong, Kenneth and Dawson, Edward and Simpson, Leonie (2010) Algebraic analysis of small scale LEX-BES. In: Proceeding of the 2nd International Cryptology Conference 2010, 29 June - 1 July 2010, Melaka,... more

Z'aba, Muhammad Reza and Wong, Kenneth and Dawson, Edward and Simpson, Leonie (2010) Algebraic analysis of small scale LEX-BES. In: Proceeding of the 2nd International Cryptology Conference 2010, 29 June - 1 July 2010, Melaka, Malaysia. ... Muhammad Reza Z'aba, ...

This new algorithm mixes two or more images of different types and sizes by employing a shuffling procedure combined with S-box substitution to perform lossless image encryption. This combines stream cipher with block cipher, on the byte... more

This new algorithm mixes two or more images of different types and sizes by employing a shuffling procedure combined with S-box substitution to perform lossless image encryption. This combines stream cipher with block cipher, on the byte level, in mixing the images. When this algorithm was implemented, empirical analysis using test images of different types and sizes showed that it is effective and resistant to attacks.

Recently, algebraic attacks have received a lot of attention in the cryptographic literature. It has been observed that a Boolean function used as a cryptographic primitive, and interpreted as a multivariate polynomial over 2 , should not... more

Recently, algebraic attacks have received a lot of attention in the cryptographic literature. It has been observed that a Boolean function used as a cryptographic primitive, and interpreted as a multivariate polynomial over 2 , should not have low degree multiples obtained by multiplication with low degree nonzero functions. In this paper, we show that a Boolean function having low nonlinearity is (also) weak against algebraic attacks, and we extend this result to higher order nonlinearities. Next, we present enumeration results on linearly independent annihilators. We also study certain classes of highly nonlinear resilient Boolean functions for their algebraic immunity. We identify that functions having low-degree subfunctions are weak in terms of algebraic immunity, and we analyze some existing constructions from this viewpoint. Further, we present a construction method to generate Boolean functions on variables with highest possible algebraic immunity 2 (this construction, first presented at the 2005 Workshop on Fast Software Encryption (FSE 2005), has been the first one producing such functions). These functions are obtained through a doubly indexed recursive relation. We calculate their Hamming weights and deduce their nonlinearities; we show that they have very high algebraic degrees. We express them as the sums of two functions which can be obtained from simple symmetric functions by a transformation which can be implemented with an algorithm whose complexity is linear in the number of variables. We deduce a very fast way of computing the output to these functions, given their input.

This paper deals with the theory and application of Cellular Automata (CAI for a class of block ciphers and stream ciphers. Based on CA state transitions certain fundamental transformations are defined which are block ciphering functions... more

This paper deals with the theory and application of Cellular Automata (CAI for a class of block ciphers and stream ciphers. Based on CA state transitions certain fundamental transformations are defined which are block ciphering functions of the proposed enciphering scheme. These fundamental transformations are found to generate the simple (alternating) group of even permutations which in turn is a subgroup of the permutation group. These functions are implemented with a class of programmable cellular automata (PCA) built around rules 51, 153, and 195. Further, high quality pseudorandom pattern generators built around rule 90 and 150 programmable cellular automata with a rule selector (Le., combining function) has been proposed as running key generators in stream ciphers. Both the schemes provide better security against different types of attacks. With a simple, regular, modular and cascadable structure of CA, hardware implementation of such schemes idealy suit for VLSI implementation.

Substitution boxes are important components in many modern day block and stream ciphers. Their study has attracted a great deal of attention over many years. The development of a variety of cryptosystem attacks over the years has lead to... more

Substitution boxes are important components in many modern day block and stream ciphers. Their study has attracted a great deal of attention over many years. The development of a variety of cryptosystem attacks over the years has lead to the development of criteria for resilience to such attacks. Some general criteria such as high non-linearity and low autocorrelation have been proposed as useful criteria (providing some protection against attacks such as linear cryptanalysis and differential cryptanalysis). There has been little application of evolutionary search to the development of S-boxes. In this paper we show how a cost function that has found excellent single output Boolean functions can be generalised to provide improved results for small S-boxes.

Bu makalede önerilen şifreleme tekniği, bitsel olarak şişfreleme/deşifreleme yapmaktadır. Metindeki her bir karakter için rastgele olarak belirlenen ekleme sabiti denilem sayı(r) o karakterin şifrelenmesini 2^r farklı şekilde... more

Bu makalede önerilen şifreleme tekniği, bitsel olarak şişfreleme/deşifreleme yapmaktadır. Metindeki her bir karakter için rastgele olarak belirlenen ekleme sabiti denilem sayı(r) o karakterin şifrelenmesini 2^r farklı şekilde değiştirmektedir. Bu işleme ilaveten ekleme sabitinin değerlerine göre de orjinal metindeki karakter, bitsel forma çevrilip parçalanarak bitsel değişim yapılmaktadır. Daha önce literatürede kusursuz şifrelem olarak yer alan One Time Pad'den farklı olarak aynı anahtarla farklı şifreli metinlerin elde edilmesi önerilen tekniğin daha avantajlı olduğpunu göstermektedir. Diğer bitsel algoritmalara göre yapısal bakımdan basit olması, önerilen tekniğin donanımsal ve yazılımsal olarak geliştirimini kolaylaştırmaktadır.

A popular technique to construct stream ciphers is to use a linear sequence generator with a very large period and good statistical properties and a non-linear filter. There is abundant literature on how to use linear approximations of... more

A popular technique to construct stream ciphers is to use a linear sequence generator with a very large period and good statistical properties and a non-linear filter. There is abundant literature on how to use linear approximations of this non-linear function to attack the cipher, which is known as (fast) correlation attacks. In this paper we explore non-linear approximations, much less well known. We will reduce the cryptanalysis of a stream cipher to solving an overdefined system of multivariate equations. At Eurocrypt 2000, Courtois, Klimov, Patarin and Shamir have introduced the XL algorithm for solving systems of overdefined multivariate quadratic equations over finite fields. The exact complexity of the XL algorithm remains an open problem. and some authors such as T.T.Moh have expressed serious doubts whether it actually works very well. However there is no doubt that such methods work very well for largely overdefined systems (much more equations than variables), and we confirm this by computer simulations. Luckily systems we obtain in cryptanalysis of stream ciphers are precisely very overdefined. In this paper we will show how to break efficiently stream ciphers that are known to be immune to all the previously known attacks. For example, we will be able to break the stream cipher Toyocrypt submitted to the Japanese government Cryptrec call for cryptographic primitives, and one of only two candidates accepted to the second phase of Cryptrec evaluation process. Toyocrypt is a 128-bit stream cipher and at the time of submission it was claimed to resist to all known attacks on stream ciphers. Later, Mihaljevic and Imai have published a "guess-and-find" attack that shows that the effective key length in Toyocrypt is 96 bits. Still Toyocrypt may be easily modified to avoid this attack. In this paper we show a new, surprisingly efficient attack, that breaks both Toyocrypt and the modified versions. Our best attack on Toyocrypt takes 2 92 CPU clocks for a 128-bit cipher. Moreover this type of attack has surprisingly small and loose requirements on the keystream needed, it works even knowing ONLY that the ciphertext is in English.

Abstract. MiFare Crypto 1 is a lightweight stream cipher used in Lon- don's Oyster card, Netherland's OV-Chipcard, US Boston's CharlieCard, and in numerous wireless access control and ticketing systems worldwide. Recently,... more

Abstract. MiFare Crypto 1 is a lightweight stream cipher used in Lon- don's Oyster card, Netherland's OV-Chipcard, US Boston's CharlieCard, and in numerous wireless access control and ticketing systems worldwide. Recently, researchers have been able to recover this algorithm by ...

In this paper we analyse the algebraic properties over the field GF(2) of the addition modulo 2 n. We look at implicit quadratic equations describing this operation, and at probabilistic conditional linear equations. We show that the... more

In this paper we analyse the algebraic properties over the field GF(2) of the addition modulo 2 n. We look at implicit quadratic equations describing this operation, and at probabilistic conditional linear equations. We show that the addition modulo 2 n can be partly or totally linearized when the output is fixed, and this for a large family of outputs. We apply these results to analyse the resistance of the stream cipher Snow 2.0 against algebraic attacks.

The encryption technique proposed in this study encrypts / decrypts in binary form. For each character in the plaintext, a randomly generated number (r), called added number, makes the cipher of the character in 2 r different ways. In... more

The encryption technique proposed in this study encrypts / decrypts in binary form. For each character in the plaintext, a randomly generated number (r), called added number, makes the cipher of the character in 2 r different ways. In addition to this process, the character in the plaintext is converted into binary form and divided into parts according to the values of the added number. Different from the One Time Pad Cipher, proposed as perfect cipher in the literature, different ciphertexts are obtained from the same key. This is one of the advantages of the proposed technique. Besides, its more structural simplicity in comparison with the other stream cipher algorithms makes its development in hardware and software easy.

Recently, algebraic attacks have received a lot of attention in the cryptographic literature. It has been observed that a Boolean function used as a cryptographic primitive, and interpreted as a multivariate polynomial over 2 , should not... more

Recently, algebraic attacks have received a lot of attention in the cryptographic literature. It has been observed that a Boolean function used as a cryptographic primitive, and interpreted as a multivariate polynomial over 2 , should not have low degree multiples obtained by multiplication with low degree nonzero functions. In this paper, we show that a Boolean function having low nonlinearity is (also) weak against algebraic attacks, and we extend this result to higher order nonlinearities. Next, we present enumeration results on linearly independent annihilators. We also study certain classes of highly nonlinear resilient Boolean functions for their algebraic immunity. We identify that functions having low-degree subfunctions are weak in terms of algebraic immunity, and we analyze some existing constructions from this viewpoint. Further, we present a construction method to generate Boolean functions on variables with highest possible algebraic immunity 2 (this construction, first presented at the 2005 Workshop on Fast Software Encryption (FSE 2005), has been the first one producing such functions). These functions are obtained through a doubly indexed recursive relation. We calculate their Hamming weights and deduce their nonlinearities; we show that they have very high algebraic degrees. We express them as the sums of two functions which can be obtained from simple symmetric functions by a transformation which can be implemented with an algorithm whose complexity is linear in the number of variables. We deduce a very fast way of computing the output to these functions, given their input.

Guess-and-determine (GD) attacks are general attacks on stream ciphers, which have often been implemented in an ad hoc manner. The authors introduce a heuristic approach to the design of GD attacks, that is a dynamic programming method... more

Guess-and-determine (GD) attacks are general attacks on stream ciphers, which have often been implemented in an ad hoc manner. The authors introduce a heuristic approach to the design of GD attacks, that is a dynamic programming method using a Viterbi-like algorithm which is a well-known decoding algorithm for convolutional codes. The authors also show that with this method, the resulting GD attacks, named heuristic GD (HGD) attacks, on TIPSY, SNOW1 and SNOW2 lead to less computational complexity than the previously known GD attacks. The main advantage of HGD attacks, over ad hoc GD attacks, is that while being powerful, they can be designed algorithmically for classes of stream ciphers, holding a certain condition. Using this method, the authors examine the resistance of SOSEMANUK, a word-oriented stream cipher proposed for the Ecrypt Stream Cipher Project. The complexity of the designed GD attack, O(2 224), is much less than the complexity of exhaustive search attack on the internal state, O(2 384), but larger than the claimed security level, that is O(2 128).

In 2007, Gaborit et al. proposed the stream cipher SYND as an improvement of the pseudo random number generator due to Fischer and Stern. This work shows how to improve considerably the efficiency the SYND cipher without using the... more

In 2007, Gaborit et al. proposed the stream cipher SYND as an improvement of the pseudo random number generator due to Fischer and Stern. This work shows how to improve considerably the efficiency the SYND cipher without using the so-called regular encoding and without compromising the security of the modified SYND stream cipher. Our proposal, called XSYND, uses a generic state transformation which is reducible to the Regular Syndrome Decoding problem (RSD), but has better computational characteristics than the regular encoding. A first implementation shows that XSYND runs much faster than SYND for a comparative security level (being more than three times faster for a security level of 128 bits, and more than 6 times faster for 400-bit security), though it is still only half as fast as AES in counter mode. Parallel computation may yet improve the speed of our proposal, and we leave it as future research to improve the efficiency of our implementation.

In this paper, the hardware implementations of six representative stream ciphers are compared in terms of performance, consumed area and the throughput-to-area ratio. The stream ciphers used for the comparison are ZUC, Snow3g, Grain V1,... more

In this paper, the hardware implementations of six representative stream ciphers are compared in terms of performance, consumed area and the throughput-to-area ratio. The stream ciphers used for the comparison are ZUC, Snow3g, Grain V1, Mickey V2, Trivium and E0. ZUC, Snow3g and E0 have been used for the security part of well known standards, especially wireless communication protocols. In addition, Grain V1, Mickey V2 and Trivium are currently selected as the final portfolio of stream ciphers for Profile 2 (Hardware) by the eStream project. The designs were implemented by using VHDL language and for the hardware implementations a FPGA device was used. The highest throughput has been achieved by Snow3g with 3330 Mbps at 104 MHz and the lowest throughput has been achieved by E0 with 187 Mbps at 187 MHz. Also, the most efficient cipher for hardware implementation in terms of throughput-to-area ratio is Mickey V2 cipher while the worst cipher for hardware implementation is Grain V1.