1. Alzette: A 64-Bit ARX-box: (feat. CRAX and TRAX)
- Author
-
Luan Cardoso dos Santos, Qingju Wang, Aleksei Udovenko, Christof Beierle, Alex Biryukov, Johann Großschädl, Vesselin Velichkov, Léo Perrin, Ruhr-Universität Bochum [Bochum], University of Luxembourg [Luxembourg], Cryptologie symétrique, cryptologie fondée sur les codes et information quantique (COSMIQ), Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), CryptoExperts, University of Edinburgh, Part of the work of Christof Beierle was funded by Deutsche Forschungsgemeinschaft (DFG), project number 411879806, and part of the work of Christof Beierle was performed while he was at the University of Luxembourg and funded by the SnT CryptoLux RG budget. Luan Cardoso dos Santos is supported by the Luxembourg National Research Fund through grant PRIDE15/10621687/SPsquared. Part of the work of Aleksei Udovenko was performed while he was at the University of Luxembourg and funded by the Fonds National de la Recherche Luxembourg (project reference 9037104).Part of the work by Vesselin Velichkov was performed while he was at the University of Luxembourg. The work of Qingju Wang is funded by the University of Luxembourg Internal Research Project (IRP) FDISC. The experiments presented in this paper were carried out using the HPC facilities of the University of Luxembourg, Micciancio, Daniele, Ristenpart, Thomas, Deutsche Forschungsgemeinschaft (DFG) [sponsor], Fonds National de la Recherche - FnR [sponsor], and University of Luxembourg - UL [sponsor]
- Subjects
Differential cryptanalysis ,Computer science ,MEDCo ,Context (language use) ,Cryptography ,02 engineering and technology ,Crax ,Space (mathematics) ,Related-tweak setting ,(tweakable) block cipher ,[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] ,0202 electrical engineering, electronic engineering, information engineering ,Arithmetic ,Computer science [C05] [Engineering, computing & technology] ,MELCC ,biology ,(Tweakable) block cipher ,business.industry ,biology.organism_classification ,Sciences informatiques [C05] [Ingénierie, informatique & technologie] ,020202 computer hardware & architecture ,Bit (horse) ,Long trailstrategy ,Symmetric-key algorithm ,Linear cryptanalysis ,Long trail strategy ,020201 artificial intelligence & image processing ,MEDCP ,business ,Alzette - Abstract
S-boxes are the only source of non-linearity in many symmetric primitives. While they are often defined as being functions operating on a small space, some recent designs propose the use of much larger ones (e.g., 32 bits). In this context, an S-box is then defined as a subfunction whose cryptographic properties can be estimated precisely.We present a 64-bit ARX-based S-box called Alzette, which can be evaluated in constant time using only 12 instructions on modern CPUs. Its parallel application can also leverage vector (SIMD) instructions. One iteration of Alzette has differential and linear properties comparable to those of the AES S-box, and two are at least as secure as the AES super S-box. As the state size is much larger than the typical 4 or 8 bits, the study of the relevant cryptographic properties of Alzette is not trivial. We further discuss how such wide S-boxes could be used to construct round functions of 64-, 128- and 256-bit (tweakable) block ciphers with good cryptographic properties that are guaranteed even in the related-tweak setting. We use these structures to design a very lightweight 64-bit block cipher (Crax) which outperforms SPECK-64/128 for short messages on micro-controllers, and a 256-bit tweakable block cipher (Trax) which can be used to obtain strong security guarantees against powerful adversaries (nonce misuse, quantum attacks).