Speck (cipher)
3 rounds of Speck with 2-word key schedule | |
General | |
---|---|
Designers | Ray Beaulieu, Douglas Shors, Jason Smith, Stefan Treatman-Clark, Bryan Weeks, Louis Wingers NSA |
First published | 2013 |
Related to | Simon, Threefish |
Cipher detail | |
Key sizes | 64, 72, 96, 128, 144, 192 or 256 bits |
Block sizes | 32, 48, 64, 96 or 128 bits |
Structure | ARX |
Rounds | 22–34 (depending on block and key size) |
Speed | 2.6 cpb (5.7 without SSE) on Intel Xeon 5640 (Speck128/128) |
Best public cryptanalysis | |
Differential cryptanalysis can break 17 rounds of Speck128/128 with 2113 data, 222 bytes memory and time complexity of 2113.[1] Rectangle attack can break 18 rounds of Speck128/192,256 with 2121.9 data, 2125.9 bytes memory and time complexity of 2182.7.[2] |
Speck is a family of lightweight block ciphers publicly released by the National Security Agency (NSA) in June 2013.[3] Speck has been optimized for performance in software implementations, while its sister algorithm, Simon, has been optimized for hardware implementations. Speck is an add-rotate-xor (ARX) cipher.
Speck supports a variety of block and key sizes. A block is always two words, but the words may be 16, 24, 32, 48 or 64 bits in size. The corresponding key is 2, 3 or 4 words. The round function consists of two rotations, adding the right word to the left word, xoring the key into the left word, then and xoring the left word to the right word. The number of rounds depends on the parameters selected, as follows:[4]
Block size (bits) | Key size (bits) | Rounds |
---|---|---|
2×16 = 32 | 4×16 = 64 | 22 |
2×24 = 48 | 3×24 = 72 | 22 |
4×24 = 96 | 23 | |
2×32 = 64 | 3×32 = 96 | 26 |
4×32 = 128 | 27 | |
2×48 = 96 | 2×48 = 96 | 28 |
3×48 = 144 | 29 | |
2×64 = 128 | 2×64 = 128 | 32 |
3×64 = 192 | 33 | |
4×64 = 256 | 34 |
The key schedule uses the same round function as the main block cipher.
Reference code
The following is the designers' reference implementation of the Speck variant with a 128-bit block size and key, where key = (K[1], K[0]). It is adapted from their IACR ePrint.[4]
#include <stdint.h>
#define ROR(x, r) ((x >> r) | (x << (64 - r)))
#define ROL(x, r) ((x << r) | (x >> (64 - r)))
#define R(x, y, k) (x = ROR(x, 8), x += y, x ^= k, y = ROL(y, 3), y ^= x)
#define ROUNDS 32
void encrypt(uint64_t const pt[static 2],
uint64_t ct[static 2],
uint64_t const K[static 2])
{
uint64_t y = pt[0], x = pt[1], b = K[0], a = K[1];
R(x, y, b);
for (int i = 0; i < ROUNDS - 1; i++) {
R(a, b, i);
R(x, y, b);
}
ct[0] = y;
ct[1] = x;
}
For 16-bit words, the rotates are 7 bits right and 2 bits left; for all other word sizes, they are 8 and 3 as shown here.
If the key is more than 2 words long, there are 2 or 3 a
values, which are used in rotation.
References
- ↑ Dinur, Itai (31 August 2014). "Improved Differential Cryptanalysis of Round-Reduced Speck". Retrieved 2014-05-09.
- ↑ Abed, Farzaneh; List, Eik; Lucks, Stefan; Wenzel, Jakob (9 October 2013). "Cryptanalysis of the Speck Family of Block Ciphers". Retrieved 2014-04-11.
- ↑ Schneier, Bruce (1 July 2013). "Schneier on Security". Retrieved 2013-07-17.
- 1 2 Beaulieu, Ray; Shors, Douglas; Smith, Jason; Treatman-Clark, Stefan; Weeks, Bryan; Wingers, Louis (19 June 2013). "The Simon and Speck Families Of Lightweight Block Ciphers". Retrieved 2014-01-29.