Speck (cipher)

Speck
3 rounds of Speck with 2-word key schedule
General
Designers Ray Beaulieu, Douglas Shors, Jason Smith, Stefan Treatman-Clark, Bryan Weeks, Louis Wingers NSA
First published 2013
Related to Simon, Threefish
Cipher detail
Key sizes 64, 72, 96, 128, 144, 192 or 256 bits
Block sizes 32, 48, 64, 96 or 128 bits
Structure ARX
Rounds 2234 (depending on block and key size)
Speed 2.6 cpb (5.7 without SSE) on Intel Xeon 5640 (Speck128/128)
Best public cryptanalysis
Differential cryptanalysis can break 17 rounds of Speck128/128 with 2113 data, 222 bytes memory and time complexity of 2113.[1] Rectangle attack can break 18 rounds of Speck128/192,256 with 2121.9 data, 2125.9 bytes memory and time complexity of 2182.7.[2]

Speck is a family of lightweight block ciphers publicly released by the National Security Agency (NSA) in June 2013.[3] Speck has been optimized for performance in software implementations, while its sister algorithm, Simon, has been optimized for hardware implementations. Speck is an add-rotate-xor (ARX) cipher.

Speck supports a variety of block and key sizes. A block is always two words, but the words may be 16, 24, 32, 48 or 64 bits in size. The corresponding key is 2, 3 or 4 words. The round function consists of two rotations, adding the right word to the left word, xoring the key into the left word, then and xoring the left word to the right word. The number of rounds depends on the parameters selected, as follows:[4]

Block size (bits) Key size (bits) Rounds
2×16 = 32 4×16 = 64 22
2×24 = 48 3×24 = 72 22
4×24 = 96 23
2×32 = 64 3×32 = 96 26
4×32 = 128 27
2×48 = 96 2×48 = 96 28
3×48 = 144 29
2×64 = 128 2×64 = 128 32
3×64 = 192 33
4×64 = 256 34

The key schedule uses the same round function as the main block cipher.

Reference code

The following is the designers' reference implementation of the Speck variant with a 128-bit block size and key, where key = (K[1], K[0]). It is adapted from their IACR ePrint.[4]

#include <stdint.h>

#define ROR(x, r) ((x >> r) | (x << (64 - r)))
#define ROL(x, r) ((x << r) | (x >> (64 - r)))
#define R(x, y, k) (x = ROR(x, 8), x += y, x ^= k, y = ROL(y, 3), y ^= x)
#define ROUNDS 32

void encrypt(uint64_t const pt[static 2],
             uint64_t ct[static 2],
             uint64_t const K[static 2])
{
   uint64_t y = pt[0], x = pt[1], b = K[0], a = K[1];

   R(x, y, b);
   for (int i = 0; i < ROUNDS - 1; i++) {
      R(a, b, i);
      R(x, y, b);
   }

   ct[0] = y;
   ct[1] = x;
}

For 16-bit words, the rotates are 7 bits right and 2 bits left; for all other word sizes, they are 8 and 3 as shown here.

If the key is more than 2 words long, there are 2 or 3 a values, which are used in rotation.

References

  1. Dinur, Itai (31 August 2014). "Improved Differential Cryptanalysis of Round-Reduced Speck". Retrieved 2014-05-09.
  2. Abed, Farzaneh; List, Eik; Lucks, Stefan; Wenzel, Jakob (9 October 2013). "Cryptanalysis of the Speck Family of Block Ciphers". Retrieved 2014-04-11.
  3. Schneier, Bruce (1 July 2013). "Schneier on Security". Retrieved 2013-07-17.
  4. 1 2 Beaulieu, Ray; Shors, Douglas; Smith, Jason; Treatman-Clark, Stefan; Weeks, Bryan; Wingers, Louis (19 June 2013). "The Simon and Speck Families Of Lightweight Block Ciphers". Retrieved 2014-01-29.
This article is issued from Wikipedia - version of the Saturday, March 19, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.