The design and implementation of XForró14-Poly1305: a new Authenticated Encryption Scheme
Resumo
No Asiacrypt 2022 e em sua versão estendida no Journal of Cryptology 2023, Coutinho et al. propõe o algoritmo Forró, uma nova cifra de fluxo baseada em ARX com um design similar às cifras Salsa e ChaCha. Os autores demonstraram que o Forró oferece uma margem de segurança maior usando menos operações, reduzindo assim o número total de rodadas enquanto preserva o nível de segurança. Isso resulta em uma cifra mais rápida em várias plataformas, particularmente em dispositivos restritos. No entanto, a principal limitação do Forró é sua capacidade exclusiva de encriptação, sem suporte para autenticação. Para resolver esse problema, neste artigo apresentamos a cifra XForró14 e a combinamos com a Poly1305 para criar um esquema de Encriptação Autenticada com Dados Associados (AEAD). Além disso, para facilitar a implementação prática desta cifra, desenvolvemos um novo fork do projeto libsodium (https://doc.libsodium.org/), incorporando XForró14-Poly1305 como uma nova alternativa de AEAD. Nosso projeto pode ser acessado em https://github.com/murcoutinho/libsodium.
Referências
Aumasson, J., Fischer, S., Khazaei, S., Meier, W., and Rechberger, C. (2008). New features of latin dances: Analysis of Salsa, ChaCha, and Rumba. In Nyberg, K., editor, Fast Software Encryption, volume 5086 of Lecture Notes in Computer Science, pages 470–488. Springer.
Beierle, C., Leander, G., and Todo, Y. (2020). Improved differential-linear attacks with applications to ARX ciphers. In Micciancio, D. and Ristenpart, T., editors, Advances in Cryptology CRYPTO 2020, Santa Barbara, CA, USA, August 17-21, 2020, Proceedings, Part III, volume 12172 of Lecture Notes in Computer Science, pages 329–358. Springer.
Bellare, M., Canetti, R., and Krawczyk, H. (1996). Pseudorandom functions revisited: The cascade construction and its concrete security. In 37th Annual Symposium on Foundations of Computer Science, FOCS ’96, Burlington, Vermont, USA, 14-16 October, 1996, pages 514–523. IEEE Computer Society.
Bellare, M. and Namprempre, C. (2000). Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In Okamoto, T., editor, Advances in Cryptology ASIACRYPT 2000, Kyoto, Japan, December 3-7, 2000, Proceedings, volume 1976 of Lecture Notes in Computer Science, pages 531–545. Springer.
Bernstein, D. J. (2005). The poly1305-aes message-authentication code. In Gilbert, H. and Handschuh, H., editors, Fast Software Encryption: 12th International Workshop, FSE 2005, Paris, France, February 21-23, 2005, Revised Selected Papers, volume 3557 of Lecture Notes in Computer Science, pages 32–49. Springer.
Bernstein, D. J. (2008a). ChaCha, a variant of Salsa20. In Workshop Record of SASC, volume 8, pages 3–5.
Bernstein, D. J. (2008b). The Salsa20 family of stream ciphers. In Robshaw, M. J. B. and Billet, O., editors, New Stream Cipher Designs The eSTREAM Finalists, volume 4986 of Lecture Notes in Computer Science, pages 84–97. Springer.
Bernstein, D. J. (2011). Extending the Salsa20 nonce. In Workshop record of Symmetric Key Encryption Workshop, volume 2011.
Choudhuri, A. R. and Maitra, S. (2016). Significantly improved multi-bit differentials for reduced round Salsa and ChaCha. IACR Trans. Symmetric Cryptol., 2016(2):261–287.
Coelho, K. K., Nogueira, M., Marim, M. C., Silva, E. F., Vieira, A. B., and Nacif, J. A. M. (2022). Lorena: Low memory symmetric-key generation method for based on group cryptography protocol applied to the internet of healthcare things. IEEE Access, 10:12564–12579.
Costa, V. L. R. D., Camponogara, A., López, J., and Ribeiro, M. V. (2022). The feasibility of the crystals-kyber scheme for smart metering systems. IEEE Access, 10:131303– 131317.
Coutinho, M. and Neto, T. C. S. (2021). Improved linear approximations to ARX ciphers and attacks against ChaCha. In Canteaut, A. and Standaert, F., editors, Advances in Cryptology EUROCRYPT 2021 Zagreb, Croatia, October 17-21, 2021, Proceedings, Part I, volume 12696 of Lecture Notes in Computer Science, pages 711–740. Springer.
Coutinho, M., Passos, I., Vásquez, J. C. G., de Mendonça, F. L. L., de Sousa, R. T., and Borges, F. (2022). Latin dances reloaded: Improved cryptanalysis against Salsa and ChaCha, and the proposal of Forró. In Agrawal, S. and Lin, D., editors, Advances in Cryptology ASIACRYPT 2022 Taipei, Taiwan, December 5-9, 2022, Proceedings, Part I, volume 13791 of Lecture Notes in Computer Science, pages 256–286. Springer.
Coutinho, M., Passos, I., Vásquez, J. C. G., de Mendonça, F. L. L., Sarkar, S., de Sousa, R. T., and Borges, F. (2023). Latin dances reloaded: Improved cryptanalysis against Salsa and ChaCha, and the proposal of Forró (extended version). J. Cryptol., 36(18).
Denis, F. libsodium.
Dey, S., Garai, H. K., Sarkar, S., and Sharma, N. K. (2022). Revamped differential-linear cryptanalysis on reduced round ChaCha. In Advances in Cryptology–EUROCRYPT 2022, Trondheim, Norway, May 30–June 3, 2022, Proceedings, Part III, pages 86–114. Springer.
Dobraunig, C., Eichlseder, M., Mendel, F., and Schläffer, M. (2016). Ascon v1. 2. Submission to the CAESAR Competition, 5(6):7.
IANIX (2020). ChaCha usage & deployment. [link]. Accessed: 2020-01-13.
Jimale, M. A., Z’aba, M. R., Kiah, M. L. M., Idris, M. Y. I. B., Jamil, N., Mohamad, M. S., and Rohmad, M. S. (2022). Authenticated encryption schemes: A systematic review. IEEE Access, 10:14739–14766.
Langley, A., Chang, W., Mavrogiannopoulos, N., Strömbergson, J., and Josefsson, S. (2016). ChaCha20-Poly1305 cipher suites for transport layer security (TLS). RFC, 7905:1–8.
McKay, K., Bassham, L., Sönmez Turan, M., and Mouha, N. (2016). Report on lightweight cryptography. Technical report, National Institute of Standards and Technology.
Nir, Y. (2015). Rfc 7634: Chacha20, poly1305, and their use in the internet key exchange protocol (ike) and ipsec.
Wu, H. and Preneel, B. (2013). AEGIS: A fast authenticated encryption algorithm. In Lange, T., Lauter, K. E., and Lisonek, P., editors, Selected Areas in Cryptography - SAC 2013, volume 8282 of Lecture Notes in Computer Science, pages 185–201. Springer.
Beierle, C., Leander, G., and Todo, Y. (2020). Improved differential-linear attacks with applications to ARX ciphers. In Micciancio, D. and Ristenpart, T., editors, Advances in Cryptology CRYPTO 2020, Santa Barbara, CA, USA, August 17-21, 2020, Proceedings, Part III, volume 12172 of Lecture Notes in Computer Science, pages 329–358. Springer.
Bellare, M., Canetti, R., and Krawczyk, H. (1996). Pseudorandom functions revisited: The cascade construction and its concrete security. In 37th Annual Symposium on Foundations of Computer Science, FOCS ’96, Burlington, Vermont, USA, 14-16 October, 1996, pages 514–523. IEEE Computer Society.
Bellare, M. and Namprempre, C. (2000). Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In Okamoto, T., editor, Advances in Cryptology ASIACRYPT 2000, Kyoto, Japan, December 3-7, 2000, Proceedings, volume 1976 of Lecture Notes in Computer Science, pages 531–545. Springer.
Bernstein, D. J. (2005). The poly1305-aes message-authentication code. In Gilbert, H. and Handschuh, H., editors, Fast Software Encryption: 12th International Workshop, FSE 2005, Paris, France, February 21-23, 2005, Revised Selected Papers, volume 3557 of Lecture Notes in Computer Science, pages 32–49. Springer.
Bernstein, D. J. (2008a). ChaCha, a variant of Salsa20. In Workshop Record of SASC, volume 8, pages 3–5.
Bernstein, D. J. (2008b). The Salsa20 family of stream ciphers. In Robshaw, M. J. B. and Billet, O., editors, New Stream Cipher Designs The eSTREAM Finalists, volume 4986 of Lecture Notes in Computer Science, pages 84–97. Springer.
Bernstein, D. J. (2011). Extending the Salsa20 nonce. In Workshop record of Symmetric Key Encryption Workshop, volume 2011.
Choudhuri, A. R. and Maitra, S. (2016). Significantly improved multi-bit differentials for reduced round Salsa and ChaCha. IACR Trans. Symmetric Cryptol., 2016(2):261–287.
Coelho, K. K., Nogueira, M., Marim, M. C., Silva, E. F., Vieira, A. B., and Nacif, J. A. M. (2022). Lorena: Low memory symmetric-key generation method for based on group cryptography protocol applied to the internet of healthcare things. IEEE Access, 10:12564–12579.
Costa, V. L. R. D., Camponogara, A., López, J., and Ribeiro, M. V. (2022). The feasibility of the crystals-kyber scheme for smart metering systems. IEEE Access, 10:131303– 131317.
Coutinho, M. and Neto, T. C. S. (2021). Improved linear approximations to ARX ciphers and attacks against ChaCha. In Canteaut, A. and Standaert, F., editors, Advances in Cryptology EUROCRYPT 2021 Zagreb, Croatia, October 17-21, 2021, Proceedings, Part I, volume 12696 of Lecture Notes in Computer Science, pages 711–740. Springer.
Coutinho, M., Passos, I., Vásquez, J. C. G., de Mendonça, F. L. L., de Sousa, R. T., and Borges, F. (2022). Latin dances reloaded: Improved cryptanalysis against Salsa and ChaCha, and the proposal of Forró. In Agrawal, S. and Lin, D., editors, Advances in Cryptology ASIACRYPT 2022 Taipei, Taiwan, December 5-9, 2022, Proceedings, Part I, volume 13791 of Lecture Notes in Computer Science, pages 256–286. Springer.
Coutinho, M., Passos, I., Vásquez, J. C. G., de Mendonça, F. L. L., Sarkar, S., de Sousa, R. T., and Borges, F. (2023). Latin dances reloaded: Improved cryptanalysis against Salsa and ChaCha, and the proposal of Forró (extended version). J. Cryptol., 36(18).
Denis, F. libsodium.
Dey, S., Garai, H. K., Sarkar, S., and Sharma, N. K. (2022). Revamped differential-linear cryptanalysis on reduced round ChaCha. In Advances in Cryptology–EUROCRYPT 2022, Trondheim, Norway, May 30–June 3, 2022, Proceedings, Part III, pages 86–114. Springer.
Dobraunig, C., Eichlseder, M., Mendel, F., and Schläffer, M. (2016). Ascon v1. 2. Submission to the CAESAR Competition, 5(6):7.
IANIX (2020). ChaCha usage & deployment. [link]. Accessed: 2020-01-13.
Jimale, M. A., Z’aba, M. R., Kiah, M. L. M., Idris, M. Y. I. B., Jamil, N., Mohamad, M. S., and Rohmad, M. S. (2022). Authenticated encryption schemes: A systematic review. IEEE Access, 10:14739–14766.
Langley, A., Chang, W., Mavrogiannopoulos, N., Strömbergson, J., and Josefsson, S. (2016). ChaCha20-Poly1305 cipher suites for transport layer security (TLS). RFC, 7905:1–8.
McKay, K., Bassham, L., Sönmez Turan, M., and Mouha, N. (2016). Report on lightweight cryptography. Technical report, National Institute of Standards and Technology.
Nir, Y. (2015). Rfc 7634: Chacha20, poly1305, and their use in the internet key exchange protocol (ike) and ipsec.
Wu, H. and Preneel, B. (2013). AEGIS: A fast authenticated encryption algorithm. In Lange, T., Lauter, K. E., and Lisonek, P., editors, Selected Areas in Cryptography - SAC 2013, volume 8282 of Lecture Notes in Computer Science, pages 185–201. Springer.
Publicado
18/09/2023
Como Citar
COUTINHO, Murilo; PASSOS, Iago; BORGES, Fábio.
The design and implementation of XForró14-Poly1305: a new Authenticated Encryption Scheme. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 23. , 2023, Juiz de Fora/MG.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
p. 456-469.
DOI: https://doi.org/10.5753/sbseg.2023.232879.
