Achterbahn

From Wikipedia, the free encyclopedia
Jump to: navigation, search

In cryptography, Achterbahn is the name of a synchronous stream cipher algorithm submitted to the eSTREAM Project of the eCRYPT network. In the final specification the cipher is called ACHTERBAHN-128/80, because it supports the key lengths of 80 bits and 128 bits, respectively .[1] Achterbahn was developed by Berndt Gammel, Rainer Göttfert and Oliver Kniffler. Achterbahn means rollercoaster (in German), though a literal translation of the term would be eight-track, which indicates that the cipher can encrypt eight bit streams in parallel.

The parameters of the cipher are given in the following table:

ACHTERBAHN-80 ACHTERBAHN-128
Max. key length 80 bit 128 bit
Max. IV length 80 bit 128 bit
Max. frame length 244 244
Internal state 297 bit 351 bit

ACHTERBAHN-128 is downward compatible and can produce the same keystream as ACHTERBAHN-80 if so desired. The keystream generator of ACHTERBAHN-128/80 is based on the design principle of the nonlinear combination generator, however it deploys primitive nonlinear feedback shift registers (NLFSR) instead of linear ones (LFSR).

Security[edit]

There are no known cryptanalytic attacks against ACHTERBAHN-128/80 for the tabulated parameters that are faster than brute force attack. Recent analysis showed that attacks are possible if larger frame (packet) lengths are used in a communication protocol [2] [3] .[4] A recommendation for a maximum frame length of 244 bit is given in Ref. [5] This value does however not imply practical limitations.

Performance[edit]

The ACHTERBAHN-128/80 stream cipher is optimized for hardware applications with restricted resources, such as limited gate count and power consumption. An implementation of ACHTERBAHN-80 has a design size of only 2188 gate equivalents (Nand-GE) in a standard CMOS technology and delivers a throughput of up to 400 Megabit/s. This makes it suitable for RFID tags. A high-speed implementation with a throughput of 8 Gigabit/s has a design size of 8651 Nand-GE, cf. [6]

References[edit]

  1. ^ Berndt M. Gammel, Rainer Göttfert, and Oliver Kniffler, (30 June 2006). ACHTERBAHN-128/80. ECRYPT Stream Cipher Project Report. 
  2. ^ María Naya-Plasencia. Cryptanalysis of Achterbahn-128/80. Fast Software Encryption, 14th International Workshop, FSE 2007, Luxembourg, March 26–28, 2007, Revised Selected Papers, Lecture Notes In Computer Science, Vol. 4593, pp. 73-86, ISBN 978-3-540-74617-1, Springer 2007. 
  3. ^ María Naya-Plasencia. Cryptanalysis of Achterbahn-128/80 with a New Keystream Limitation. Research in Cryptology: Second Western European Workshop, WEWoRC 2007, Bochum, Germany, July 4–6, 2007, Revised Selected Papers, Lecture Notes In Computer Science, Vol. 4945, pp. 142-152, ISBN 978-3-540-88352-4, Springer 2008. 
  4. ^ Berndt M. Gammel, Rainer Göttfert, Oliver Kniffler. Achterbahn-128/80: Design and Analysis. In: Workshop Record of The State of the Art of Stream Ciphers - SASC 2007, (Ruhr University Bochum, Germany, Jan 31 - Feb 1, 2007), pp. 152-165. 
  5. ^ Rainer Göttfert, Berndt M. Gammel. On the frame length of Achterbahn-128/80. In: Proceedings of the 2007 IEEE Information Theory Workshop on Information Theory for Wireless Networks, July 1–6, 2007, Solstrand, Norway, (T. Helleseth, V. Kumar, and Ø. Ytrehus, eds.), pp. 91-95, ISBN 1-4244-1199-8, IEEE 2007. 
  6. ^ Berndt M. Gammel, Rainer Göttfert, and Oliver Kniffler, (30 June 2006). ACHTERBAHN-128/80. Achterbahn home page. 

External links[edit]