PRESENT: Difference between revisions
clean up using AWB |
→Cryptanalysis: add note about small block size |
||
| Line 23: | Line 23: | ||
Several full-round attacks using [[Biclique attack|biclique cryptanalysis]] have been introduced on ''PRESENT''.<ref>{{Cite journal|title = Biclique cryptanalysis of PRESENT-80 and PRESENT-128|url = http://link.springer.com/article/10.1007/s11227-014-1103-3|journal = The Journal of Supercomputing|date = 2014-01-28|issn = 0920-8542|pages = 95–103|volume = 70|issue = 1|doi = 10.1007/s11227-014-1103-3|language = en|first = Changhoon|last = Lee}}</ref><ref>{{Cite journal|title = Biclique cryptanalysis of MIBS-80 and PRESENT-80 block ciphers|url = http://onlinelibrary.wiley.com/doi/10.1002/sec.1375/abstract|journal = Security and Communication Networks|date = 2015-10-06|issn = 1939-0122|pages = |doi = 10.1002/sec.1375|language = en|first = Mohammad Hossein|last = Faghihi Sereshgi|first2 = Mohammad|last2 = Dakhilalian|first3 = Mohsen|last3 = Shakiba}}</ref> |
Several full-round attacks using [[Biclique attack|biclique cryptanalysis]] have been introduced on ''PRESENT''.<ref>{{Cite journal|title = Biclique cryptanalysis of PRESENT-80 and PRESENT-128|url = http://link.springer.com/article/10.1007/s11227-014-1103-3|journal = The Journal of Supercomputing|date = 2014-01-28|issn = 0920-8542|pages = 95–103|volume = 70|issue = 1|doi = 10.1007/s11227-014-1103-3|language = en|first = Changhoon|last = Lee}}</ref><ref>{{Cite journal|title = Biclique cryptanalysis of MIBS-80 and PRESENT-80 block ciphers|url = http://onlinelibrary.wiley.com/doi/10.1002/sec.1375/abstract|journal = Security and Communication Networks|date = 2015-10-06|issn = 1939-0122|pages = |doi = 10.1002/sec.1375|language = en|first = Mohammad Hossein|last = Faghihi Sereshgi|first2 = Mohammad|last2 = Dakhilalian|first3 = Mohsen|last3 = Shakiba}}</ref> |
||
By design all block ciphers with a block size of 64 bit can have problems with block collisions if they are used with large amounts of data <ref> |
|||
{{cite web |url=https://sweet32.info/|title=Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN|author=Karthikeyan Bhargavan, Gaëtan Leurent|date=2016-08-24|access-date=2016-09-30}}</ref>. Therefore implementations need to make sure that the amount of data encrypted with the same key is limited and rekeying is properly implemented. |
|||
==References== |
==References== |
||
Revision as of 12:44, 30 September 2016
| General | |
|---|---|
| Designers | Orange Labs, Ruhr University Bochum and the Technical University of Denmark |
| First published | 2007-08-23 |
| Cipher detail | |
| Key sizes | 80 or 128 bits |
| Block sizes | 64 bits |
| Structure | SPN |
| Rounds | 31 |
PRESENT is a lightweight block cipher, developed by the Orange Labs (France), Ruhr University Bochum (Germany) and the Technical University of Denmark in 2007. PRESENT is designed by Andrey Bogdanov, Lars R. Knudsen, Gregor Leander, Christof Paar, Axel Poschmann, Matthew J. B. Robshaw, Yannick Seurin, and C. Vikkelsoe.[1] The algorithm is notable for its compact size (about 2.5 times smaller than AES).[2]
Overview
The block size is 64 bits and the key size can be 80 bit or 128 bit. The non-linear layer is based on a single 4-bit S-box which was designed with hardware optimizations in mind. PRESENT is intended to be used in situations where low-power consumption and high chip efficiency is desired. The International Organization for Standardization and the International Electrotechnical Commission included PRESENT in the new international standard for lightweight cryptographic methods.[2][3]
Cryptanalysis
A truncated differential attack on 26 out 31 of rounds of PRESENT was suggested in 2014.[4]
Several full-round attacks using biclique cryptanalysis have been introduced on PRESENT.[5][6]
By design all block ciphers with a block size of 64 bit can have problems with block collisions if they are used with large amounts of data [7]. Therefore implementations need to make sure that the amount of data encrypted with the same key is limited and rekeying is properly implemented.
References
- ^ Bogdanov, Andrey; Knudsen, Lars R.; Leander, Gregor; Paar, Christof; Poschmann, Axel; Robshaw, Matthew J. B.; Seurin, Yannick; Vikkelsoe, Charlotte (2007). "PRESENT: An Ultra-Lightweight Block Cipher". Lecture Notes in Computer Science. 4727 (Cryptographic Hardware and Embedded Systems - CHES 2007): 450–466. Retrieved 10 March 2015.
- ^ a b Katholieke Universiteit Leuven. "Ultra-lightweight encryption method becomes international standard". Retrieved 2012-02-28.
- ^ ISO. "ISO/IEC 29192-2:2012". Retrieved 2012-02-28.
- ^ Blondeau, Cline; Nyberg, Kaisa (2014). "Links between truncated differential and multidimensional linear properties of block ciphers and underlying attack complexities". Lecture Notes in Computer Science. 8441 (Advances in Cryptology EUROCRYPT 2014): 165–182.
- ^ Lee, Changhoon (2014-01-28). "Biclique cryptanalysis of PRESENT-80 and PRESENT-128". The Journal of Supercomputing. 70 (1): 95–103. doi:10.1007/s11227-014-1103-3. ISSN 0920-8542.
- ^ Faghihi Sereshgi, Mohammad Hossein; Dakhilalian, Mohammad; Shakiba, Mohsen (2015-10-06). "Biclique cryptanalysis of MIBS-80 and PRESENT-80 block ciphers". Security and Communication Networks. doi:10.1002/sec.1375. ISSN 1939-0122.
- ^ Karthikeyan Bhargavan, Gaëtan Leurent (2016-08-24). "Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN". Retrieved 2016-09-30.
External links
- PRESENT: An Ultra-Lightweight Block Cipher
- http://www.lightweightcrypto.org/implementations.php Software Implementations in C and Python
- http://cis.sjtu.edu.cn/index.php/Software_Implementation_of_Block_Cipher_PRESENT_for_8-Bit_Platforms C implementation
- http://www.emsec.rub.de/media/crypto/veroeffentlichungen/2011/01/29/present_ches2007_slides.pdf Talk slides from Cryptographic Hardware and Embedded Systems
 | This cryptography-related article is a stub. You can help Wikipedia by expanding it. |