User:Markusfnx~enwiki

This is a Wikipedia user page. This is not an encyclopedia article or the talk page for an encyclopedia article. If you find this page on any site other than Wikipedia, you are viewing a mirror site. Be aware that the page may be outdated and that the user whom this page is about may have no personal affiliation with any site other than Wikipedia. The original page is located at https://en.wikipedia.org/wiki/User:Markusfnx~enwiki.

/Curupira

In cryptography, the \textsc{Curupira} is a special-purpose block cipher tailored for platforms where power consumption and processing time are very constrained resources, such as sensor and mobile networks or systems heavily dependent on tokens or smart cards. It is an instance of the Wide Trail family of algorithms, which includes the Advanced Encryption Standard (AES). The cipher was developed by two Brazilian cryptographers, Marcos A. Simplicio Jr. and Paulo S. L. M. Barreto and has two versions, named \textsc{Curupira-1} and \textsc{Curupira-2}.

The \textsc{Curupira}-1, was designed to display both involutional structure, in the sense that the encryption and decryption modes differ only in the key schedule, and cyclic key schedule, whereby the round subkeys can be computed in-place in any order.

The second version of the algorithm, named \textsc{Curupira}-2, adopts the same round structure as \textsc{Curupira-1}, but uses a less conservative (with a slower diffusion) key scheduling algorithm, which results in a considerably higher performance when the round keys are computed on demand at the cost of a slightly reduced security. Thus, this second version of the Curupira algorithm is more recommended for scenarios where performance is a main concern, especially when the application is not higly vulnerable to related-key attacks. Nonetheless, to date there are no known ways to explore this slower diffusion in such a way that the resultant cipher can be broken.

Description of the cipher

The \textsc{Curupira} is a block cipher specially tailored for constrained platforms. It operates on 96-bit data blocks, organized as 3×4 matrices (mapped by columns instead of by rows) and accepts 96-, 144- or 192-bit keys, with a variable number of rounds. Such as in AES, calculations are done using a special finite field arithmetic, having ${\displaystyle p_{8}(x)={\texttt {14D}}}$ as primitive polynomial.

The cipher round structure is similar to the one in BKSQ, with the advantage of being involutional (which means that the encryption and decryption algorithms are identical except by the key-schedule), resulting in a more compact cipher. Its round function structure is used for both \textsc{Curupira}-1 and \textsc{Curupira}-2 and is composed by the following self-inverse transforms (see figure).

Curupira Round Structure

1. Nonlinear Layer (${\displaystyle \gamma }$): all bytes in the block pass through a highly nonlinear S-Box, identical to that used in Anubis and Khazad block ciphers;
2. Linear Diffusion Layer (${\displaystyle \theta }$): the block is left-multiplied by the MDS matrix D (see figure), which results in intra-columnar diffusion;
3. Permutation Layer (${\displaystyle \pi }$): all the bytes in the second and third rows of the block are permuted according to the rule ${\displaystyle \pi (a)=b\,\Leftrightarrow \,b_{i,j}=a_{i,i\oplus j},\;0\leqslant i<3,\;0\leqslant j<n}$;
4. Key addition Layer (${\displaystyle \sigma }$): the round key is XORed with the block.

These transforms only involve basic operations like table lookups, XORs and byte shifts, aiming to achieve high efficiency in a wide range of platforms. Nonetheless, when space is available, they can be further accelerated using precalculated tables, operating over entire columns instead of byte-to-byte.