Производительность и эффективность аппаратной реализации

Ïðîèçâîäèòåëüíîñòü è ýôôåêòèâíîñòü
àïïàðàòíîé ðåàëèçàöèè ïîòî÷íûõ øèôðîâ,
îñíîâàííûõ íà îáîáùåííûõ êëåòî÷íûõ àâòîìàòàõ
# 10, îêòÿáðü 2013
DOI:
Êëþ÷àð¸â Ï. Ã.
ÓÄÊ 004.056.55
Ðîññèÿ, ÌÃÒÓ èì. Í.Ý. Áàóìàíà
[email protected]
Ââåäåíèå
 íàñòîÿùåå âðåìÿ àêòèâíî ðàçâèâàåòñÿ òàê íàçûâàåìàÿ ëåãêîâåñíàÿ êðèïòîãðàôèÿ (lightweight cryptography). Ïîä ýòèì òåðìèíîì ïîäðàçóìåâàåòñÿ ðàçäåë êðèïòîãðàôèè, çàíèìàþùèéñÿ êðèïòîãðàôè÷åñêèìè àëãîðèòìàìè, êîòîðûå ìîãóò áûòü ýôôåêòèâíî ðåàëèçîâàíû íà
âû÷èñëèòåëüíûõ óñòðîéñòâàõ ñ îãðàíè÷åííûìè ðåñóðñàìè. Ëåãêîâåñíîé êðèïòîãðàôèè ïîñâÿùåíî áîëüøîå êîëè÷åñòâî ëèòåðàòóðû, îáçîðû êîòîðîé ìîæíî íàéòè â ðàáîòàõ [18, 28, 33].
 ðàáîòå [1] àâòîðîì áûëî ïðåäëîæåíî èñïîëüçîâàòü îáîáùåííûå êëåòî÷íûå àâòîìàòû
è ãðàôû Ðàìàíóäæàíà äëÿ ñèíòåçà ïîòî÷íûõ øèôðîâ.  äàëüíåéøåì òåîðåòè÷åñêèå îñíîâû
ýòîãî áûëè ðàçðàáîòàíû â ñòàòüÿõ [1, 2, 4, 5] è áûëà âûñêàçàíà ãèïîòåçà î òîì, ÷òî òàêèå
øèôðû ìîãóò áûòü ýôôåêòèâíî ðåàëèçîâàíû àïïàðàòíî. Öåëü íàñòîÿùåé ñòàòüè ñîñòîèò
â ïîäòâåðæäåíèè ýòîé ãèïîòåçû. Â íàñòîÿùåé ñòàòüå ìû ïðèâîäèì ðåçóëüòàòû èçìåðåíèÿ
áûñòðîäåéñòâèÿ è ýôôåêòèâíîñòè àïïàðàòíîé ðåàëèçàöèè ïîòî÷íûõ øèôðîâ, îñíîâàííûõ íà
îáîáùåííûõ êëåòî÷íûõ àâòîìàòàõ (ìû áóäåì íàçûâàòü ñåìåéñòâî òàêèõ øèôðîâ GRACE-S).
 êà÷åñòâå ïëàòôîðìû äëÿ ðåàëèçàöèè èñïîëüçóþòñÿ ÏËÈÑ ôèðìû Altera. Ïðîèçâîäèòñÿ
òàêæå ñðàâíåíèå áûñòðîäåéñòâèÿ è ýôôåêòèâíîñòè ðåàëèçàöèè ýòèõ øèôðîâ ñ àíàëîãàìè.
Ïîëó÷åííûå ðåçóëüòàòû ïîêàçûâàþò, ÷òî ñåìåéñòâî GRACE-S èìååò ïðîèçâîäèòåëüíîñòü
çíà÷èòåëüíî (äî 60 ðàç) ïðåâûøàþùóþ ïðîèçâîäèòåëüíîñòü ëó÷øèõ àíàëîãîâ.
1. Òåðìèíû è îïðåäåëåíèÿ
 ýòîì ðàçäåëå ìû ââåäåì îñíîâíûå îïðåäåëåíèÿ òåîðèè îáîáùåííûõ êëåòî÷íûõ àâòîìàòîâ, ÿâëÿþùåéñÿ îñíîâîé äëÿ ðàññìàòðèâàåìûõ ïîòî÷íûõ øèôðîâ.
Íàçîâåì îáîáùåííûì êëåòî÷íûì àâòîìàòîì îðèåíòèðîâàííûé ìóëüòèãðàô A = (V, E)
(çäåñü V = {v1 , . . . , vN } | ìíîæåñòâî âåðøèí, E | ìóëüòèìíîæåñòâî ðåáåð). Ñ êàæäîé åãî
http://technomag.bmstu.ru/doc/.html
299
âåðøèíîé vi àññîöèèðîâàíû: áóëåâà ïåðåìåííàÿ mi , íàçûâàåìàÿ ÿ÷åéêîé, è áóëåâà ôóíêöèÿ
fi (x1 , . . . , xdi ), íàçûâàåìàÿ ëîêàëüíîé ôóíêöèåé ñâÿçè i-é âåðøèíû. Ïðè ýòîì äëÿ êàæäîé
âåðøèíû vi âõîäÿùèå â íåå ðåáðà ïðîíóìåðîâàíû ÷èñëàìè 1, . . . , di .
Îáîáùåííûé êëåòî÷íûé àâòîìàò ðàáîòàåò ñëåäóþùèì îáðàçîì.  íà÷àëüíûé ìîìåíò
âðåìåíè êàæäàÿ ÿ÷åéêà ïàìÿòè mi , i = 1, . . . , N , èìååò íåêîòîðîå íà÷àëüíîå çíà÷åíèå
mi (0). Äàëåå àâòîìàò ðàáîòàåò ïî øàãàì. Íà øàãå ñ íîìåðîì t ïîñðåäñòâîì ëîêàëüíîé
ôóíêöèè ñâÿçè âû÷èñëÿþòñÿ íîâûå çíà÷åíèÿ ÿ÷ååê:
mi (t) = fi (mη(i,1) (t − 1), mη(i,2) (t − 1), . . . , mη(i,di ) (t − 1)),
(1)
ãäå η(i, j) | íîìåð âåðøèíû, èç êîòîðîé èñõîäèò ðåáðî, âõîäÿùåå â âåðøèíó i è èìåþùåå
íîìåð j. Çàïîëíåíèåì êëåòî÷íîãî àâòîìàòà M (t) íà øàãå t áóäåì íàçûâàòü íàáîð çíà÷åíèé
ÿ÷ååê (m1 (t), m2 (t), . . . , mN (t)).
Íàçîâåì îäíîðîäíûì îáîáùåííûì êëåòî÷íûì àâòîìàòîì îáîáùåííûé êëåòî÷íûé àâòîìàò, ó êîòîðîãî ëîêàëüíàÿ ôóíêöèÿ ñâÿçè äëÿ âñåõ ÿ÷ååê îäèíàêîâà è ðàâíà f , ò.å. äëÿ
ëþáîãî i ∈ {1, . . . , N } âûïîëíÿåòñÿ fi = f . Ñòåïåíè çàõîäà âåðøèí òàêîãî êëåòî÷íîãî
àâòîìàòà, î÷åâèäíî, îäèíàêîâû: d1 = d2 = . . . = dN = d.
Íàçîâåì îáîáùåííûé êëåòî÷íûé àâòîìàò íåîðèåíòèðîâàííûì, åñëè äëÿ ëþáîãî ðåáðà
(u, v) â åãî ãðàôå ñóùåñòâóåò è ðåáðî (v, u). Ãðàô òàêîãî àâòîìàòà ìîæíî ðàññìàòðèâàòü êàê
íåîðèåíòèðîâàííûé ðåãóëÿðíûé ãðàô, åñëè çàìåíèòü êàæäóþ ïàðó ðåáåð (u, v) è (v, u) íà
íåîðèåíòèðîâàííîå ðåáðî {u, v}. Äàëåå ìû áóäåì èñïîëüçîâàòü òîëüêî íåîðèåíòèðîâàííûå
îäíîðîäíûå îáîáùåííûå êëåòî÷íûå àâòîìàòû, äëÿ êðàòêîñòè íàçûâàÿ èõ ïðîñòî îáîáùåííûìè êëåòî÷íûìè àâòîìàòàìè.
Ïóñòü çàäàíà äâîè÷íàÿ ïîñëåäîâàòåëüíîñòü {ξt }. Íàçîâåì îáîáùåííûì êëåòî÷íûì àâòîìàòîì ñ çàäàþùåé ïîñëåäîâàòåëüíîñòüþ îáîáùåííûé êëåòî÷íûé àâòîìàò, ó êîòîðîãî
äëÿ âû÷èñëåíèÿ îäíîé èç ÿ÷ååê mr (áóäåì åå íàçûâàòü çàäàþùåé ÿ÷åéêîé), âìåñòî ôîðìóëû
(1) èñïîëüçóåòñÿ ôîðìóëà
mr (t) = fr mη(r,1) (t − 1), mη(r,2) (t − 1), . . . , mη(r,dr ) (t − 1) ⊕ ξt .
Íåêîòîðûé íàáîð ÿ÷ååê êëåòî÷íîãî àâòîìàòà áóäåì íàçûâàòü âûõîäîì. ×èñëî ÿ÷ååê â ýòîì
íàáîðå áóäåì íàçûâàòü äëèíîé âûõîäà èëè äëèíîé âûõîäíîãî ñëîâà. ß÷åéêè, íå âõîäÿùèå â
âûõîä íàçîâåì ñêðûòûìè. Âûõîäíîé ïîñëåäîâàòåëüíîñòüþ êëåòî÷íîãî àâòîìàòà íàçîâåì
ôóíêöèþ, àðãóìåíòîì êîòîðîé ÿâëÿåòñÿ íîìåð øàãà, à çíà÷åíèåì | çíà÷åíèå âûõîäà íà ýòîì
øàãå.
Äëÿ êðèïòîñòîéêîñòè øèôðà áîëüøîå çíà÷åíèå èìååò âûáîð ãðàôà îáîáùåííîãî êëåòî÷íîãî àâòîìàòà. Ñîãëàñíî ðàáîòå [6], õîðîøèì âûáîðîì ÿâëÿþòñÿ ãðàôû Ðàìàíóäæàíà
[15, 24, 26]. Â äàííîé ðàáîòå èñïîëüçóþòñÿ òàê íàçûâàåìûå ãðàôû Ëþáîöêîãî | Ôèëèïñà | Ñàðíàêà ñåìåéñòâà Y p,q . Îáñóæäåíèå ýòèõ ãðàôîâ âûõîäèò äàëåêî çà ðàìêè íàñòîÿùåé
ðàáîòû. Èõ ïîäðîáíîå îïèñàíèå ìîæíî íàéòè, íàïðèìåð â ðàáîòàõ [25, 26, 30]. Àâòîðîì
îíè ðàññìàòðèâàþòñÿ â ñòàòüÿõ [1, 2, 3, 6].
300
Êðîìå òîãî, âåñüìà âàæíûì ÿâëÿåòñÿ ïðàâèëüíûé âûáîð ëîêàëüíîé ôóíêöèè ñâÿçè îáîáùåííîãî êëåòî÷íîãî àâòîìàòà.  ðàáîòàõ [4, 5] ñôîðìóëèðîâàíû îñíîâíûå ïðèíöèïû âûáîðà
òàêèõ ôóíêöèé è ïîñòðîåíî ñåìåéñòâî ôóíêöèé, îòâå÷àþùåå ýòèì òðåáîâàíèÿì.  ÷àñòíîñòè, ëîêàëüíàÿ ôóíêöèÿ ñâÿçè äîëæíà áûòü ðàâíîâåñíîé, øåôôåðîâîé, à åå íåëèíåéíîñòü
(ò.å. ðàññòîÿíèå îò ýòîé ôóíêöèè äî ìíîæåñòâà àôôèííûõ áóëåâûõ ôóíêöèé) | êàê ìîæíî
áîëåå âûñîêîé.
Ñåìåéñòâî ôóíêöèé, óäîâëåòâîðÿþùèõ âñåì íåîáõîäèìûì òðåáîâàíèÿì ïîñòðîåíî â
ðàáîòå [5].  ÷àñòíîñòè, â ñëó÷àå ÷åòíîãî ÷èñëà ïåðåìåííûõ èñïîëüçóåòñÿ ôóíêöèÿ
g2 (v, u, x1 , y1 , . . . , xk , yk ) =
= (1 ⊕ v)(β1 (x1 , y1 , . . . , xk , yk ) ⊕ u) ⊕ v(β3 (x1 , y1 , . . . , xk , yk ) ⊕ u) =
=
k
M
xi yi ⊕ s1 (x1 , . . . , xk ) ⊕ v(s1 (x1 , . . . , xk ) ⊕ s3 (x1 , . . . , xk )) ⊕ u,
(2)
i=1
ãäå s1 (x1 , . . . , xk ) è s3 (x1 , . . . , xk ) | ïðîèçâîëüíûå áóëåâû ôóíêöèè, ïðè÷åì k + t3 = 1
(mod 2), ãäå t3 | ÷èñëî íåíóëåâûõ êîýôôèöèåíòîâ â àëãåáðàè÷åñêîé íîðìàëüíîé ôîðìå
ôóíêöèè s3 , è ñâîáîäíûé ÷ëåí ÀÍÔ ôóíêöèè s1 ðàâåí 1.
 äàííîé ðàáîòå èñïîëüçóþòñÿ ëîêàëüíûå ôóíêöèè ñâÿçè îò øåñòè ïåðåìåííûõ. Ñëåäóåò
îòìåòèòü, ÷òî òàêàÿ ôóíêöèÿ îò øåñòè ïåðåìåííûõ, èìåþùàÿ âèä (2), ìîæåò áûòü ïðåäñòàâëåíà â âèäå ñóïåðïîçèöèè äâóõ ÷åòûðåõìåñòíûõ áóëåâûõ ôóíêöèé. Áîëåå ïîäðîáíî ýòî
ïîêàçàíî íèæå.
2. Êîíñòðóêöèÿ ïîòî÷íîãî øèôðà
Îïèøåì çäåñü ðàññìàòðèâàåìîå ñåìåéñòâî ïîòî÷íûõ øèôðîâ GRACE-S (åìó òàêæå ïîñâÿùåíû äðóãèå ðàáîòû àâòîðà, íàïðèìåð, [1, 2, 4, 5]). Ñåìåéñòâî îñíîâàíî íà îáîáùåííûõ
êëåòî÷íûõ àâòîìàòàõ. Èñïîëüçîâàíèþ êëåòî÷íûõ àâòîìàòîâ â êðèïòîãðàôèè ïîñâÿùåí ðÿä
ðàáîò, â òîì ÷èñëå [1, 8].
Ïîòî÷íûé øèôð ïðåäñòàâëÿåò ñîáîé ãåíåðàòîð ãàììû è ñîñòîèò (ðèñ. 1) èç äâóõ îáîáùåííûõ êëåòî÷íûõ àâòîìàòîâ ñ çàäàþùåé ïîñëåäîâàòåëüíîñòüþ CA1 è CA2 è ëèíåéíîãî
ðåãèñòðà ñäâèãà ñ îáðàòíîé ñâÿçüþ (LFSR). Àâòîìàòû èìåþò ðàçíûé ðàçìåð è ðàçëè÷íûå ëîêàëüíûå ôóíêöèè ñâÿçè: f1 è f2 . Çàäàþùåé ÿ÷åéêîé ÿâëÿåòñÿ îäíà èç ñêðûòûõ ÿ÷ååê êàæäîãî
èç ýòèõ àâòîìàòîâ, à çàäàþùåé ïîñëåäîâàòåëüíîñòüþ ÿâëÿåòñÿ âûõîäíàÿ ïîñëåäîâàòåëüíîñòü
ðåãèñòðà ñäâèãà. Ïðè ýòîì ÷èñëî âûõîäíûõ ÿ÷ååê îáîèõ àâòîìàòîâ äîëæíî áûòü îäèíàêîâûì. Ãåíåðàòîð ðàáîòàåò ïîøàãîâî. Íà êàæäîì øàãå âûõîäîì ãåíåðàòîðà ãàììû ÿâëÿåòñÿ
ïîðàçðÿäíàÿ ñóììà ïî ìîäóëþ äâà âûõîäîâ àâòîìàòîâ. Ïðè ýòîì íà âûõîäå ãåíåðàòîðà ãàììû
íà êàæäîì øàãå ôîðìèðóåòñÿ ñëîâî (áóäåì íàçûâàòü åãî âûõîäíûì ñëîâîì), äëèíà êîòîðîãî
ðàâíà äëèíå âûõîäà êàæäîãî àâòîìàòà. Ãàììà ÿâëÿåòñÿ êîíêàòåíàöèåé âûõîäíûõ ñëîâ íà
êàæäîì øàãå.
http://technomag.bmstu.ru/doc/.html
301
Îáîáùåííûé
êëåòî÷íûé
àâòîìàò 1
+
LFSR
Îáîáùåííûé
êëåòî÷íûé
àâòîìàò 2
Ðèñ. 1. Ñòðóêòóðà ãåíåðàòîðà ãàììû
Êðèïòîãðàôè÷åñêèé êëþ÷ ìîæåò èìåòü ëþáóþ äëèíó, ìåíüøóþ ÷èñëà ÿ÷ååê êàæäîãî
êëåòî÷íîãî àâòîìàòà íå ìåíåå, ÷åì â ïîëòîðà ðàçà. Ïðè ýòîì, äëèíà LFSR äîëæíà áûòü
ðàâíà äëèíå êëþ÷à, à õàðàêòåðèñòè÷åñêèé ìíîãî÷ëåí LFSR äîëæåí áûòü íåïðèâîäèìûì.
Íà÷àëüíûì çàïîëíåíèåì êàæäîãî êëåòî÷íîãî àâòîìàòà ÿâëÿåòñÿ êëþ÷, êîíêàòåíèðîâàííûé ñ íåêîòîðîé êîíñòàíòîé, äîïîëíÿþùåé êëþ÷ äî ðàçìåðà àâòîìàòà (ò.å. ÷èñëà ÿ÷ååê).
Ýòà êîíñòàíòà äîëæíà èìåòü ïðèáëèçèòåëüíî îäèíàêîâîå êîëè÷åñòâî åäèíèö è íóëåé. Êëþ÷
ÿâëÿåòñÿ òàêæå íà÷àëüíûì çàïîëíåíèåì ðåãèñòðà ñäâèãà.
Øèôðîâàíèå, ïðîèçâîäèòñÿ ïóòåì ïîðàçðÿäíîãî ñëîæåíèÿ îòêðûòîãî òåêñòà ñ ãàììîé ïî
ìîäóëþ äâà. Ðàñøèôðîâàíèå ïðîèçâîäèòñÿ àíàëîãè÷íî.
Îáîçíà÷èì çàïîëíåíèå êëåòî÷íîãî àâòîìàòà CA íà øàãå t êàê CA(t, M0 , ξ), ãäå M0 |
íà÷àëüíîå çàïîëíåíèå, à ξ | çàäàþùàÿ ïîñëåäîâàòåëüíîñòü. Âûõîä êëåòî÷íîãî àâòîìàòà
îáîçíà÷èì prm (CA(t, M0 , ξ)), ãäå m | äëèíà âûõîäà, à prr | ôóíêöèÿ, âîçâðàùàþùàÿ
íåêîòîðûå r ðàçðÿäîâ àðãóìåíòà (èìåþùèå íàïåðåä çàäàííûå íîìåðà).
Îáîçíà÷èì ÷åðåç LF SR(L0 ) ïîñëåäîâàòåëüíîñòü, ïîðîæäàåìóþ ëèíåéíûì ðåãèñòðîì
ñäâèãà, çäåñü L0 | åãî íà÷àëüíîå çàïîëíåíèå.
Òàêèì îáðàçîì, âûõîä ãåíåðàòîðà ãàììû íà øàãå t âû÷èñëÿåòñÿ ïî ôîðìóëå
y(t, key) = CA1 (t, key||c1 , LF SR(key)) ⊕ CA2 (t, key||c2 , LF SR(key)),
ãäå CA1 è CA2 | äâà îáîáùåííûõ êëåòî÷íûõ àâòîìàòà ñ çàäàþùåé ïîñëåäîâàòåëüíîñòüþ;
⊕ | ïîðàçðÿäíîå ñëîæåíèå ïî ìîäóëþ äâà; c1 è c2 | êîíñòàíòû, äîïîëíÿþùèå êëþ÷ äî
ðàçìåðà êëåòî÷íîãî àâòîìàòà. Âåñ ýòèõ êîíñòàíò äîëæåí áûòü áëèçîê ê ïîëîâèíå äëèíû;
|| | îïåðàöèÿ êîíêàòåíàöèè äâîè÷íûõ âåêòîðîâ.
302
Âûðàáàòûâàåìàÿ ãåíåðàòîðîì ãàììà ïðåäñòàâëÿåò ñîáîé êîíêàòåíàöèþ âûõîäîâ, ïðè÷åì
ïîñëå íà÷àëà ðàáîòû àâòîìàòà äåëàåòñÿ íåñêîëüêî õîëîñòûõ øàãîâ:
γ = y(τ + 1, key)||y(τ + 2, key)|| . . . ,
ãäå τ | ÷èñëî õîëîñòûõ øàãîâ.
Ýêñïåðèìåíòû ïîêàçàëè, ÷òî ÷èñëî õîëîñòûõ øàãîâ äîëæíî áûòü ïðîïîðöèîíàëüíî äèàìåòðó. Ïîýòîìó â ñëó÷àå èñïîëüçîâàíèÿ ãðàôîâ Ðàìàíóäæàíà τ = Ω(log n), ãäå n | ðàçìåð
áîëüøåãî êëåòî÷íîãî àâòîìàòà. Ýêñïåðèìåíòàëüíî ïîêàçàíî, ÷òî íà ïðàêòèêå ÷èñëî õîëîñòûõ øàãîâ äîëæíî áûòü íå ìåíåå ÷åì 2D, ãäå D | äèàìåòð ãðàôà.
3. Ðåàëèçàöèÿ íà ÏËÈÑ è ïðîèçâîäèòåëüíîñòü
Ïðîãðàììèðóåìàÿ ëîãè÷åñêàÿ èíòåãðàëüíàÿ ñõåìà (ÏËÈÑ) ðåàëèçóåò íàáîð îäíîòèïíûõ
ðåêîíôèãóðèðóåìûõ ÿ÷ååê.  ïðîöåññå ïðîãðàììèðîâàíèÿ ÏËÈÑ îïðåäåëÿåòñÿ êîíôèãóðàöèÿ êàæäîé òàêîé ÿ÷åéêè, à òàêæå ñâÿçè ìåæäó íèìè. C ïîìîùüþ ÏËÈÑ ìîæíî ðåàëèçîâàòü
ïðàêòè÷åñêè ëþáóþ öèôðîâóþ ñõåìó. Îïèñàíèå öèôðîâûõ ñõåì îñóùåñòâëÿåòñÿ ïîñðåäñòâîì ñïåöèàëüíûõ ÿçûêîâ, íàèáîëåå èçâåñòíûìè èç êîòîðûõ ÿâëÿþòñÿ VHDL è Verilog. Â
íàñòîÿùåé ðàáîòå â êà÷åñòâå ïëàòôîðìû áûëè âûáðàíû ÏËÈÑ ôèðìû Altera, à â êà÷åñòâå
ÿçûêà îïèñàíèÿ | ÿçûê VHDL.
Ïîñêîëüêó òðåáîâàëîñü ïðîâåñòè òåñòèðîâàíèå ïðîèçâîäèòåëüíîñòè øèôðîâ èç ñåìåéñòâà GRACE-S ïðè ðàçëè÷íûõ ïàðàìåòðàõ, áûë ðàçðàáîòàí êîìïëåêñ ïðîãðàìì, ïîçâîëÿþùèé ãåíåðèðîâàòü VHDL-ôàéë, ðåàëèçóþùèé øèôð èç ñåìåéñòâà GRACE-S, çàäàííûé
âõîäíûìè ïàðàìåòðàìè, òàêèìè êàê ãðàôû êëåòî÷íûõ àâòîìàòîâ, ëîêàëüíûå ôóíêöèè ñâÿçè,
êîëè÷åñòâî âûõîäíûõ ÿ÷ååê è äð. Êîìïëåêñ ïðîãðàìì áûë ðåàëèçîâàí íà ÿçûêå C#. Ïàðàìåòðû çàäàâàëèñü ñ ïîìîùüþ XML-ôàéëà. Äëÿ êîìïèëÿöèè VHDL-ôàéëà è ìîäåëèðîâàíèÿ
èñïîëüçîâàëèñü ÑÀÏÐ Altera Quartus II 12.0 è ÑÀÏÐ Altera ModelSim Starter Edition 10.0d.
Îñíîâîé àðõèòåêòóðû ÏËÈÑ Altera ÿâëÿþòñÿ ìîäóëè àäàïòèâíîé ëîãèêè (Adaptive Logic
Module, ALM). ÏËÈÑ ñîñòîèò èç áîëüøîãî êîëè÷åñòâà òàêèõ ìîäóëåé. Êàæäûé ALM ñîñòîèò èç ýëåìåíòà êîìáèíàòîðíîé ëîãèêè, äâóõ ðåãèñòðîâ è äâóõ ñóììàòîðîâ. Ñ ïîìîùüþ
ýëåìåíòà êîìáèíàòîðíîé ëîãèêè ìîæíî ðåàëèçîâàòü áóëåâó ôóíêöèþ. Ïðè÷åì, ìëàäøèå
ìîäåëè ÏËÈÑ (ñåìåéñòâî Cyclone) ïîçâîëÿþò ðåàëèçîâàòü â êàæäîì ALM ïðîèçâîëüíóþ
áóëåâó ôóíêöèþ îò ÷åòûðåõ ïåðåìåííûõ, â òî âðåìÿ êàê ñòàðøèå ìîäåëè (ñåìåéñòâà Arria
è Stratix) | ïðîèçâîëüíóþ áóëåâó ôóíêöèþ îò øåñòè ïåðåìåííûõ. Ïîýòîìó äëÿ îáåñïå÷åíèÿ âûñîêîé ýôôåêòèâíîñòè, ëîêàëüíàÿ ôóíêöèÿ ñâÿçè îáîáùåííûõ êëåòî÷íûõ àâòîìàòîâ äîëæíà çàâèñåòü íå áîëåå ÷åì îò øåñòè ïåðåìåííûõ è äîëæíà äîïóñêàòü âîçìîæíîñòü
ðåàëèçàöèè ñ ïîìîùüþ íàèìåíüøåãî ÷èñëà ôóíêöèé, çàâèñÿùèõ îò ÷åòûðåõ ïåðåìåííûõ.
Âûáðàííîå ñåìåéñòâî ôóíêöèé óäîâëåòâîðÿåò ýòèì òðåáîâàíèÿì.
http://technomag.bmstu.ru/doc/.html
303
Äåéñòâèòåëüíî, ôóíêöèþ (2) ìîæíî ïðåäñòàâèòü â âèäå ñóïåðïîçèöèè ñëåäóþùèõ äâóõ
ôóíêöèé çàâèñÿùèõ îò ìåíüøåãî ÷èñëà ïåðåìåííûõ:
g21 (u, x1 , y1 , . . . , xk−ρ , yk−ρ , t) =
k−ρ
M
xi yi ⊕ u ⊕ t;
i=1
g22 (v, x1 , . . . , xk , yk−ρ+1 , . . . , yk ) =
k
M
=
xi yi ⊕ s1 (x1 , . . . , xk ) ⊕ v(s1 (x1 , . . . , xk ) ⊕ s3 (x1 , . . . , xk )).
i=k−ρ+1
Óêàçàííàÿ ñóïåðïîçèöèÿ ââîäèòñÿ ñëåäóþùèì îáðàçîì:
g2 (v, u, x1 , y1 , . . . , xk , yk ) = g21 (u, x1 , y1 , . . . , xk−ρ , yk−ρ , g22 (v, x1 , . . . , xk , yk−ρ+1 , . . . , yk )).
Âñåãî ôóíêöèÿ g2 èìååò d = 2k + 2 àðãóìåíòîâ. Ôóíêöèÿ g21 èìååò 2(k − ρ) àðãóìåíòîâ,
à ôóíêöèÿ g22 èìååò k + ρ + 1 àðãóìåíò. Ïðè ρ áëèçêîì ê (k + 1)/3 = n/6 ó ôóíêöèé g21
è g22 áóäåò ïðèáëèçèòåëüíî ïîðîâíó àðãóìåíòîâ.  ÷àñòíîñòè, ïðè d = 6 è ρ = 1 ýòè äâå
ôóíêöèè èìåþò ïî ÷åòûðå àðãóìåíòà, ò.å. øåñòèìåñòíàÿ ëîêàëüíàÿ ôóíêöèÿ ñâÿçè äàííîãî
âèäà ìîæåò áûòü ïðåäñòàâëåíà â âèäå ñóïåðïîçèöèè äâóõ ÷åòûðåõìåñòíûõ ôóíêöèé.
Áûëî ïðîâåäåíî èññëåäîâàíèå ïðîèçâîäèòåëüíîñòè ïðè ðàçëè÷íûõ çíà÷åíèÿõ ïàðàìåòðîâ (òàáë. 1) íà ðàçëè÷íûõ ÏËÈÑ ôèðìû Altera (Cyclone II, Cyclone V, Arria II GX, Arria V,
Stratix III, Stratix V). Äëÿ ÏËÈÑ Cyclone II è Stratix V áûëà ïðîâåðåíà ðàáîòà íà ôèçè÷åñêîé ÏËÈÑ, ñ ïîìîùüþ ñîîòâåòñòâóþùèõ îòëàäî÷íûõ ïëàò ñ âíåøíèì òàêòîâûì ãåíåðàòîðîì.
Òàáëèöà 1
Ïàðàìåòðû ïðîòåñòèðîâàííûõ øèôðîâ èç ñåìåéñòâà GRACE-S
No ï/ï
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Êîë-âî ÿ÷ååê
êëåòî÷íîãî
àâòîìàòà ¹ 1
230
390
770
1182
1550
2310
3090
4622
230
390
770
1182
1550
2310
3090
4622
Êîë-âî ÿ÷ååê
êëåòî÷íîãî
àâòîìàòà ¹ 2
242
402
810
1202
1602
2342
3110
4650
242
402
810
1202
1602
2342
3110
4650
Êîë-âî
âûõîäíûõ
ÿ÷ååê
128
256
512
768
1024
1536
2048
3072
128
256
512
768
1024
1536
2048
3072
Äëèíà
êëþ÷à
128
128
128
128
128
128
128
128
256
256
256
256
256
256
256
256
304
Äàííûå ïî áûñòðîäåéñòâèþ, ìàêñèìàëüíîé òàêòîâîé ÷àñòîòå è ýôôåêòèâíîñòè ðåàëèçàöèè ïðèâåäåíû íà ðèñ. 2, 3, 4. Çäåñü ïîä ýôôåêòèâíîñòüþ àïïàðàòíîé ðåàëèçàöèè ïîíèìàåòñÿ îòíîøåíèþ áûñòðîäåéñòâèÿ ê êîëè÷åñòâó àïïàðàòíûõ ðåñóðñîâ. Äëÿ ðàññìàòðèâàåìûõ
ÏËÈÑ åäèíèöåé àïïàðàòíûõ ðåñóðñîâ ÿâëÿåòñÿ ëîãè÷åñêèé ýëåìåíò | LE.
1200,0
Ñêîðîñòü ãåíåðàöèè ãàììû, Ãáèò/ñ
1000,0
800,0
600,0
400,0
200,0
0,0
128
256
512
Arria II GX
Arria V
768
1024
Äëèíà âûõîäíîãî ñëîâà
Cyclone II
Cyclone V
1536
Stratix III
Stratix IV
2048
3072
Stratix V
Ðèñ. 2. Ñêîðîñòü ãåíåðàöèè ãàììû
800
Ìàêñèìàëüíàÿ òàêòîâàÿ ÷àñòîòà, ÌÃö
700
600
500
400
300
200
100
0
128
256
Arria II GX
512
Arria V
768
1024
Äëèíà âûõîäíîãî ñëîâà
Cyclone II
Cyclone V
Stratix III
1536
Stratix IV
2048
3072
Stratix V
Ðèñ. 3. Ìàêñèìàëüíàÿ òàêòîâàÿ ÷àñòîòà
http://technomag.bmstu.ru/doc/.html
305
200,0
180,0
Ýôôåêòèâíîñòü ðåàëèçàöèè, Ìáèò/(ñ*LE)
160,0
140,0
120,0
100,0
80,0
60,0
40,0
20,0
0,0
128
256
Arria II GX
512
Arria V
768
1024
1536
2048
Äëèíà âûõîäíîãî ñëîâà
Cyclone II
Cyclone V
Stratix III
Stratix IV
Stratix V
3072
Ðèñ. 4. Ýôôåêòèâíîñòü ðåàëèçàöèè
4. Ñðàâíåíèå ïàðàìåòðîâ ýôôåêòèâíîñòè è áûñòðîäåéñòâèÿ
ñåìåéñòâà êðèïòîàëãîðèòìîâ GRACE-S ñ ñóùåñòâóþùèìè
àíàëîãàìè ïðè àïïàðàòíîé ðåàëèçàöèè
Ñðàâíåíèå ïðîâîäèëîñü ñ ïîòî÷íûìè êðèïòîàëãîðèòìàìè, ïðåäñòàâëåííûìè íà åâðîïåéñêèé êîíêóðñ eSTREAM, ïðîâîäèâøèéñÿ â 2005{2008 ãã., êîòîðûé áûë íàïðàâëåí íà
ïîèñê êðèïòîñòîéêèõ ïîòî÷íûõ øèôðîâ. Äàííûå î áûñòðîäåéñòâèè ðåàëèçàöèé àëãîðèòìîâ
ïîëó÷åíû èç ðàáîòû [22]. Ìåòîäèêà ñðàâíåíèÿ àíàëîãè÷íà èñïîëüçóåìîé â ñòàòüå [7].
Ñðàâíåíèå áûñòðîäåéñòâèÿ (ò.å. ñêîðîñòè âûðàáîòêè ãàììû) ïðîâîäèëîñü ïî äâóì ïîêàçàòåëÿì: áûñòðîäåéñòâèå íà ìàêñèìàëüíîé òàêòîâîé ÷àñòîòå è áûñòðîäåéñòâèå íà òàêòîâîé
÷àñòîòå 100 ÌÃö. Ñðàâíåíèå ïðîèçâîäèëàñü ñ êðèïòîàëãîðèòìàìè AES (â ðåæèìå OFB) [14],
Achterbahn [19, 20], Grain [21, 23, 32], MICKEY [9, 10, 11, 12], MOSQUITO [13], SFINKS+
[31], Trivium [16, 17], VEST [27], ZK-Crypt [34].
Äàííûå ïðèâåäåíû â òàáë. 2. Îòðàæåíû äàííûå äëÿ ñåìåéñòâà GRACE-S ñ ðàçëè÷íîé
äëèíîé âûõîäíîãî ñëîâà (256, 1024, 3072) è ïðè ðåàëèçàöèè íà íàèáîëåå õàðàêòåðíûõ ÏËÈÑ
ôèðìû Altera: Stratix V, êàê íàèáîëåå áûñòðîäåéñòâóþùåé, è Cyclone II, êàê íàèáîëåå äåøåâîé. Èç òàáë. 2 âèäíî, ÷òî áûñòðîäåéñòâèå ïðè ðåàëèçàöèè íà Stratix V â 60 ðàç ïðåâûøàåò
áûñòðîäåéñòâèå êðèïòîàëãîðèòìà Trivium, èìåþùåãî ìàêñèìàëüíîå áûñòðîäåéñòâèå ñðåäè
àëãîðèòìîâ, ïðåäñòàâëåííûõ íà êîíêóðñ eStream.
Ñîïîñòàâëåíèå ýôôåêòèâíîñòè àïïàðàòíîé ðåàëèçàöèè ïðèâåäåíî â òàáë. 3. Äàííûå ïî
êðèïòîàëãîðèòìàì AES, Trivium, MICKEY è Grain ïðèâåäåíû â ñîîòâåòñòâèè ñî ñòàòüåé [29].
306
Òàáëèöà 2
Áûñòðîäåéñòâèå àïïàðàòíûõ ðåàëèçàöèé øèôðîâ ñåìåéñòâà GRACE-S
â ñðàâíåíèè ñ àíàëîãè÷íûìè ñóùåñòâóþùèìè øèôðàìè
Ãåíåðàòîð
GRACE-S | 256, Cyclone II
GRACE-S | 1024, Cyclone II
GRACE-S | 256, Strarix V
GRACE-S | 1024, Strarix V
GRACE-S | 3072, Strarix V
AES (OFB)
Achterbahn
Grain
MICKEY
MOSQUITO
SFINKS+
Trivium
VEST
ZK-Crypt
Ìàêñ.
òàêòîâàÿ
÷àñòîòà, ÌÃö
195
108
700
517
362
182
250
300
308
265
167
312
286
203
Áûñòðîäåéñòâèå
ïðè ìàêñ. òàêòîâîé
÷àñòîòå, Ãáèò/ñ
49
110
179
529
1112
0,52
0,46
4,47
0,28
0,73
1,24
18,5
4,25
6,05
Áûñòðîäåéñòâèå ïðè
òàêòîâîé ÷àñòîòå
100 ÌÃö, Ãáèò/ñ
25
102
25
102
307
0,29
0,18
1,49
0,93
0,27
0,74
5,95
1,48
2,98
Òàáëèöà 3
Ýôôåêòèâíîñòü àïïàðàòíûõ ðåàëèçàöèé øèôðîâ ñåìåéñòâà GRACE-S
â ñðàâíåíèè ñ àíàëîãè÷íûìè ñóùåñòâóþùèìè øèôðàìè
Ãåíåðàòîð
AES
Grain
MICKEY
Trivium
GRACE-S | 256, Cyclone II
GRACE-S | 1024, Cyclone II
GRACE-S | 256, Strarix V
GRACE-S | 1024, Strarix V
GRACE-S | 3072, Strarix V
Áûñòðîäåéñòâèå,
Ìáèò/ñ
0,61
3,44
0,22
16,3
49
110
179
529
1112
Àïïàðàòíûå
ðåñóðñû, òûñ. LE
5
0,5
0,5
0,7
1,9
6,7
1
3,4
10,2
Ýôôåêòèâíîñòü,
Ãáèò/(ñ · LE)
0,12
6,77
0,41
23,3
26
16
179
155
109
Èç òàáë. 3 âèäíî, ÷òî ýôôåêòèâíîñòü àïïàðàòíîé ðåàëèçàöèè àëãîðèòìîâ GRACE{S â
íåñêîëüêî ðàç ïðåâûøàåò ýôôåêòèâíîñòü àïïàðàòíîé ðåàëèçàöèè ëó÷øåãî èç àëãîðèòìîâ,
ïðåäñòàâëåííûõ íà êîíêóðñå eStream.
Çàêëþ÷åíèå
 ñòàòüå ïîêàçàíî, ÷òî ñåìåéñòâî ïîòî÷íûõ øèôðîâ, îñíîâàííûõ íà îáîáùåííûõ êëåòî÷íûõ àâòîìàòàõ GRACE-S, äîïóñêàåò âûñîêîýôôåêòèâíóþ àïïàðàòíóþ ðåàëèçàöèþ, ïîêàçûâàþùóþ ñêîðîñòü, êîòîðàÿ â 60 è áîëåå ðàç ïðåâûøàåò ñêîðîñòü èçâåñòíûõ ïîòî÷íûõ
øèôðîâ, è ýôôåêòèâíîñòü ðåàëèçàöèè, êîòîðàÿ â 7 è áîëåå ðàç ïðåâûøàåò ýôôåêòèâíîñòü
http://technomag.bmstu.ru/doc/.html
307
ðåàëèçàöèè èçâåñòíûõ ïîòî÷íûõ øèôðîâ. Êðîìå òîãî, àïïàðàòíûå ðåñóðñû, íåîáõîäèìûå
äëÿ ðåàëèçàöèè øèôðîâ èç ýòîãî ñåìåéñòâà, âåñüìà íåâåëèêè, ÷òî ïîçâîëÿåò îòíåñòè èõ ê
ëåãêîâåñíûì (lightweight) êðèïòîàëãîðèòìàì.
Àâòîð áëàãîäàðèò À.Â. Äóäèíà çà ïîìîùü â ïîäãîòîâêå ìàòåðèàëîâ äëÿ ýòîé ñòàòüè.
Ðàáîòà âûïîëíåíà ïðè ôèíàíñîâîé ïîääåðæêå ÐÔÔÈ (ãðàíò ¹ 12-07-31012).
Ñïèñîê ëèòåðàòóðû
1. Êëþ÷àð¸â Ï.Ã. Êëåòî÷íûå àâòîìàòû, îñíîâàííûå íà ãðàôàõ Ðàìàíóäæàíà, â çàäà÷àõ
ãåíåðàöèè ïñåâäîñëó÷àéíûõ ïîñëåäîâàòåëüíîñòåé // Íàóêà è îáðàçîâàíèå. Ýëåêòðîííîå
íàó÷íî-òåõíè÷åñêîå èçäàíèå. 2011. ¹ 10.
2. Êëþ÷àð¸â Ï.Ã. Êðèïòîãðàôè÷åñêèå ñâîéñòâà êëåòî÷íûõ àâòîìàòîâ, îñíîâàííûõ íà ãðàôàõ Ëþáîöêîãî | Ôèëèïñà | Ñàðíàêà// Áåçîïàñíûå èíôîðìàöèîííûå òåõíîëîãèè.
Ñáîðíèê òðóäîâ Âòîðîé âñåðîññèéñêîé íàó÷íî-òåõíè÷åñêîé êîíôåðåíöèè. Ì.: ÍÈÈ
ðàäèîýëåêòðîíèêè è ëàçåðíîé òåõíèêè, 2011. Ñ. 163{173.
3. Êëþ÷àð¸â Ï.Ã. Áëî÷íûå øèôðû, îñíîâàííûå íà îáîáùåííûõ êëåòî÷íûõ àâòîìàòàõ //
Íàóêà è îáðàçîâàíèå. Ýëåêòðîííîå íàó÷íî-òåõíè÷åñêîå èçäàíèå. 2012. ¹ 12.
4. Êëþ÷àð¸â Ï.Ã. Î ïåðèîäå îáîáùåííûõ êëåòî÷íûõ àâòîìàòîâ // Íàóêà è îáðàçîâàíèå.
Ýëåêòðîííîå íàó÷íî-òåõíè÷åñêîå èçäàíèå. 2012. ¹ 2.
5. Êëþ÷àð¸â Ï.Ã. Îáåñïå÷åíèå êðèïòîãðàôè÷åñêèõ ñâîéñòâ îáîáùåííûõ êëåòî÷íûõ àâòîìàòîâ // Íàóêà è îáðàçîâàíèå. Ýëåêòðîííîå íàó÷íî-òåõíè÷åñêîå èçäàíèå. 2012. ¹ 3.
6. Êëþ÷àð¸â Ï.Ã. Ïîñòðîåíèå ïñåâäîñëó÷àéíûõ ôóíêöèé íà îñíîâå îáîáùåêëåòî÷íûõ àâòîìàòîâ // Íàóêà è îáðàçîâàíèå. Ýëåêòðîííîå íàó÷íî-òåõíè÷åñêîå èçäàíèå. 2012. ¹ 10.
7. Ñóõèíèí Á. Ì. Ðàçðàáîòêà ãåíåðàòîðîâ ïñåâäîñëó÷àéíûõ äâîè÷íûõ ïîñëåäîâàòåëüíîñòåé íà îñíîâå êëåòî÷íûõ àâòîìàòîâ // Íàóêà è îáðàçîâàíèå. Ýëåêòðîííîå íàó÷íîòåõíè÷åñêîå èçäàíèå. 2010. ¹ 9.
8. Ñóõèíèí Á.Ì. Î íåêîòîðûõ ñâîéñòâàõ êëåòî÷íûõ àâòîìàòîâ è èõ ïðèìåíåíèè â ñòðóêòóðå
ãåíåðàòîðîâ ïñåâäîñëó÷àéíûõ ïîñëåäîâàòåëüíîñòåé // Âåñòíèê ÌÃÒÓ èì. Í.Ý. Áàóìàíà.
Ñåð. Ïðèáîðîñòðîåíèå. 2011. ¹ 2. Ñ. 68{76.
9. Babbage S., Dodd M. The stream cipher mickey (version 1) // ECRYPT Stream Cipher Project
Report. 2005. Vol. 15. P. 2005.
10. Babbage S., Dodd M. The stream cipher mickey-128 2.0 // Article for eSTREAM Project.
2006. Avairable at http://www.ecrypt.eu.org/stream/p2ciphers/mickey128/mickey128 p2.pdf.
11. Babbage S., Dodd M. The stream cipher mickey 2.0 // ECRYPT Stream Cipher. 2006. Available
at http://www.ecrypt.eu.org/stream/p3ciphers/mickey/mickey p3.pdf.
12. Babbage S., Dodd M. The mickey stream ciphers // New Stream Cipher Designs. Springer,
2008. P. 191{209.
308
13. Daemen J., Kitsos P. The self-synchronizing stream cipher moustique // New Stream Cipher
Designs. Springer, 2008. P. 210{223.
14. Daemen J., Rijmen V. The design of Rijndael: AES-the advanced encryption standard.
Springer, 2002.
15. Davidoff G., Sarnak P., Valette A. Elementary number theory, group theory and Ramanujan
graphs. Cambridge University Press, 2003. Vol. 55.
16. De Canniere C. Trivium: A stream cipher construction inspired by block cipher design
principles // Information Security. Springer, 2006. P. 171{186.
17. De Canniere C., Preneel B. Trivium // New Stream Cipher Designs. Springer, 2008. P. 244{266.
18. Eisenbarth T., Kumar S. A survey of lightweight-cryptography implementations // Design &
Test of Computers, IEEE. 2007. Vol. 24, no. 6. P. 522{533.
19. Gammel B., G•ottfert R., Kniffler O. The achterbahn stream cipher. estream, ecrypt stream
cipher project, report 2005/002, 2005.
20. Gammel B., G•ottfert R., Kniffler O. Achterbahn-128/80: Design and analysis // ECRYPT
Network of Excellence-SASC Workshop Record. 2007. P. 152{165.
21. Hell M., Johansson Th., Maximov A., Meier W. The grain family of stream ciphers // New
Stream Cipher Designs. Springer, 2008. P. 179{190.
22. Gurkaynak F., Luethi P., Bernold N. et al. Hardware evaluation of eSTREAM candidates:
Achterbahn, Grain, MICKEY, MOSQUITO, SFINKS, Trivium, VEST, zk-crypt. 2006.
Available at: http://www.ecrypt.eu.org/stream/papersdir/2006/015.pdf.
23. Hell M., Johansson T., Meier W. Grain: a stream cipher for constrained environments //
Int. J. of Wireless and Mobile Computing. 2007. Vol. 2, no. 1. P. 86{93. Available at:
http://inderscience.metapress.com/index/j463lh7251257262.pdf.
24. Hoory S., Linial N., Wigderson A. Expander graphs and their applications // Bulletin of the
American Mathematical Society. 2006. Vol. 43, no. 4. P. 439{562.
25. Lubotzky A., Phillips R., Sarnak P. Explicit expanders and the ramanujan conjectures //
Proceedings of the eighteenth annual ACM symposium on Theory of computing / ACM. 1986.
P. 240{246.
26. Lubotzky A., Phillips R., Sarnak P. Ramanujan graphs // Combinatorica. 1988. Vol. 8, no. 3.
P. 261{277.
27. O'Neil S., Gittins B., Landman H. A. Vest hardware-dedicated stream ciphers // IACR Cryptology ePrint Archive. 2005. Vol. 2005. P. 413. Available at: https://eprint.iacr.org/2005/413.
28. Poschmann A. Y. Lightweight cryptography: Cryptographic engineering for a pervasive
world // PH. D. THESIS / Citeseer. 2009. Available at: http://citeseerx.ist.psu.edu/viewdoc/
summary?doi=10.1.1.182.1450.
http://technomag.bmstu.ru/doc/.html
309
29. Rogawski M. Hardware evaluation of eSTREAM candidates: Grain, Lex, Mickey128, Salsa20
and Trivium. 2007. Available at: http://www.ecrypt.eu.org/stream/papersdir/2007/025.pdf.
30. Sarnak P. Some applications of modular forms. Cambridge University Press, 1990. Vol. 99.
31. Braeken A., Lano J., Mentens N. et al. Sfinks: A synchronous stream cipher for restricted
hardware environments // SKEW-Symmetric Key Encryption Workshop. 2005.
32. Hell M., Johansson Th., Maximov A., Meier W. A stream cipher proposal: Grain-128 //
Information Theory, 2006 IEEE International Symposium on IEEE. 2006. P. 1614{1618.
33. Yalla P., Kaps J.-P. Lightweight cryptography for fpgas // Reconfigurable Computing and
FPGAs, 2009. ReConFig'09. International Conference on IEEE. 2009. P. 225{230.
34. Hecht A., Bard G., Dunkelman O. et al. The zk-crypt algorithm specification. 2007.
310
Performance and effectiveness of hardware realization
of stream ciphers
based on generalized cellular automata
# 10, October 2013
DOI:
Klyucharev P. G.
Bauman Moscow State Technical University
105005, Moscow, Russian Federation
[email protected]
In this article data on performance and effectiveness of the GRACE-S family of stream ciphers
based on generalised cellular automata and expander graphs were discussed. Altera FPGA was
used as a platform for hardware implementation. The performance of GRACE-S stream ciphers
was compared with the performance of stream ciphers that had won the eSTREAM competition.
According to the performed tests, the performance of the GRACE-S family of stream ciphers
significantly (up to 60 times) exceeds the performance of the best-known stream ciphers.
References
1. Klyucharev P.G. Kletochnye avtomaty, osnovannye na grafakh Ramanudzhana, v zadachakh
generatsii psevdosluchaynykh posledovatel'nostey [Cellular automations based on Ramanujan
graphs in the field of the generation of pseudorandom sequences]. Nauka i obrazovanie MGTU
im. N.E. Baumana [Science and Education of the Bauman MSTU], 2011, no. 10. Avilable at:
http://technomag.edu.ru/doc/241308.html, accessed 01.09.2013.
2. Klyucharev P.G. Kriptograficheskie svoystva kletochnykh avtomatov, osnovannykh na grafakh
Lyubotskogo | Filipsa | Sarnaka [Cryptographic properties of cellular automata based
on LPS-graphs]. Bezopasnye informatsionnye tekhnologii: sb. trudov Vtoroy vserossiyskoy
nauchno-tekhnicheskoy konferentsii [Proc. of the 2nd All-Rus. sci.-tech. conf. \Secure information technologies"]. Moscow, Publication of Research Institute of Radioelectronics and
Laser Technology, 2011, pp. 163{173.
3. Klyucharev P.G. Blochnye shifry, osnovannye na obobshchennykh kletochnykh avtomatakh
[Construction of pseudo-random functions based on generalized cellular automata]. Nauka i
http://technomag.bmstu.ru/doc/.html
311
obrazovanie MGTU im. N.E. Baumana [Science and Education of the Bauman MSTU], 2012,
no. 12. DOI: 10.7463/0113.0517543.
4. Klyucharev P.G. O periode obobshchennykh kletochnykh avtomatov [About the period of
generalized cellular automatons]. Nauka i obrazovanie MGTU im. N.E. Baumana [Science
and Education of the Bauman MSTU], 2012, no. 2. Available at: http://technomag.edu.ru/doc/
340943.html, accessed 01.09.2013.
5. Klyucharev P.G. Obespechenie kriptograficheskikh svoystv obobshchennykh kletochnykh avtomatov [On cryptographic properties of generalized cellular automatons]. Nauka i obrazovanie MGTU im. N.E. Baumana [Science and Education of the Bauman MSTU], 2012, no. 3.
Available at: http://technomag.edu.ru/doc/358973.html, accessed 01.09.2013.
6. Klyucharev P.G. Postroenie psevdosluchaynykh funktsiy na osnove obobshchennykh kletochnykh avtomatov [Construction of pseudorandom functions based on generalized cellular
automata]. Nauka i obrazovanie MGTU im. N.E. Baumana [Science and Education of the
Bauman MSTU], 2012, no. 10. DOI: 10.7463/1112.0496381.
7. Sukhinin B.M. Razrabotka generatorov psevdosluchaynykh dvoichnykh posledovatel'nostey
na osnove kletochnykh avtomatov [The Development of Pseudorandom Binary Sequences
Generators Based on Cellular Automata]. Nauka i obrazovanie MGTU im. N.E. Baumana
[Science and Education of the Bauman MSTU], 2010, no. 9. Available at: http://technomag.
bmstu.ru/doc/159714.html, accessed 01.09.2013.
8. Sukhinin B.M. O nekotorykh svoystvakh kletochnykh avtomatov i ikh primenenii v strukture
generatorov psevdosluchaynykh posledovatel'nostey [Some properties of cellular automata
and their application in the structure of pseudorandom sequences generators]. Vestnik MGTU
im. N.E. Baumana. Ser. Priborostroenie [Herald of the Bauman MSTU. Ser. Instrument Engineering], 2011, no. 2, pp. 68{76.
9. Babbage S., Dodd M. The stream cipher MICKEY (version 1). From: eSTREAM: the
ECRYPT Stream Cipher Project. 2005/015, 2005. Available at: http://www.ecrypt.eu.org/
stream/ciphers/mickey/mickey.pdf, accessed 01.09.2013.
10. Babbage S., Dodd M. The stream cipher MICKEY-128 2.0. From: eSTREAM: the ECRYPT
Stream Cipher Project, 2006. Avaiable at:
http://www.ecrypt.eu.org/stream/p2ciphers/
mickey128/mickey128 p2.pdf, accessed 01.09.2013.
11. Babbage S., Dodd M. The stream cipher MICKEY 2.0. From: eSTREAM: the ECRYPT
Stream Cipher Project, 2006. Available at: http://www.ecrypt.eu.org/stream/p3ciphers/mickey/
mickey p3.pdf, accessed 01.09.2013.
12. Babbage S., Dodd M. The MICKEY stream ciphers. In: New Stream Cipher Designs. Springer,
2008. P. 191{209. (Ser. Lecture Notes in Computer Science; vol. 4986). DOI: 10.1007/978-3540-68351-3 15.
312
13. Daemen J., Kitsos P. The self-synchronizing stream cipher MOUSTIQUE. In: New Stream Cipher Designs. Springer, 2008. P. 210{223. (Ser. Lecture Notes in Computer Science; vol. 4986).
DOI: 10.1007/978-3-540-68351-3 16.
14. Daemen J., Rijmen V. The Design of Rijndael. AES | the Advanced Encryption Standard.
Springer, 2002. 238 p. (Ser. Information Security and Cryptography). DOI: 10.1007/978-3662-04722-4.
15. Davidoff G., Sarnak P., Valette A. Elementary Number Theory, Group Theory and Ramanujan
Graphs. Cambridge University Press, 2003. 156 p. (Ser. London Mathematical Society Student
Texts; vol. 55).
16. De Canniere C. Trivium: A Stream Cipher Construction Inspired by Block Cipher Design Principles. In: Information Security. Springer, 2006. P. 171{186. (Ser. Lecture Notes in Computer
Science; vol. 4176). DOI: 10.1007/11836810 13.
17. De Canniere C., Preneel B. Trivium. In: New Stream Cipher Designs. Springer, 2008. P. 244{
266. (Ser. Lecture Notes in Computer Science; vol. 4986). DOI: 10.1007/978-3-540-683513 18.
18. Eisenbarth T., Kumar S. A survey of lightweight-cryptography implementations. Design and
Test of Computers, IEEE, 2007, vol. 24, no. 6, pp. 522{533. DOI: 10.1109/MDT.2007.178.
19. Gammel B., G•ottfert R., Kniffler O. The Achterbahn Stream Cipher. From: eSTREAM: the
ECRYPT Stream Cipher Project. 2005/002, 2005. Available at: http://www.ecrypt.eu.org/
stream/ciphers/achterbahn/achterbahn.pdf, accessed 01.09.2013.
20. Gammel B., G•ottfert R., Kniffler O. Achterbahn-128/80: Design and analysis. ECRYPT
Network of Excellence | Workshop Record of The State of the Art of Stream Ciphers | SASC
2007, Ruhr University Bochum, Germany, Jan 31 { Feb 1, 2007, pp. 152{165.
21. Hell M., Johansson Th., Maximov A., Meier W. The grain family of stream ciphers. In: New
Stream Cipher Designs. Springer, 2008. P. 179{190. (Ser. Lecture Notes in Computer Science;
vol. 4986). DOI: 10.1007/978-3-540-68351-3 14.
22. Gurkaynak F., Luethi P., Bernold N., Blattmann R., Goode V., Marghitola M., Kaeslin
H., Felber N., Fichtner W. Hardware Evaluation of eSTREAM Candidates: Achterbahn,
Grain, MICKEY, MOSQUITO, SFINKS, Trivium, VEST, ZK-Crypt. From: eSTREAM: the
ECRYPT Stream Cipher Project. 2006/015, 2006. Available at: http://www.ecrypt.eu.org/
stream/papersdir/2006/015.pdf, accessed 01.09.2013.
23. Hell M., Johansson T., Meier W. Grain: a stream cipher for constrained environments. International Journal of Wireless and Mobile Computing, 2007, vol. 2, no. 1, pp. 86{93. Available
at: http://inderscience.metapress.com/index/j463lh7251257262.pdf, accessed 01.09.2013.
24. Hoory S., Linial N., Wigderson A. Expander graphs and their applications. Bulletin of the
American Mathematical Society, 2006, vol. 43, no. 4, pp. 439{562. DOI: S0273-0979-0601126-8.
http://technomag.bmstu.ru/doc/.html
313
25. Lubotzky A., Phillips R., Sarnak P. Explicit expanders and the Ramanujan conjectures.
STOC086 Proceedings of the eighteenth annual ACM symposium on Theory of computing,
New York, NY, ACM, 1986, pp. 240{246. DOI: 10.1145/12130.12154.
26. Lubotzky A., Phillips R., Sarnak P. Ramanujan graphs. Combinatorica, 1988, vol. 8, no. 3,
pp. 261{277. DOI: 10.1007/BF02126799.
27. O'Neil S., Gittins B., Landman H. A. VEST Hardware-Dedicated Stream Ciphers. IACR
Cryptology ePrint Archive: Report 2005/413. Available at: https://eprint.iacr.org/2005/413,
accessed 01.09.2013.
28. Poschmann A. Y. Lightweight cryptography: Cryptographic engineering for a pervasive world.
PH.D. Thesis. From: CiteSeerX, 2009. Available at: http://citeseerx.ist.psu.edu/viewdoc/
summary?doi=10.1.1.182.1450, accessed 01.09.2013.
29. Rogawski M. Hardware evaluation of eSTREAM Candidates: Grain, Lex, Mickey128, Salsa20
and Trivium. From: eSTREAM: the ECRYPT Stream Cipher Project. 2007/025 (SASC
2007), 2007. Available at: http://www.ecrypt.eu.org/stream/papersdir/2007/025.pdf, accessed
01.09.2013.
30. Sarnak P. Some applications of modular forms. Cambridge: Cambridge University Press, 1990.
(Ser. Cambridge Tracts in Mathematics; vol. 99).
31. Braeken A., Lano J., Mentens N.. Preneel B., Verbauwhede I. SFINKS: A synchronous stream
cipher for restricted hardware environments. Proc. of SKEW | Symmetric Key Encryption
Workshop, Network of Excellence in Cryptology ECRYPT, Aarhus, Danemark, 2005.
32. Hell M., Johansson Th., Maximov A., Meier W. A stream cipher proposal: Grain-128.
2006 IEEE International Symposium on Information Theory, 2006, pp. 1614{1618. DOI:
10.1109/ISIT.2006.261549.
33. Yalla P., Kaps J.-P. Lightweight cryptography for FPGAs. Reconfigurable Computing and
FPGAs, 2009. ReConFigý09. International Conference on IEEE, 2009, pp. 225{230. DOI:
10.1109/ReConFig.2009.54.
34. Hecht A., Bard G., Dunkelman O. et al. Gressel C., Granot R. The ZK-Crypt Algorithm
Specication. FortressGB, 2007.
314