ESTREAM

Last updated

eSTREAM is a project to "identify new stream ciphers suitable for widespread adoption", [1] [2] organised by the EU ECRYPT network. It was set up as a result of the failure of all six stream ciphers submitted to the NESSIE project. The call for primitives was first issued in November 2004. The project was completed in April 2008. The project was divided into separate phases and the project goal was to find algorithms suitable for different application profiles.

Contents

Profiles

The submissions to eSTREAM fall into either or both of two profiles:

Both profiles contain an "A" subcategory (1A and 2A) with ciphers that also provide authentication in addition to encryption. In Phase 3 none of the ciphers providing authentication are being considered (The NLS cipher had authentication removed from it to improve its performance).

eSTREAM portfolio

As of September 2011 the following ciphers make up the eSTREAM portfolio: [3]

Profile 1 (software)Profile 2 (hardware)
HC-128 Archived 2012-07-01 at the Wayback Machine Grain Archived 2008-10-06 at the Wayback Machine
Rabbit Archived 2012-06-13 at the Wayback Machine MICKEY Archived 2012-07-01 at the Wayback Machine
Salsa20/12 Archived 2016-04-05 at the Wayback Machine Trivium Archived 2015-09-23 at the Wayback Machine
SOSEMANUK Archived 2012-04-14 at the Wayback Machine

These are all free for any use. Rabbit was the only one that had a patent pending during the eStream competition, but it was released into the public domain in October 2008. [4]

The original portfolio, published at the end of Phase 3, consisted of the above ciphers plus F-FCSR which was in Profile 2. [5] However, cryptanalysis of F-FCSR [6] led to a revision of the portfolio in September 2008 which removed that cipher.

Phases

Phase 1

Phase 1 included a general analysis of all submissions with the purpose of selecting a subset of the submitted designs for further scrutiny. The designs were scrutinized based on criteria of security, performance (with respect to the block cipher AES—a US Government approved standard, as well as the other candidates), simplicity and flexibility, justification and supporting analysis, and clarity and completeness of the documentation. Submissions in Profile 1 were only accepted if they demonstrated software performance superior to AES-128 in counter mode.

Activities in Phase 1 included a large amount of analysis and presentations of analysis results as well as discussion. The project also developed a framework for testing the performance of the candidates. The framework was then used to benchmark the candidates on a wide variety of systems.

On 27 March 2006, the eSTREAM project officially announced the end of Phase 1.

Phase 2

On 1 August 2006, Phase 2 was officially started. For each of the profiles, a number of algorithms has been selected to be Focus Phase 2 algorithms. These are designs that eSTREAM finds of particular interest and encourages more cryptanalysis and performance evaluation on these algorithms. Additionally a number of algorithms for each profile are accepted as Phase 2 algorithms, meaning that they are still valid as eSTREAM candidates. The Focus 2 candidates will be re-classified every six months.

Phase 3

Phase 3 started in April 2007. Candidates for Profile 1 (software) were:

Candidates for Profile 2 (hardware) were:

Phase 3 ended on 15 April 2008, with the announcement of the candidates that had been selected for the final eSTREAM portfolio. The selected algorithms were:

Submissions

Key
PIn the eSTREAM profile
PFormerly in the eSTREAM profile
3A "Phase 3" cipher
Fa "Focus Phase 2" cipher
2A "Phase 2" cipher
AAn "archived" cipher
MIncludes a MAC
patPatented or patent pending; some uses require a license
patWas pat, now free for any use

In eSTREAM portfolio

The eSTREAM portfolio ciphers are, as of January 2012: [7]

Profile 1
(software)
Profile 2
(hardware)
128-bit key80-bit key
HC-128 Grain v1
Rabbit MICKEY 2.0
Salsa20/12 Trivium
SOSEMANUK -

Versions of the eSTREAM portfolio ciphers that support extended key lengths:

Profile 1
(software)
Profile 2
(hardware)
256-bit key128-bit key
HC-256 -
- MICKEY-128 2.0
Salsa20/12-
--

Note that the 128-bit version of Grain v1 is no longer supported by its designers and has been replaced by Grain-128a. Grain-128a is not considered to be part of the eSTREAM portfolio.

As of December 2008:

CiphereSTREAM
webpage
Profile 1
(software)
Profile 2
(hardware)
PropertiesSubmitters
Grain Archived 2012-07-01 at the Wayback Machine PFMartin Hell, Thomas Johansson and Willi Meier
HC-256 (HC-128, HC-256) Archived 2012-07-01 at the Wayback Machine PFHongjun Wu
MICKEY (MICKEY 2.0, MICKEY-128 2.0) Archived 2012-07-01 at the Wayback Machine PFSteve Babbage and Matthew Dodd
Rabbit Archived 2012-07-01 at the Wayback Machine P2pat [4] Martin Boesgaard, Mette Vesterager, Thomas Christensen and Erik Zenner
Salsa20 Archived 2012-07-01 at the Wayback Machine PF2 Daniel J. Bernstein
SOSEMANUK Archived 2012-07-01 at the Wayback Machine PCome Berbain, Olivier Billet, Anne Canteaut,
Nicolas Courtois, Henri Gilbert, Louis Goubin,
Aline Gouget, Louis Granboulan, Cédric Lauradoux,
Marine Minier, Thomas Pornin and Hervé Sibert
Trivium Archived 2012-06-26 at the Wayback Machine PFChristophe De Cannière and Bart Preneel

No longer in eSTREAM portfolio

This cipher was in the original portfolio but was removed in revision 1, published in September 2008.

CiphereSTREAM
webpage
Profile 1
(software)
Profile 2
(hardware)
PropertiesSubmitters
F-FCSR (F-FCSR-H v2, F-FCSR-16) Archived 2012-07-01 at the Wayback Machine PThierry Berger, François Arnault and Cédric Lauradoux

Selected as Phase 3 candidates but not for the portfolio

CiphereSTREAM
webpage
Profile 1
(software)
Profile 2
(hardware)
PropertiesSubmitters
CryptMT (version 3) Archived 2012-06-18 at the Wayback Machine 3patMakoto Matsumoto, Hagita Mariko, Takuji Nishimura
and Matsuo Saito
DECIM (DECIM v2, DECIM-128) Archived 2012-07-01 at the Wayback Machine 3patCome Berbain, Olivier Billet, Anne Canteaut,
Nicolas Courtois, Blandine Debraize, Henri Gilbert,
Louis Goubin, Aline Gouget, Louis Granboulan,
Cédric Lauradoux, Marine Minier, Thomas Pornin
and Hervé Sibert
Dragon Archived 2012-07-01 at the Wayback Machine 3FEd Dawson, Kevin Chen, Matt Henricksen,
William Millan, Leonie Simpson, HoonJae Lee,
SangJae Moon
Edon80 Archived 2012-09-04 at the Wayback Machine 3Danilo Gligoroski, Smile Markovski, Ljupco Kocarev
and Marjan Gusev
LEX Archived 2012-07-01 at the Wayback Machine 3F2 Alex Biryukov
MOSQUITO (aka Moustique) Archived 2012-07-01 at the Wayback Machine 3 Joan Daemen and Paris Kitsos
NLS (NLSv2, encryption-only) Archived 2012-07-01 at the Wayback Machine 3Gregory Rose, Philip Hawkes, Michael Paddon
and Miriam Wiggers de Vries
Pomaranch (version 3) Archived 2012-07-01 at the Wayback Machine 3Tor Helleseth, Cees Jansen and Alexander Kolosha

Selected as Phase 2 focus candidates but not as Phase 3 candidates

CiphereSTREAM
webpage
Profile 1
(software)
Profile 2
(hardware)
PropertiesSubmitters
Phelix Archived 2012-07-01 at the Wayback Machine FFM Doug Whiting, Bruce Schneier, Stefan Lucks
and Frédéric Muller
Py Archived 2012-07-01 at the Wayback Machine F Eli Biham and Jennifer Seberry

Selected as Phase 2 candidates but not as focus or Phase 3 candidates

CiphereSTREAM
webpage
Profile 1
(software)
Profile 2
(hardware)
PropertiesSubmitters
ABC Archived 2012-07-01 at the Wayback Machine 2Vladimir Anashin, Andrey Bogdanov, Ilya Kizhvatov
and Sandeep Kumar
Achterbahn Archived 2012-07-01 at the Wayback Machine 2Berndt Gammel, Rainer Göttfert and Oliver Kniffler
DICING Archived 2012-07-01 at the Wayback Machine 2Li An-Ping
Hermes8 Archived 2012-07-01 at the Wayback Machine A2Ulrich Kaiser
NLS Archived 2012-07-01 at the Wayback Machine 22Gregory Rose, Philip Hawkes, Michael Paddon
and Miriam Wiggers de Vries
Polar Bear Archived 2012-07-01 at the Wayback Machine 22Johan Håstad and Mats Näslund
Pomaranch Archived 2012-07-01 at the Wayback Machine A2Cees Jansen and Alexander Kolosha
SFINKS [ permanent dead link ]2MAn Braeken, Joseph Lano, Nele Mentens,
Bart Preneel and Ingrid Verbauwhede
TSC-3 Archived 2012-07-01 at the Wayback Machine 2Jin Hong, Dong Hoon Lee, Yongjin Yeom,
Daewan Han and Seongtaek Chee
VEST Archived 2016-03-04 at the Wayback Machine 2M patSean O'Neil, Benjamin Gittins and Howard Landman
WG [ permanent dead link ]2 Guang Gong and Yassir Nawaz
Yamb [ permanent dead link ]22LAN Crypto
ZK-Crypt [ permanent dead link ]2M patCarmi Gressel, Ran Granot and Gabi Vago

Not selected as focus or Phase 2 candidates

CiphereSTREAM
webpage
Profile 1
(software)
Profile 2
(hardware)
PropertiesSubmitters
Frogbit Archived 2012-07-01 at the Wayback Machine AM patThierry Moreau
Fubuki Archived 2012-07-01 at the Wayback Machine ApatMakoto Matsumoto, Hagita Mariko, Takuji Nishimura
and Matsuo Saito
MAG Archived 2012-07-01 at the Wayback Machine AARade Vuckovac
Mir-1 Archived 2012-07-01 at the Wayback Machine AAlexander Maximov
SSS Archived 2012-07-01 at the Wayback Machine AAMGregory Rose, Philip Hawkes, Michael Paddon
and Miriam Wiggers de Vries
TRBDK3 YAEA Archived 2012-07-01 at the Wayback Machine AATimothy Brigham

See also

Related Research Articles

In cryptography, an initialization vector (IV) or starting variable is an input to a cryptographic primitive being used to provide the initial state. The IV is typically required to be random or pseudorandom, but sometimes an IV only needs to be unpredictable or unique. Randomization is crucial for some encryption schemes to achieve semantic security, a property whereby repeated usage of the scheme under the same key does not allow an attacker to infer relationships between segments of the encrypted message. For block ciphers, the use of an IV is described by the modes of operation.

Articles related to cryptography include:

CRYPTREC is the Cryptography Research and Evaluation Committees set up by the Japanese Government to evaluate and recommend cryptographic techniques for government and industrial use. It is comparable in many respects to the European Union's NESSIE project and to the Advanced Encryption Standard process run by National Institute of Standards and Technology in the U.S.

Phelix is a high-speed stream cipher with a built-in single-pass message authentication code (MAC) functionality, submitted in 2004 to the eSTREAM contest by Doug Whiting, Bruce Schneier, Stefan Lucks, and Frédéric Muller. The cipher uses only the operations of addition modulo 232, exclusive or, and rotation by a fixed number of bits. Phelix uses a 256-bit key and a 128-bit nonce, claiming a design strength of 128 bits. Concerns have been raised over the ability to recover the secret key if the cipher is used incorrectly.

Bart Preneel is a Belgian cryptographer and cryptanalyst. He is a professor at Katholieke Universiteit Leuven, in the COSIC group.

ECRYPT was a 4-year European research initiative launched on 1 February 2004 with the stated objective of promoting the collaboration of European researchers in information security, and especially in cryptology and digital watermarking.

<span class="mw-page-title-main">VEST</span> Family of stream ciphers

VEST (Very Efficient Substitution Transposition) ciphers are a set of families of general-purpose hardware-dedicated ciphers that support single pass authenticated encryption and can operate as collision-resistant hash functions designed by Sean O'Neil, Benjamin Gittins and Howard Landman. VEST cannot be implemented efficiently in software.

<span class="mw-page-title-main">Salsa20</span> Stream ciphers

Salsa20 and the closely related ChaCha are stream ciphers developed by Daniel J. Bernstein. Salsa20, the original cipher, was designed in 2005, then later submitted to the eSTREAM European Union cryptographic validation process by Bernstein. ChaCha is a modification of Salsa20 published in 2008. It uses a new round function that increases diffusion and increases performance on some architectures.

Anubis is a block cipher designed by Vincent Rijmen and Paulo S. L. M. Barreto as an entrant in the NESSIE project, a former research program initiated by the European Commission in 2000 for the identification of new cryptographic algorithms. Although the cipher has not been included in the final NESSIE portfolio, its design is considered very strong, and no attacks have been found by 2004 after the project had been concluded. The cipher is not patented and has been released by the designers for free public use.

SNOW is a family of word-based synchronous stream ciphers developed by Thomas Johansson and Patrik Ekdahl at Lund University.

HC-256 is a stream cipher designed to provide bulk encryption in software at high speeds while permitting strong confidence in its security. A 128-bit variant was submitted as an eSTREAM cipher candidate and has been selected as one of the four final contestants in the software profile.

Sosemanuk is a stream cipher developed by Come Berbain, Olivier Billet, Anne Canteaut, Nicolas Courtois, Henri Gilbert, Louis Goubin, Aline Gouget, Louis Granboulan, Cédric Lauradoux, Marine Minier, Thomas Pornin and Hervé Sibert. Along with HC-128, Rabbit, and Salsa20/12, Sosemanuk is one of the final four Profile 1 (software) ciphers selected for the eSTREAM Portfolio.

In cryptography, CryptMT is a stream cipher algorithm which internally uses the Mersenne twister. It was developed by Makoto Matsumoto, Mariko Hagita, Takuji Nishimura and Mutsuo Saito and is patented. It was one of the final Phase 3 candidates in the eSTREAM project of the eCRYPT network but was not selected because the non-linear filter component was not as well-understood in terms of its security.

In cryptography, DECIM is a stream cypher algorithm designed by Come Berbain, Olivier Billet, Anne Canteaut, Nicolas Courtois, Blandine Debraize, Henri Gilbert, Louis Goubin, Aline Gouget, Louis Granboulan, Cédric Lauradoux, Marine Minier, Thomas Pornin and Hervé Sibert.

In cryptography, F-FCSR is a stream cipher developed by Thierry Berger, François Arnault, and Cédric Lauradoux. The core of the cipher is a Feedback with Carry Shift Register (FCSR) automaton, which is similar to a LFSR, but they perform operations with carries so their transition function is nonlinear.

The following outline is provided as an overview of and topical guide to cryptography:

The Grain 128a stream cipher was first purposed at Symmetric Key Encryption Workshop (SKEW) in 2011 as an improvement of the predecessor Grain 128, which added security enhancements and optional message authentication using the Encrypt & MAC approach. One of the important features of the Grain family is that the throughput can be increased at the expense of additional hardware. Grain 128a is designed by Martin Ågren, Martin Hell, Thomas Johansson and Willi Meier.

<span class="mw-page-title-main">Speck (cipher)</span> Family of block ciphers

Speck is a family of lightweight block ciphers publicly released by the National Security Agency (NSA) in June 2013. Speck has been optimized for performance in software implementations, while its sister algorithm, Simon, has been optimized for hardware implementations. Speck is an add–rotate–xor (ARX) cipher.

Anne Canteaut is a French researcher in cryptography, working at the French Institute for Research in Computer Science and Automation (INRIA) in Paris. She studies the design and cryptanalysis of symmetric-key algorithms and S-boxes.

ChaCha20-Poly1305 is an authenticated encryption with additional data (AEAD) algorithm, that combines the ChaCha20 stream cipher with the Poly1305 message authentication code. Its usage in IETF protocols is standardized in RFC 8439. It has fast software performance, and without hardware acceleration, is usually faster than AES-GCM.

References

  1. "ECRYPT Call for Stream Cipher Primitives" (version 1.3 ed.). 12 April 2005. Archived from the original on 17 July 2012. Retrieved 2 April 2014.
  2. Vincent Rijmen (2010-01-01). "Stream Ciphers and the eSTREAM Project" (PDF).
  3. "The eSTREAM Portfolio (rev. 1)" (PDF). Archived from the original (PDF) on 2012-08-13. Retrieved 2008-10-01.
  4. 1 2 Archived copy Archived 2009-06-30 at the Wayback Machine
  5. "The eSTREAM Project - eSTREAM Phase 3". www.ecrypt.eu.org.
  6. M. Hell and T. Johansson. Breaking the F-FCSR-H stream cipher in Real Time. In J. Pieprzyk, editor, Proceedings of Asiacrypt 2008, Lecture Notes in Computer Science, to appear.
  7. "ECRYPT II" (PDF). Archived from the original (PDF) on 18 October 2012. Retrieved 23 March 2013.