SOBER

Last updated

In cryptography, SOBER is a family of stream ciphers initially designed by Greg Rose of QUALCOMM Australia starting in 1997. The name is a contrived acronym for Seventeen Octet Byte Enabled Register. Initially the cipher was intended as a replacement for broken ciphers in cellular telephony. The ciphers evolved, and other developers (primarily Phillip Hawkes) joined the project.

Contents

SOBER was the first cipher, with a 17-byte linear-feedback shift register (LFSR), a form of decimation called stuttering, and a nonlinear output filter function. The particular configuration of the shift register turned out to be vulnerable to "guess and determine" attacks.

SOBER-2 changed the position of the feedback and output taps to resist the above attacks.

S16 was an expansion to 16-bit words rather than bytes, with an expected increase of security.

Adaptions for and since NESSIE

For the NESSIE call for new cryptographic primitives, three new versions called the t-class were developed; SOBER-t8 was virtually identical to SOBER-2 but did not have sufficient design strength for NESSIE submission; SOBER-t16 and SOBER-t32 were submitted. t32 was a further expansion to 32-bit words, while both ciphers had a more efficient method of computing the linear feedback.

Subsequent to NESSIE, SOBER-128 was designed to take into account what had been learned. The stuttering was dropped because it added too little strength for the overhead, and the nonlinear output function was strengthened. As a stream cipher, SOBER-128 remains unbroken. The message authentication capability that was added at the same time was trivially broken.

Mundja
An integrated message authentication feature based on SHA-256 that was designed to be added to stream ciphers such as SOBER-128.
Turing
Named after Alan Turing, shares the LFSR design of SOBER-128, but has a block-cipher-like output filter function with key-dependent S-boxes, and remains unbroken subject to a minor usage constraint.
NLS
Short for Non-Linear SOBER, it was submitted to the European eSTREAM project. It uses nonlinearity for the shift register, and simplifies the output filter for increased performance, using Mundja for message authentication. SSS, for Self-Synchronizing SOBER, was also submitted but has very little relationship to the other SOBER ciphers, and was quickly broken.
Shannon
Named after Claude Shannon, shortens the register to 16 32-bit words, and has completely new feedback and output filter tap positions. It incorporates a new and more efficient message authentication mechanism.
Boole
Named after George Boole, [1] is a family of combined hash functions and stream ciphers that were developed for submission to the NIST call for development of an advanced hash standard, but were withdrawn [2] when a collision was discovered. [3]

Related Research Articles

In cryptography, a block cipher is a deterministic algorithm that operates on fixed-length groups of bits, called blocks. Block ciphers are the elementary building blocks of many cryptographic protocols. They are ubiquitous in the storage and exchange of data, where such data is secured and authenticated via encryption.

<span class="mw-page-title-main">HMAC</span> Computer communications authentication algorithm

In cryptography, an HMAC is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key. As with any MAC, it may be used to simultaneously verify both the data integrity and authenticity of a message. An HMAC is a type of keyed hash function that can also be used in a key derivation scheme or a key stretching scheme.

In cryptography, RC4 is a stream cipher. While it is remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, rendering it insecure. It is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used. Particularly problematic uses of RC4 have led to very insecure protocols such as WEP.

<span class="mw-page-title-main">Stream cipher</span> Type of symmetric key cipher

A stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream). In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of the ciphertext stream. Since encryption of each digit is dependent on the current state of the cipher, it is also known as state cipher. In practice, a digit is typically a bit and the combining operation is an exclusive-or (XOR).

<span class="mw-page-title-main">Block cipher mode of operation</span> Cryptography algorithm

In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity. A block cipher by itself is only suitable for the secure cryptographic transformation of one fixed-length group of bits called a block. A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block.

Articles related to cryptography include:

<span class="mw-page-title-main">Cryptographic hash function</span> Hash function that is suitable for use in cryptography

A cryptographic hash function (CHF) is a hash algorithm that has special properties desirable for a cryptographic application:

CRYPTREC is the Cryptography Research and Evaluation Committees set up by the Japanese Government to evaluate and recommend cryptographic techniques for government and industrial use. It is comparable in many respects to the European Union's NESSIE project and to the Advanced Encryption Standard process run by National Institute of Standards and Technology in the U.S.

Turing is a stream cipher developed by Gregory G. Rose and Philip Hawkes at Qualcomm for CDMA.

A nonlinear-feedback shift register (NLFSR) is a shift register whose input bit is a non-linear function of its previous state.

<span class="mw-page-title-main">VEST</span> Family of stream ciphers

VEST (Very Efficient Substitution Transposition) ciphers are a set of families of general-purpose hardware-dedicated ciphers that support single pass authenticated encryption and can operate as collision-resistant hash functions designed by Sean O'Neil, Benjamin Gittins and Howard Landman. VEST cannot be implemented efficiently in software.

Grain is a stream cipher submitted to eSTREAM in 2004 by Martin Hell, Thomas Johansson and Willi Meier. It has been selected for the final eSTREAM portfolio for Profile 2 by the eSTREAM project. Grain is designed primarily for restricted hardware environments. It accepts an 80-bit key and a 64-bit IV. The specifications do not recommend a maximum length of output per pair. A number of potential weaknesses in the cipher have been identified and corrected in Grain 128a which is now the recommended cipher to use for hardware environments providing both 128bit security and authentication.

SNOW is a family of word-based synchronous stream ciphers developed by Thomas Johansson and Patrik Ekdahl at Lund University.

In cryptography, Galois/Counter Mode (GCM) is a mode of operation for symmetric-key cryptographic block ciphers which is widely adopted for its performance. GCM throughput rates for state-of-the-art, high-speed communication channels can be achieved with inexpensive hardware resources.

ORYX is an encryption algorithm used in cellular communications in order to protect data traffic. It is a stream cipher designed to have a very strong 96-bit key strength with a way to reduce the strength to 32-bits for export. However, due to mistakes the actual strength is a trivial 16-bits and any signal can be cracked after the first 25–27 bytes.

<span class="mw-page-title-main">Crypto-1</span> Stream cipher

Crypto1 is a proprietary encryption algorithm and authentication protocol created by NXP Semiconductors for its MIFARE Classic RFID contactless smart cards launched in 1994. Such cards have been used in many notable systems, including Oyster card, CharlieCard and OV-chipkaart.

SHA-3 is the latest member of the Secure Hash Algorithm family of standards, released by NIST on August 5, 2015. Although part of the same series of standards, SHA-3 is internally different from the MD5-like structure of SHA-1 and SHA-2.

The following outline is provided as an overview of and topical guide to cryptography:

BLAKE is a cryptographic hash function based on Daniel J. Bernstein's ChaCha stream cipher, but a permuted copy of the input block, XORed with round constants, is added before each ChaCha round. Like SHA-2, there are two variants differing in the word size. ChaCha operates on a 4×4 array of words. BLAKE repeatedly combines an 8-word hash value with 16 message words, truncating the ChaCha result to obtain the next hash value. BLAKE-256 and BLAKE-224 use 32-bit words and produce digest sizes of 256 bits and 224 bits, respectively, while BLAKE-512 and BLAKE-384 use 64-bit words and produce digest sizes of 512 bits and 384 bits, respectively.

Ascon is a family of lightweight authenticated ciphers that had been selected by US National Institute of Standards and Technology (NIST) for future standardization of the lightweight cryptography.

References

  1. Rose, Gregory G. "Design and Primitive Specification for Boole" (PDF). Archived from the original (PDF) on 2011-04-29.
  2. Rose, Greg (2008-12-10). "Official comment: Boole" (PDF). Archived from the original (PDF) on 2009-07-13. Retrieved 2009-10-26.
  3. "We have found a collision attack on Boole". 2008-11-28. Archived from the original on 2010-12-11.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.