Cryptology ePrint Archive: Report 2014/084

RECTANGLE: A Bit-slice Ultra-Lightweight Block Cipher Suitable for Multiple Platforms

Wentao Zhang and Zhenzhen Bao and Dongdai Lin and Vincent Rijmen and Bohan Yang and Ingrid Verbauwhede

Abstract: In this paper, we propose a new lightweight block cipher named RECT- ANGLE. The main idea of the design of RECTANGLE is to allow lightweight and fast implementations using bit-slice techniques. RECTANGLE uses an SP- network. The substitution layer consists of 16 44 S-boxes in parallel. The per- mutation layer is composed of 3 rotations. As shown in this paper, RECTAN- GLE offers great performance in both hardware and software environment, which proves enough flexibility for different application scenario. The following are 3 main advantages of RECTANGLE. First, RECTANGLE is extremely hardware- friendly. For the 80-bit key version, a one-cycle-per-round parallel implementa- tion only needs 1467 gates for a throughput of 246 Kbits/sec at 100KHz clock and an energy efficiency of 1.11 pJ/bit. Second, RECTANGLE achieves a very competitive software speed among the existing lightweight block ciphers due to its bit-slice style. Using 128-bit SSE instructions, a bit-slice implementation of RECTANGLE reaches an average encryption speed of about 5.38 cycles/byte for messages around 1000 bytes. Last but not least. We propose new design criteria for 44 S-boxes. RECTANGLE uses such a new type of S-box. Due to our care- ful selection of the S-box and the asymmetric design of the permutation layer, RECTANGLE achieves a very good security-performance tradeoff. Our exten- sive and deep security analysis finds distinguishers for up to 14 rounds only, and the highest number of rounds that we can attack, is 18 (out of 25).

Category / Keywords: secret-key cryptography / block ciphers

Date: received 5 Feb 2014

Contact author: zhangwt06 at yahoo com

Available format(s): PDF | BibTeX Citation

Version: 20140207:151850 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]