Paper 2006/019

Hermes8 : A Low-Complexity Low-Power Stream Cipher

Ulrich Kaiser

Abstract

Since stream ciphers have the reputation to be inefficient in software applications the new stream cipher Hermes8 has been developed. It is based on a 8-bit-architecture and an algorithm with low complexity. The two versions presented here are Hermes8-80 with 23 byte state and 10 byte key and furthermore Hermes8-128 with 37 byte state and 16 byte key. Both are suited to run efficiently on 8-bit micro computers and dedicated hardware (e.g. for embedded systems). The estimated performance is up to one encrypted byte per 118 CPU cycles and one encrypted byte per nine cycles in hardware. The clarity and low complexity of the design supports cryptanalytic methods. The 8x8 sized S-BOX provides the non-linear function needed for proper confusion. Hermes8 uses the well-established AES S-BOX, but works also excellent with well-designed random S-BOXes. Hermes8 withstands so far several attacks by means of statistical tests, e.g. the Strict Avalanche Criterion and FIPS 140-2 are met successfully.

Note: This paper is an extension to the existing Hermes8 documentation at the eSTREAM project site; furthermore, that documentation has no proper paper formatting at all. --- This revision corrects an error in the pseudo-code (lines 52 and 53 had to be exchanged). Furtheremore, figures 5 and 6 are updated, because of an typo in the excel sheet (now 13/7 instead of 7/13).