Cryptology ePrint Archive: Report 2021/1560

SAND: an AND-RX Feistel lightweight block cipher supporting S-box-based security evaluations

Shiyao Chen and Yanhong Fan and Ling Sun and Yong Fu and Haibo Zhou and Yongqing Li and Meiqin Wang and Weijia Wang and Chun Guo

Abstract: We revisit designing AND-RX block ciphers, that is, the designs assembled with the most fundamental binary operations---AND, Rotation and XOR operations and do not rely on existing units. Likely, the most popular representative is the NSA cipher \texttt{SIMON}, which remains one of the most efficient designs, but suffers from difficulty in security evaluation.

As our main contribution, we propose \texttt{SAND}, a new family of lightweight AND-RX block ciphers. To overcome the difficulty regarding security evaluation, \texttt{SAND} follows a novel design approach, the core idea of which is to restrain the AND-RX operations to be within nibbles. By this, \texttt{SAND} admits an equivalent representation based on a $4\times8$ \textit{synthetic S-box} ($SSb$). This enables the use of classical S-box-based security evaluation approaches. Consequently, for all versions of \texttt{SAND}, (a) we evaluated security bounds with respect to differential and linear attacks, and in both single-key and related-key scenarios; (b) we also evaluated security against impossible differential and zero-correlation linear attacks.

This better understanding of the security enables the use of a relatively simple key schedule, which makes the ASIC round-based hardware implementation of \texttt{SAND} to be one of the state-of-art Feistel lightweight ciphers. As to software performance, due to the natural bitslice structure, \texttt{SAND} reaches the same level of performance as \texttt{SIMON} and is among the most software-efficient block ciphers.

Category / Keywords: secret-key cryptography / Lightweight cryptography, Feistel structure, AND-Rotation-XOR, Synthetic S-box, Related-key security

Original Publication (in the same form): Design, Codes and Cryptography 2021
DOI:
10.1007/s10623-021-00970-9

Date: received 28 Nov 2021

Contact author: mqwang at sdu edu cn, sychen at mail sdu edu cn

Available format(s): PDF | BibTeX Citation

Version: 20211129:122544 (All versions of this report)

Short URL: ia.cr/2021/1560


[ Cryptology ePrint archive ]