Paper 2021/390

Orthros: A Low-Latency PRF

Subhadeep Banik, Takanori Isobe, Fukang Liu, Kazuhiko Minematsu, and Kosei Sakamoto

Abstract

We present Orthros, a 128-bit block pseudorandom function. It is designed with primary focus on latency of fully unrolled circuits. For this purpose, we adopt a parallel structure comprising two keyed permutations. The round function of each permutation is similar to Midori, a low-energy block cipher, however we thoroughly revise it to reduce latency, and introduce different rounds to significantly improve cryptographic strength in a small number of rounds. We provide a comprehensive, dedicated security analysis. For hardware implementation, Orthros achieves the lowest latency among the state-of-the-art low-latency primitives. For example, using the STM 90nm library, Orthros achieves a minimum latency of around 2.4 ns, while other constructions like PRINCE, Midori-128 and QARMA_{9}-128-\sigma_{0} achieve 2.56 ns, 4.10 ns, 4.38 ns respectively.

Note: This is the revised version of the paper published from ToSC 2021 Issue 1. We revise some typos in the formula of the S-box from in Sect. 3.3. Other contents are the same as the original version.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
A minor revision of an IACR publication in FSE 2022
DOI
10.46586/tosc.v2021.i1.37-77
Keywords
Pseudorandom FunctionLow LatencyLightweight CryptographySum of Permutations
Contact author(s)
subhadeep banik @ epfl ch
takanori isobe @ ai u-hyogo ac jp
liufukangs @ gmail com
k-minematsu @ nec com
k sakamoto0728 @ gmail com
History
2021-03-27: received
Short URL
https://ia.cr/2021/390
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/390,
      author = {Subhadeep Banik and Takanori Isobe and Fukang Liu and Kazuhiko Minematsu and Kosei Sakamoto},
      title = {Orthros: A Low-Latency {PRF}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/390},
      year = {2021},
      doi = {10.46586/tosc.v2021.i1.37-77},
      url = {https://eprint.iacr.org/2021/390}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.