Paper 2023/750
BAKSHEESH: Similar Yet Different From GIFT
, Nanyang Technological University, Graz University of Technology, Silicon Austria Labs, Graz, Austria, Nanyang Technological University, Brno University of Technology, Nanyang Technological University, Nanyang Technological University, Brno University of Technology, Hansung University, University of HyogoAbstract
We propose a lightweight block cipher named BAKSHEESH, which follows up on the popular cipher GIFT-128 (CHES'17). BAKSHEESH runs for 35 rounds, which is 12.50 percent smaller compared to GIFT-128 (runs for 40 rounds) while maintaining the same security claims against the classical attacks. The crux of BAKSHEESH is to use a 4-bit SBox that has a non-trivial Linear Structure (LS). An SBox with one or more non-trivial LS has not been used in a cipher construction until DEFAULT (Asiacrypt'21). DEFAULT is pitched to have inherent protection against the Differential Fault Attack (DFA), thanks to its SBox having 3 non-trivial LS. BAKSHEESH, however, uses an SBox with only 1 non-trivial LS; and is a traditional cipher just like GIFT-128, with no claims against DFA. The SBox requires a low number of AND gates, making BAKSHEESH suitable for side channel countermeasures (when compared to GIFT-128) and other niche applications. Indeed, our study on the cost of the threshold implementation shows that BAKSHEESH offers a few-fold advantage over other lightweight ciphers. The design is not much deviated from its predecessor (GIFT-128), thereby allowing for easy implementation (such as fix-slicing in software). However, BAKSHEESH opts for the full-round key XOR, compared to the half-round key XOR in GIFT. Thus, when taking everything into account, we show how a cipher construction can benefit from the unique vantage point of using 1 LS SBox, by combining the state-of-the-art progress in classical cryptanalysis and protection against device-dependent attacks. We, therefore, create a new paradigm of lightweight ciphers, by adequate deliberation on the design choice, and solidify it with appropriate security analysis and ample implementation/benchmark.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Preprint.
- Keywords
- lightweight cryptographyblock cipherthreshold implementationfault attackgiftdefaultlinear structure
- Contact author(s)
-
anubhab baksi @ ntu edu sg
jbreier @ jbreier com
anupam @ ntu edu sg
xgerli02 @ stud feec vutbr cz
sylvain guilley @ telecom-paristech fr
naina003 @ e ntu edu sg
takanori isobe @ ai u-hyogo ac jp
arpan jati @ ntu edu sg
xjedli23 @ vut cz
khj930704 @ gmail com
liufukangs @ gmail com
martinasek @ feec vutbr cz
k sakamoto0728 @ gmail com
hwajeong84 @ gmail com
rentaro shiba @ gmail com
ritu-ranjan shrivastwa @ secure-ic com - History
- 2023-07-12: last of 5 revisions
- 2023-05-24: received
- See all versions
- Short URL
- https://ia.cr/2023/750
- License
-
CC BY-NC-SA
BibTeX
@misc{cryptoeprint:2023/750,
author = {Anubhab Baksi and Jakub Breier and Anupam Chattopadhyay and Tomáš Gerlich and Sylvain Guilley and Naina Gupta and Takanori Isobe and Arpan Jati and Petr Jedlicka and Hyunjun Kim and Fukang Liu and Zdeněk Martinásek and Kosei Sakamoto and Hwajeong Seo and Rentaro Shiba and Ritu Ranjan Shrivastwa},
title = {{BAKSHEESH}: Similar Yet Different From {GIFT}},
howpublished = {Cryptology {ePrint} Archive, Paper 2023/750},
year = {2023},
url = {https://eprint.iacr.org/2023/750}
}
