Achterbahn (stream cipher)
In cryptography, Achterbahn is the name of a synchronous stream cipher algorithm submitted to the eSTREAM Project of the eCRYPT network. In the final specification the cipher is called ACHTERBAHN-128/80, because it supports the key lengths of 80 bits and 128 bits, respectively.[1] Achterbahn was developed by Berndt Gammel, Rainer Göttfert and Oliver Kniffler. Achterbahn means rollercoaster (in German), though a literal translation of the term would be eight-track, which indicates that the cipher can encrypt eight bit streams in parallel.
The parameters of the cipher are given in the following table:
ACHTERBAHN-80 | ACHTERBAHN-128 | |
---|---|---|
Max. key length | 80 bit | 128 bit |
Max. IV length | 80 bit | 128 bit |
Max. frame length | 244 | 244 |
Internal state | 297 bit | 351 bit |
ACHTERBAHN-128 is downward compatible and can produce the same keystream as ACHTERBAHN-80 if so desired. The keystream generator of ACHTERBAHN-128/80 is based on the design principle of the nonlinear combination generator, however it deploys primitive nonlinear feedback shift registers (NLFSR) instead of linear ones (LFSR).
Security
[edit]There are no known cryptanalytic attacks against ACHTERBAHN-128/80 for the tabulated parameters that are faster than brute force attack. Recent analysis showed that attacks are possible if larger frame (packet) lengths are used in a communication protocol.[2][3][4] The cipher's authors recommend a maximum frame length of 244 bits.[5] This value does however not imply practical limitations.
Performance
[edit]The ACHTERBAHN-128/80 stream cipher is optimized for hardware applications with restricted resources, such as limited gate count and power consumption. An implementation of ACHTERBAHN-80 has a design size of only 2188 gate equivalents (Nand-GE) in a standard CMOS technology and delivers a throughput of up to 400 Megabit/s. This makes it suitable for RFID tags.[citation needed] A high-speed implementation with a throughput of 8 Gigabit/s has a design size of 8651 Nand-GE.[6]
References
[edit]- ^ Gammel, Berndt M.; Göttfert, Rainer; Kniffler, Oliver (30 June 2006). "ACHTERBAHN-128/80" (PDF). ECRYPT Stream Cipher Project Report.
- ^ Naya-Plasencia, María (March 26–28, 2007). Cryptanalysis of Achterbahn-128/80 (PDF). Fast Software Encryption, 14th International Workshop. Revised Selected Papers, Lecture Notes in Computer Science. Vol. 4593. Luxembourg: Springer. pp. 73–86. ISBN 978-3-540-74617-1.
- ^ Naya-Plasencia, María (July 4–6, 2007). Cryptanalysis of Achterbahn-128/80 with a New Keystream Limitation (PDF). Research in Cryptology: Second Western European Workshop, WEWoRC. Revised Selected Papers, Lecture Notes in Computer Science. Vol. 4945. Bochum, Germany: Springer. pp. 142–152. ISBN 978-3-540-88352-4.
- ^ Gammel, Berndt M.; Göttfert, Rainer; Kniffler, Oliver (Jan 31 – Feb 1, 2007). Achterbahn-128/80: Design and Analysis. Workshop Record of The State of the Art of Stream Ciphers - SASC. Ruhr University Bochum, Germany. pp. 152–165. Archived from the original on July 24, 2007.
- ^ Göttfert, Rainer; Gammel, Berndt M. (July 1–6, 2007). Helleseth, T.; Kumar, V.; Ytrehus, Ø. (eds.). On the frame length of Achterbahn-128/80 (PDF). Proceedings of the 2007 IEEE Information Theory Workshop on Information Theory for Wireless Networks. Solstrand, Norway. pp. 91–95. ISBN 978-1-4244-1199-3.
- ^ Gammel, Berndt M.; Göttfert, Rainer; Kniffler, Oliver (30 June 2006). "ACHTERBAHN-128/80" (PDF). The Achterbahn Stream Cipher.