KCipher-2

KCipher-2 (K2 Stream Cipher)
KCipher-2 (K2 Stream Cipher)
Creator	KDDI R&D Laboratories, Inc.
Published	2007
Key size	128 bit
Type of	Stream cipher

KCipher-2 (updated version of K2 Stream Cipher) is a high-performance symmetric stream cipher (stream key generator) developed by three Japanese cryptographers: Toshiaki Tanaka, Shinsaku Kiyomoto, Kouichi Sakurai. The cipher uses 2 independent input parameters, a 128-bit key and a 128-bit initialization vector. Using this KCipher-2 algorithm allows you to increase the level of security in a number of services, such as multimedia services and broadband services. ^[1] ^[2]

KCipher-2 can be efficiently implemented in software for fast encryption and decryption, thanks to its simple design. Only 4 simple operations are used: exclusive "OR", addition, shift and lookup tables. If the algorithm is implemented in equipment, then internal calculations can be parallelized to achieve greater efficiency. Moreover, since the internal representation is only hundreds of bits long, KCipher-2 is suitable for resource-limited conditions. ^[one]

Content

1 History
2 Achieved performance ^[2]
3 Key Features ^[4]
4 Justification of the choice of model ^[5]
5 Components and functions of KCipher-2 ^[4]
6 Cipher Security Assessment ^[6]
7 Intellectual Property and Licenses ^[7]
8 Products and systems KCipher-2 ^[7]
9 Cipher Versions ^[4]
10 Literature
11 Notes

History

The cipher was first published ^[3] as the “K2 Stream Cipher” at the special section “Current State of Stream Ciphers” ( SASC ) in 2007, organized by the European Network of Excellence in Cryptology ( ENCRYPT ). Since the cipher algorithm was published, its security and effectiveness have been carefully evaluated through academic and industrial research. In 2012, KCipher-2 was included in the international standard for stream ciphers ISO / IEC 18033-4, and in March 2013 the Japanese Ministry of Internal Affairs and Communications, together with the Ministry of Economy, Trade and Industry, announced the inclusion of the cipher in the list recommended by e-government ciphers . At the time of publication of RFC 7008 , August 2013, no vulnerabilities were found. KCipher-2 is used in industrial programs, especially in mobile health monitoring and diagnostic services in Japan. ^[1] ^[2]

Performance Achieved ^[2]

Speeds over 5 Gb / s were achieved on a PC. KCipher-2 could decrypt a 4.7 GB movie in 8 seconds, while the American AES standard would take 1.5 minutes.

Speeds over 380 Mb / s are achieved on smartphones equipped with Android OS. Decryption of 400 video files (100 KB each) takes about 1 second, which is 7-10 times faster than AES.

The level of CPU utilization of 0.5% was achieved by decrypting the video equivalent to 1seg on a mobile phone when playing in real time, which was impossible with the existing methods.

The configuration algorithm is independent of the CPU architecture. It can provide sufficient performance in a variety of environments.

Key Features ^[4]

128-bit key
128-bit initialization vector
640-bit state
Sixteen 32-bit registers (RSOS-A, RSOS-B)
Four 32-bit internal memory registers in a nonlinear function
64-bit key stream in one loop
The maximum number of cycles without reinitialization is $2^{58}$ ${\ displaystyle 2 ^ {58}}$ ( $2^{64}$ ${\ displaystyle 2 ^ {64}}$ key stream bit)

Justification for choosing a model ^[5]

Basic stream ciphers use several independent linear feedback shift registers (RSLOS) in conjunction with non-linear functions to generate a stream key. Some stream ciphers use a common non-linear function to unevenly clock one or more RSLOS. Various cipher flow ciphers and attacks on them are described.

The clock cipher control mechanism of stream ciphers usually either controls the RSLOS clock, or thinnes out or narrows the output. This clock control degrades the performance of the stream cipher because some output bits are discarded. If you apply compression to a stream cipher with word-by-word processing, then performance will noticeably worsen. A bit-oriented clock control mechanism is also ineffective for improving RSLOS. On the other hand, dynamic feedback for RSLOS is an effective way to improve the security of stream ciphers.

KCipher-2 is a stream cipher that operates on words and has effective dynamic feedback for uneven timing. The main idea of the model is to adjust the mixing operation during the state update. Feedback polynomials for RSLOS with word processing are described by coefficients; multiplying the input word by a coefficient means mixing words. A typical example is RSLOS of the SNOW2.0 cipher [3]. In general, a feedback polynomial is a primitive polynomial. The creators use uneven timing for the mixing operation, and the modification causes only a slight deterioration in the encryption and decryption speed. In other words, at least one PCOS is not evenly clocked to dynamically modify the feedback function for a dynamic feedback controller that receives output from other PCOS. For example, a feedback function defined as ${s_{t+a}}=\alpha _{0}^{(0,\;1)}s_{t+b}\oplus \alpha _{1}^{(0,\;1)}s_{t+c}\oplus \alpha _{2}^{(0,\;1)}s_{t+d}$ ${\ displaystyle {s_ {t + a}} = \ alpha _ {0} ^ {(0, \; 1)} s_ {t + b} \ oplus \ alpha _ {1} ^ {(0, \; 1 )} s_ {t + c} \ oplus \ alpha _ {2} ^ {(0, \; 1)} s_ {t + d}}$ , where (0,1) are selected by the controller with dynamic feedback. RSOS controlled by such a controller is called a dynamic feedback shift register (RSDOS). The dynamic feedback control mechanism improves the security of the stream cipher, because it replaces the deterministic linear repetitions of some registers with probabilistic ones. This effectively protects against a number of attacks. The main thing is that KCipher-2 achieves not only high performance like stream ciphers based on RSLOS, but also high security.

The KCipher-2 stream key generation rate is 4.97 cycles / byte in the Pentium 4 series. Thus, this cipher competes with other stream ciphers from the CRYPTREC list . In addition, KCipher-2 was developed taking into account two attacks on SNOW2.0, algebraic and differential, and has more resistance to them. In fact, no attacks on KCipher-2, smaller $2^{256}$ ${\ displaystyle 2 ^ {256}}$ operations. As a result, KCipher-2 achieves higher security than existing stream ciphers.

KCipher-2 Components and Functions ^[4]

KCipher-2 consists of two types of feedback shift registers (RSOC), RSOC-A (5 registers) and RSOC-B (11 registers), a non-linear function with four internal registers R1, R2, L1, L2 and a dynamic feedback control device communication. РСОС-В - shift register with dynamic feedback. The size of each register is 32 bits.

Cipher Security Assessment ^[6]

K. Yu. Luven conducted a cryptographic evaluation of the K2 cipher. The assessment is based on attempts to attack K2 in various ways, corresponding to the advanced achievements of cryptanalysis of stream ciphers. His work included analysis of linear attacks, algebraic attacks, correlation and fast correlation attacks, differential attacks, including the installation of related keys, “guess and determine” attacks, statistical properties, periodicity and differential attacks.

Regarding linear attacks, the linear masking method of version K2 was applied, ignoring the effect of dynamic feedback. The best correlation found uses 13 linear approximations and amounts to $2^{-156}$ ${\ displaystyle 2 ^ {- 156}}$ that does not allow successful attacks. In algebraic analysis, the structure and quantitative properties of the resulting systems of equations are studied, and it is argued that algebraic attacks are not feasible. Analysis regarding correlation and fast correlation attacks (also without taking into account the dynamic feedback controller) showed that this approach was unsuccessful. Differential analysis (assuming that there is no dynamic feedback controller and modulo addition is replaced by an exclusive “OR”), which includes a related key attack, a related initialization vector, as well as a combination of these attacks, suggests that K2 can be resistant to differential attacks . The approaches to byte and verbally oriented attacks “suggest and define” yielded a result of complexity $2^{320}$ ${\ displaystyle 2 ^ {320}}$ , whence it follows that these methods are not applicable to K2. Regarding the consideration of periodicity, no short periods were found in K2. Statistical tests did not reveal any structural flaws in the K2 model. The analyzes also showed that K2 also provides good resistance against differential attacks modulo n.

Thus, no vulnerabilities were found in K2 and the cipher is considered stable.

Intellectual Property and Licenses ^[7]

All intellectual property associated with KCipher-2 is owned by KDDI Corporation. CRYPTREC experts can use KCipher-2 without royalties. KCipher-2 will be provided to any government organization at a reasonable price and reasonable conditions.

KCipher-2 Products and Systems ^[7]

KDDI R & D Laboratories has produced an Application Development Kit (SDK) for KCipher-2. This encryption algorithm is used in the following systems / applications:

Public institution mobile communication system (2000 licenses)
State institution location management system (5000 licenses)
Software for working groups based on Internet technologies (1000 licenses)
Multimedia player for consumer applications (about a million users)

Cipher Versions ^[4]

date of	Version	Change history
January 2007	K2 Ver. 1.0 [6]	The first publication at an international conference.
July 2007	K2 Ver. 2.0 [7]	The key loading step during the initialization process has been changed to more efficiently distribute the key and the initialization vector to the internal state.
2008	KCipher-2 Ver. 2.0	Only the cipher name was changed from "K2" to "KCipher-2."

Literature

First published: Kiyomoto, S., Tanaka, T., and Sakurai, K., “A Word-Oriented Stream Cipher Using Clock Control”, In SASC 2007 Workshop Record, pp. 260-274, January, 2007
Kiyomoto, S., Tanaka, T., and Sakurai, K., “K2: A Stream Cipher Algorithm Using Dynamic Feedback Control”, In Proc. of SECRYPT 2007, pp.204-213, July, 2007
Kiyomoto, S., Tanaka, T., and Sakurai, K., “K2 Stream Cipher”, Communications in Computer and Information Science, E-business and Telecommunications, 4th International Conference, ICETE 2007, Barcelona, Spain, July 28-31 , 2007, Revised Selected Papers, pp. 214—226 (inaccessible link)
“Stream Cipher KCipher-2” (February 1, 2010), Specification of cipher in the e-Government Recommended Ciphers List
Matt Henricksen, Wun She Yap, Chee Hoo Yian, Shinsaku Kiyomoto, and Toshiaki Tanaka, “Side-Channel Analysis of the K2 Stream Cipher”, ACISP 2010 Proceedings of the 15th Australasian conference on Information security and privacy, pp. 53-73 (inaccessible link)
Andrey Bogdanov, Bart Preneel, and Vincent Rijmen, “Security Evaluation of the K2 Stream Cipher”, Version 1.1 - March 7, 2011
Priemuth-Schmid, D., Attacks on Simplified Versions of K2, Proc. SIIS 2011, LNCS 7053, pp. 117-127.
Request for Comments: 7008, “A Description of the KCipher-2 Encryption Algorithm”, August 2013
Description of the cipher on the developer's site

Notes

↑ ¹ ² ³ Shin, Wook, Kiyomoto, Shinsaku. A Description of the KCipher-2 Encryption Algorithm (unspecified) . tools.ietf.org. Date of treatment November 13, 2016.
↑ ¹ ² ³ Product Outline ｜ KCipher-2 | KDDI Research . Date of treatment November 15, 2016.
↑ Kiyomoto, S., Tanaka, T., and Sakurai, K. "A Word-Oriented Stream Cipher Using Clock Control" . - 2007. - January. - S. 260—274 .
↑ ¹ ² ³ Shinsaku Kiyomoto, Toshiaki Tanaka, Kouichi Sakurai. K2 Stream Cipher (Eng.) // E-business and Telecommunications / Joaquim Filipe, Mohammad S. Obaidat. - Springer Berlin Heidelberg, 2007-07-28. - P. 214–226 . - ISBN 9783540886525 , 9783540886532. - DOI : 10.1007 / 978-3-540-88653-2_16 .
↑ Shinsaku Kiyomoto, Toshiaki Tanaka, Kouichi Sakurai. K2: A Stream Cipher Algorithm using Dynamic Feedback Control. // ResearchGate. - 2007-01-01.
↑ Andrey Bogdanov, Bart Preneel, and Vincent Rijmen. Security Evaluation of the K2 Stream Cipher . - 2011. - March.
↑ ¹ ² CRYPTREC | Specifications of e-Government Recommended Ciphers (Neopr.) . www.cryptrec.go.jp. Date of treatment November 15, 2016.

[:0-1] ¹ ² ³ Shin, Wook, Kiyomoto, Shinsaku. A Description of the KCipher-2 Encryption Algorithm (unspecified) . tools.ietf.org. Date of treatment November 13, 2016.

[:1-2] ¹ ² ³ Product Outline ｜ KCipher-2 | KDDI Research . Date of treatment November 15, 2016.

[3] Kiyomoto, S., Tanaka, T., and Sakurai, K. "A Word-Oriented Stream Cipher Using Clock Control" . - 2007. - January. - S. 260—274 .

[:4-4] ¹ ² ³ Shinsaku Kiyomoto, Toshiaki Tanaka, Kouichi Sakurai. K2 Stream Cipher (Eng.) // E-business and Telecommunications / Joaquim Filipe, Mohammad S. Obaidat. - Springer Berlin Heidelberg, 2007-07-28. - P. 214–226 . - ISBN 9783540886525 , 9783540886532. - DOI : 10.1007 / 978-3-540-88653-2_16 .

[5] Shinsaku Kiyomoto, Toshiaki Tanaka, Kouichi Sakurai. K2: A Stream Cipher Algorithm using Dynamic Feedback Control. // ResearchGate. - 2007-01-01.

[:3-6] Andrey Bogdanov, Bart Preneel, and Vincent Rijmen. Security Evaluation of the K2 Stream Cipher . - 2011. - March.

[:2-7] ¹ ² CRYPTREC | Specifications of e-Government Recommended Ciphers (Neopr.) . www.cryptrec.go.jp. Date of treatment November 15, 2016.

KCipher-2

Content

History

Performance Achieved [2]

Key Features [4]

Justification for choosing a model [5]

KCipher-2 Components and Functions [4]

Cipher Security Assessment [6]

Intellectual Property and Licenses [7]

KCipher-2 Products and Systems [7]

Cipher Versions [4]