SNOW
SNOW is a family of word-based synchronous stream ciphers developed by Thomas Johansson and Patrik Ekdahl at Lund University.
They have a 512-bit linear feedback shift register at their core, followed by a non-linear output state machine with a few additional words of state.
SNOW 1.0, SNOW 2.0, and SNOW 3G use a shift register of 16 32-bit words, and a 32-bit add-rotate-XOR (ARX) output transformation with 2 or 3 words of state. Each iteration advances the shift register by 32 bits and produces 32 bits of output.
SNOW-V and SNOW-Vi use a shift register of 32 16-bit words (designed to be implemented as 4 128-bit SIMD registers) which is advanced by 16 bits per iteration. 8 LFSR iterations can be performed simultaneously using SIMD operations, after which one output transformation step is performed, producing 128 bits of output. The output transformation uses the Advanced Encryption Standard (AES) round function (commonly implemented in hardware on recent processors), and maintains 2 additional 128-bit words of state.
History
SNOW 1.0, originally simply SNOW, was submitted to the NESSIE project.[1] The cipher has no known intellectual property or other restrictions. The cipher works on 32-bit words and supports both 128- and 256-bit keys. The cipher consists of a combination of a LFSR and a Finite State Machine (FSM) where the LFSR also feeds the next state function of the FSM. The cipher has a short initialization phase and very good performance on both 32-bit processors and in hardware.
During the evaluation, weaknesses were discovered and as a result, SNOW was not included in the NESSIE suite of algorithms. The authors have developed a new version, version 2.0 of the cipher, that solves the weaknesses and improves the performance.[2]
During ETSI SAGE evaluation, the design was further modified to increase its resistance against algebraic attacks with the result named SNOW 3G.[3]
It has been found that related keys exist both for SNOW 2.0 and SNOW 3G,[4] allowing attacks against SNOW 2.0 in the related-key model.
Use
SNOW has been used in the ESTREAM project as a reference cipher for the performance evaluation.
SNOW 2.0 is one out of stream ciphers chosen for ISO/IEC standard ISO/IEC 18033-4.[5]
SNOW 3G[6] is chosen as the stream cipher for the 3GPP encryption algorithms UEA2 and UIA2.[7]
SNOW-V was an extensive redesign published in 2019,[8] designed to match 5G cellular network speeds by generating 128 bits of output per iteration. SNOW-Vi[9] was tweaked for even higher speed using small changes to the LFSR; the output transformation is identical.
Sources
- ^ Ekdahl, Patrik; Johansson, Thomas (2000). SNOW - a new stream cipher (PDF). First NESSIE Workshop. Heverlee, Belgium. Retrieved 2024-05-15.
- ^ Ekdahl, Patrik; Johansson, Thomas (August 2002). A New Version of the Stream Cipher SNOW (PDF). Selected Areas in Cryptography: 9th Annual International Workshop. St. John's, Newfoundland. CiteSeerX 10.1.1.7.4280. doi:10.1007/3-540-36492-7_5. Retrieved 2024-05-15.
- ^ UEA2 Design and Evaluation Report
- ^ Kircanski, Aleksandar; Youssef, Amr (15 April 2012). "On the Sliding Property of SNOW 3G and SNOW 2.0" (PDF). Retrieved 19 October 2021.
- ^ "ISO/IEC 18033-4:2011 Information technology — Security techniques — Encryption algorithms — Part 4: Stream ciphers". ISO. Retrieved 30 October 2020.
- ^ "Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2. Document 2: SNOW 3G Specification" (PDF). www.gsma.com. 6 September 2006. Retrieved 13 October 2017.
- ^ "Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2. Document 1: UEA2 and UIA2 Specification" (PDF). www.quintillion.co.jp. Archived from the original (PDF) on 19 March 2012. Retrieved 30 October 2020.
- ^ Ekdahl, Patrik; Johansson, Thomas; Maximov, Alexander; Yang, Jing (September 2019). "A new SNOW stream cipher called SNOW-V". IACR Transactions on Symmetric Cryptology. 2019 (3): 1–42. doi:10.13154/tosc.v2019.i3.1-42.
- ^ Ekdahl, Patrik; Johansson, Thomas; Maximov, Alexander; Yang, Jing (June 2021). SNOW-Vi: an extreme performance variant of SNOW-V for lower grade CPUs. 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks. doi:10.1145/3448300.3467829.