International Association
for Cryptologic Research

Guoxiao Liu , Institute for Network Sciences and Cyberspace, Tsinghua University

Qingyuan Yu , School of Cyber Science and Technology, Shandong University, Key Laboratory of Cryptologic Technology and Information Security

Liyuan Tang , Institute for Network Sciences and Cyberspace, Tsinghua University

Shihe Ma , Institute for Network Sciences and Cyberspace, Tsinghua University

Congming Wei , School of Cyberspace Science and Technology, Beijing Institute of Technology

Keting Jia , Institute for Network Sciences and Cyberspace, Tsinghua University, Zhongguancun Laboratory, BNRist, Tsinghua University

Lingyue Qin , Zhongguancun Laboratory, BNRist, Tsinghua University

Xiaoyang Dong , Institute for Network Sciences and Cyberspace, Tsinghua University, Zhongguancun Laboratory, BNRist, Tsinghua University

Yantian Shen , Department of Computer Science and Technology, Tsinghua University

DOI: 10.62056/a63zzoja5

URL: https://cic.iacr.org/p/1/4/25

Search ePrint

Search Google

In recent years, there has been a growing interest in low-latency ciphers. Since the first low-latency block cipher PRINCE was proposed at ASIACRYPT 2012, many low-latency primitives sprung up, such as Midori, MANTIS, QARMA and SPEEDY. Some ciphers, like SPEEDY and Orthros, introduce bit permutations to achieve reduced delay. However, this approach poses a challenge in evaluating the resistance against some cryptanalysis, especially differential and linear attacks. SPEEDY-7-192, was fully broken by Boura et.al. using differential attack, for example. In this paper, we manage to propose a novel low-latency block cipher, which guarantees security against differential and linear attacks. Revisiting the permutation technique used in Orthros, we investigate the selection of nibble permutations and propose a method for selecting them systematically rather than relying on random search. Our new nibble permutation method ensures the existence of impossible differential and differential trails for up to 8 rounds, while the nibble permutations for both branches of Orthros may lead to a 9-round impossible differential trail. Furthermore, we introduce a new approach for constructing low-latency coordinate functions for 4-bit S-boxes, which involves a more precise delay computation compared to traditional methods based solely on circuit depth. The new low-latency primitive uLBC we propose, is a family of 128-bit block ciphers, with three different versions of key length, respectively 128-bit and 256-bit key, as well as a 384-bit tweakey version with variable-length key. According to the key length, named uLBC-128, uLBC-256 and uLBC-384t. Our analysis shows that uLBC-128 exhibits lower latency and area requirements compared to ciphers such as QARMA9-128 and Midori128. On performance, uLBC-128 has excellent AT performance, the best performance except SPEEDY-6, and even the best performance in UMC 55nm in our experiments.