Achterbahn (stream cipher)

In cryptography, Achterbahn is the name of a synchronous stream cipher algorithm submitted to the eSTREAM Project of the eCRYPT network. In the final specification the cipher is called ACHTERBAHN-128/80, because it supports the key lengths of 80 bits and 128 bits, respectively.[1] Achterbahn was developed by Berndt Gammel, Rainer Göttfert and Oliver Kniffler. Achterbahn means rollercoaster (in German), though a literal translation of the term would be eight-track, which indicates that the cipher can encrypt eight bit streams in parallel.

The parameters of the cipher are given in the following table:

ACHTERBAHN-80 ACHTERBAHN-128
Max. key length 80 bit 128 bit
Max. IV length 80 bit 128 bit
Max. frame length 244 244
Internal state 297 bit 351 bit

ACHTERBAHN-128 is downward compatible and can produce the same keystream as ACHTERBAHN-80 if so desired. The keystream generator of ACHTERBAHN-128/80 is based on the design principle of the nonlinear combination generator, however it deploys primitive nonlinear feedback shift registers (NLFSR) instead of linear ones (LFSR).

Security

edit

There are no known cryptanalytic attacks against ACHTERBAHN-128/80 for the tabulated parameters that are faster than brute force attack. Recent analysis showed that attacks are possible if larger frame (packet) lengths are used in a communication protocol.[2][3][4] The cipher's authors recommend a maximum frame length of 244 bits.[5] This value does however not imply practical limitations.

Performance

edit

The ACHTERBAHN-128/80 stream cipher is optimized for hardware applications with restricted resources, such as limited gate count and power consumption. An implementation of ACHTERBAHN-80 has a design size of only 2188 gate equivalents (Nand-GE) in a standard CMOS technology and delivers a throughput of up to 400 Megabit/s. This makes it suitable for RFID tags.[citation needed] A high-speed implementation with a throughput of 8 Gigabit/s has a design size of 8651 Nand-GE.[6]

References

edit
  1. ^ Gammel, Berndt M.; Göttfert, Rainer; Kniffler, Oliver (30 June 2006). "ACHTERBAHN-128/80" (PDF). ECRYPT Stream Cipher Project Report.
  2. ^ Naya-Plasencia, María (March 26–28, 2007). Cryptanalysis of Achterbahn-128/80 (PDF). Fast Software Encryption, 14th International Workshop. Revised Selected Papers, Lecture Notes in Computer Science. Vol. 4593. Luxembourg: Springer. pp. 73–86. ISBN 978-3-540-74617-1.
  3. ^ Naya-Plasencia, María (July 4–6, 2007). Cryptanalysis of Achterbahn-128/80 with a New Keystream Limitation (PDF). Research in Cryptology: Second Western European Workshop, WEWoRC. Revised Selected Papers, Lecture Notes in Computer Science. Vol. 4945. Bochum, Germany: Springer. pp. 142–152. ISBN 978-3-540-88352-4.
  4. ^ Gammel, Berndt M.; Göttfert, Rainer; Kniffler, Oliver (Jan 31 – Feb 1, 2007). Achterbahn-128/80: Design and Analysis. Workshop Record of The State of the Art of Stream Ciphers - SASC. Ruhr University Bochum, Germany. pp. 152–165. Archived from the original on July 24, 2007.
  5. ^ Göttfert, Rainer; Gammel, Berndt M. (July 1–6, 2007). Helleseth, T.; Kumar, V.; Ytrehus, Ø. (eds.). On the frame length of Achterbahn-128/80 (PDF). Proceedings of the 2007 IEEE Information Theory Workshop on Information Theory for Wireless Networks. Solstrand, Norway. pp. 91–95. ISBN 978-1-4244-1199-3.
  6. ^ Gammel, Berndt M.; Göttfert, Rainer; Kniffler, Oliver (30 June 2006). "ACHTERBAHN-128/80" (PDF). The Achterbahn Stream Cipher.
edit