EnRUPT64

03/06/08 | by Sean O’Neil | Categories: News

The updated specification paper includes EnRUPT64 since its automated cryptanalysis has been completed and revealed no significant differences comparing to the originally proposed EnRUPT32. Both variants have roughly the same security properties. Unfortunately, there is no way to keep them simple yet compatible with each other. They can only be used separately.

While originally EnRUPT specification only proposed a variant operating on 32-bit words, it was designed to support variable word length. The difference in word length only affects the rotation operation. It is w/4 (a quarter of the word length), not simply 8. Other word sizes have not been fully analysed yet and may require a different number of rounds to be secure as it is affected nonlinearly. While larger word sizes can be made secure, 16-bit words demonstrate significant weakness and cannot be used efficiently.

Performance of EnRUPT64 is much better than EnRUPT32 on 64-bit processors but much worse on 32-bit processors (about 2 times slower than EnRUPT32). Both perform equally well on 8-bit microprocessors except for small 64-bit blocks [minimum block size of EnRUPT64 is 128 bits], while EnRUPT64 is slightly faster on 16-bit microprocessors due to the absence of rotations.

Tags: block cipher, cipher, hash function, prng, rng, stream cipher

3 feedbacks » •

Trackback address for this post

Trackback URL (right click and copy shortcut/link location)

3 comments

Comment from: Sean O’Neil [Member] · http://cryptolib.com/

EnRUPT64 seems to be quite fast if it is implemented using MMX. My first straight-forward implementation of RUPT64 stream cipher runs at 2-2.8 CPB on Core 2 Duo processing one 64-bit word per call. Unfortunately, MSVC-2005 refuses to optimise 64-bit operations at all turning even shift-add combinations into [very slow] function calls to multiply by 9! [This behaviour can be suppressed only with an additional volatile register.] So far, this is the fastest of all the simple variants.

15/06/08 @ 05:59

Comment from: Sean O’Neil [Member] · http://cryptolib.com/

Thanks to the Intel® Compiler, an ANSI C implementation of RUPT64 runs at 5 CPB now, only 30% slower than RUPT32 (3.5 CPB). This is a much better speed than MSVC can achieve (9 CPB or 2.5 times slower than RUPT32). With such a small difference in the top achievable speed on IA32, EnRUPT64 is certainly a better choice for all applications other than minimum-area RFIDs or memoryless bootloader encryption on embedded CPUs.

15/06/08 @ 10:50

Comment from: Sean O’Neil [Member] · http://cryptolib.com/

Good news!

Our new ANSI C Intel compiler EnRUPT64 implementations using only 32-bit variables run as fast as EnRUPT32 on IA32. Only Microsoft C is still lagging behind, but not as much as with 64-bit variables.

31/07/08 @ 12:37

Comment feed for this post