Taizo Shirai scite author profile

We propose a new 64-bit blockcipher Piccolo supporting 80 and 128-bit keys. Adopting several novel design and implementation techniques, Piccolo achieves both high security and notably compact implementation in hardware. We show that Piccolo offers a sufficient security level against known analyses including recent related-key differential attacks and meet-in-the-middle attacks. In our smallest implementation, the hardware requirements for the 80 and the 128-bit key mode are only 683 and 758 gate equivalents, respectively. Moreover, Piccolo requires only 60 additional gate equivalents to support the decryption function due to its involution structure. Furthermore, its efficiency on the energy consumption which is evaluated by energy per bit is also remarkable. Thus, Piccolo is one of the competitive ultra-lightweight blockciphers which are suitable for extremely constrained environments such as RFID tags and sensor nodes.

show abstract

The 128-Bit Blockcipher CLEFIA (Extended Abstract)

Shirai

et al. 2007

View full text Add to dashboard Cite

Abstract. We propose a new 128-bit blockcipher CLEFIA supporting key lengths of 128, 192 and 256 bits, which is compatible with AES. CLEFIA achieves enough immunity against known attacks and flexibility for efficient implementation in both hardware and software by adopting several novel and state-of-the-art design techniques. CLEFIA achieves a good performance profile both in hardware and software. In hardware using a 0.09 μm CMOS ASIC library, about 1.60 Gbps with less than 6 Kgates, and in software, about 13 cycles/byte, 1.48 Gbps on 2.4 GHz AMD Athlon 64 is achieved. CLEFIA is a highly efficient blockcipher, especially in hardware.

show abstract

On Feistel Ciphers Using Optimal Diffusion Mappings Across Multiple Rounds

Shirai¹,

Preneel²

2004

View full text Add to dashboard Cite

Abstract. We study a recently proposed design approach of Feistel ciphers which employs optimal diffusion mappings across multiple rounds. This idea was proposed by Shirai and Shibutani at FSE2004, and the technique enables to improve the immunity against either differential or linear cryptanalysis (but not both). In this paper, we present a theoretical explanation why the new design using three different matrices achieves the better immunity. In addition, we are able to prove conditions to improve the immunity against both differential and linear cryptanalysis. As a result, we show that this design approach guarantees at least R(m+1) active S-boxes in 3R consecutive rounds (R ≥ 2) where m is the number of S-boxes in a round. By using the guaranteed number of active S-boxes, we compare this design approach to other well-known designs employed in SHARK, Rijndael, and MDS-Feistel ciphers. Moreover, we show interesting additional properties of the new design approach.

show abstract

On Generalized Feistel Structures Using the Diffusion Switching Mechanism

Shirai

Araki

2008

IEICE Transactions on Fundamentals of Electronics, Communicatio

View full text Add to dashboard Cite

Abstract. We study a recently proposed design approach of Feistel structure which employs diffusion matrices in a switching way. At ASI-ACRYPT 2004, Shirai and Preneel have proved that large numbers of S-boxes are guaranteed to be active if a diffusion matrix used in a round function is selected among multiple matrices. However the optimality of matrices required by the proofs sometimes pose restriction to find matrices suitable for actual blockciphers. In this paper, we extend their theory by replacing the condition of optimal mappings with general-type mappings, consequently the restriction is eliminated. Moreover, by combining known lower bounds for usual Feistel structure, we establish a method to estimate the guaranteed number of active S-boxes for arbitrary round numbers. We also demonstrate how the generalization enables us to mount wide variety of diffusion mappings by showing concrete examples.

show abstract

Improving Immunity of Feistel Ciphers against Differential Cryptanalysis by Using Multiple MDS Matrices

Shirai

Shibutani

2004

View full text Add to dashboard Cite

Abstract.A practical measure to estimate the immunity of block ciphers against differential and linear attacks consists of finding the minimum number of active S-Boxes, or a lower bound for this minimum number. The evaluation result of lower bounds of differentially active S-boxes of AES, Camellia (without F L/F L −1 ) and Feistel ciphers with an MDS based matrix of branch number 9, showed that the percentage of active S-boxes in Feistel ciphers is lower than in AES. The cause is a difference cancellation property which can occur at the XOR operation in the Feistel structure. In this paper we propose a new design strategy to avoid such difference cancellation by employing multiple MDS based matrices in the diffusion layer of the F-function. The effectiveness of the proposed method is confirmed by an experimental result showing that the percentage of active S-boxes of the newly designed Feistel cipher becomes the same as for the AES.

show abstract

Improved Upper Bounds of Differential and Linear Characteristic Probability for Camellia

Shirai

Kanamaru

Abe

2002

View full text Add to dashboard Cite

We discuss the security of the block cipher Camellia against differential attack and linear attack. The security of Camellia against these attacks has been evaluated by upper bounds of maximum differential characteristic probability (MDCP) and maximum linear characteristic probability (MLCP) calculated by the least numbers of active S-boxes which are found by a search method[2]. However, we found some truncated differential paths generated by the method have wrong properties. We show a new evaluation method for truncated differential and linear paths to discard such wrong paths by using linear equations systems and sets of nonzero conditions. By applying this technique to Camellia, we found tighter upper bounds of MDCP and MLCP for reduced-round Camellia. As a result, 10-round Camellia without F L/F L −1 has no differential and linear characteristic with probability higher than 2 −128 .

show abstract

On Feistel Structures Using a Diffusion Switching Mechanism

Shirai

Shibutani

2006

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Taizo Shirai

Piccolo: An Ultra-Lightweight Blockcipher

The 128-Bit Blockcipher CLEFIA (Extended Abstract)

On Feistel Ciphers Using Optimal Diffusion Mappings Across Multiple Rounds

On Generalized Feistel Structures Using the Diffusion Switching Mechanism

Improving Immunity of Feistel Ciphers against Differential Cryptanalysis by Using Multiple MDS Matrices

Improved Upper Bounds of Differential and Linear Characteristic Probability for Camellia

On Feistel Structures Using a Diffusion Switching Mechanism

Contact Info

Product

Resources

About