VEST
Encyclopedia : V : VE : VES : VEST
VEST is a hardware-dedicated stream cipher which has been submitted to the eSTREAM project. VEST is based on bijective parallel nonlinear feedback shift registers (NLPFSRs) assisted by non-linear Residue Number System (RNS) based counters. The four VEST family trees described in the spec are VEST-4, VEST-8, VEST-16, and VEST-32. VEST ciphers support keys and IVs of variable sizes and instant re-keying, and all VEST ciphers release output on every clock cycle. VEST ciphers are designed so that each cipher family generated using a static family key can be efficiently synthesised in hardware. VEST ciphers also double as collision-resistant hashes.
VEST was submitted to the eSTREAM competition by Sean O'Neil, Benjamin Gittins and Howard Landman.
All the VEST variants are covered by several patent applications.
Structure
VEST ciphers consist of four components: a non-linear counter, a linear counter diffusor, a bijective non-linear accumulator and a linear output combiner. The RNS counter consists of sixteen NLFSRs with prime period lengths, the counter diffusor is a set of 5-to-1 linear combiners with feedback compressing outputs of the 16 counters into 10 bits, the core accumulator is an NLPFSR accepting 10 bits of the counter diffusor as input, and the output combiner is a set of 6-to-1 linear combiners.The core NLPFSR accumulator in VEST ciphers can be seen as a bijective substitution-permutation network constructed using non-linear 6-to-1 feedback functions, one for each bit, all of which are updated simultaneously. It accepts 10 bits as its input. The least significant five bits in the accumulator state are updated by a bijective 5x5 substitution box and linearly combined with the first five input bits on each round. The next five accumulator bits are linearly combined with the next five input bits and with a non-linear function of four of the less significant accumulator bits. All other bits in the VEST accumulator state are linearly combined with non-linear functions of five less significant bits stored in the accumulator state on each round. This substitution operation is followed by a pseudorandom permutation of all the bits in the state.
Family keying
The four root VEST cipher families are referred to as VEST-4, VEST-8, VEST-16, and VEST-32. Each of the four family trees of VEST ciphers supports family keying to generate other independent cipher families of the same size. The family-keying process is a standard method to generate cipher families with unique substitutions and unique counters with different periods.Performance
VEST is submitted to the eSTREAM project under the Profile II as designed for "hardware applications with restricted resources such as limited storage, gate count, or power consumption", and shows high speeds in FPGA and ASIC hardware: 10 to 30 times faster than AES when roughly the same number of gates are used. The authors' own bitslice implementation claims software speeds comparable to DES or IDEA, that is about 3-4 times slower than the AES.Initialisation of VEST ciphers with a 128-bit key takes 176 rounds. Loading a 128-bit IV takes 48 rounds.
| Cipher: | VEST-4 | VEST-8 | VEST-16 | VEST-32 | AES-128 (min) | AES-128 (max) |
|---|---|---|---|---|---|---|
| Output, bits per clock: | 4 | 8 | 16 | 32 | 128 | 128 |
| Expected security, bits: | 80 | 128 | 160 | 256 | 128 | 128 |
| Guaranteed period: | >[2^] | >[2^] | >[2^] | >[2^] | [2^] | [2^] |
| Average period: | >[2^] | >[2^] | >[2^] | >[2^] | [2^] | [2^] |
| Counter size, bits: | 163 | 163 | 171 | 171 | 128 | 128 |
| Core size, bits: | 83 | 211 | 331 | 587 | ||
| State size, bits: | 256 | 384 | 512 | 768 | 1280 | 1280 |
| Software clocks per byte (in C): | 64 | 64 | 47 | 42 | 17 | 17 |
| Area, ASIC gates: | <5K | <9K | <13K | <22K | 27K | 473K |
| ASIC speed, Gbit/s: | 10 | 19 | 32 | 52 | 2 | 77.6 |
Security
As of January 2006, there are no known attacks against any of the VEST ciphers or authentication mechanisms. However, no new design should be fielded for real use until it has survived a period of public scrutiny, and VEST's design is also fairly novel.External links
- [Official VEST Website]
- [eSTREAM page on VEST]
- [VEST specification]
- [VEST C reference source code and test vectors]
- [Specification of the native authenticated encryption mode of VEST ciphers]
- [VEST AE mode C reference source code and test vectors]
| Stream ciphers [edit] |
| Algorithms: A5/1 | A5/2 | FISH | Grain | HC-256 | ISAAC | MUGI | Panama | Phelix | Pike | Py | Rabbit | RC4 | Salsa20 | Scream | SEAL | SOBER | SOBER-128 | SOSEMANUK | Trivium | VEST | WAKE |
| Theory: Shift register | LFSR | NLFSR | Shrinking generator |
| Misc: eSTREAM |
From Wikipedia, the Free Encyclopedia. Original article here. Support Wikipedia by contributing or donating.
All text is available under the terms of the GNU Free Documentation License See Wikipedia Copyrights for details.