SVH: A Lightweight Stream Cipher Based on Dual Pseudo-Random Transformation and OFB

A new lightweight stream cipher, SVH, is proposed. The design targets hardware environments where gate count, power consumption and memory is very limited. It is based on dual pseudo-random transformation and output feedback. The block of key size is 64 bits and SVH can achieve sufficient security margin against known attacks, such as linear cryptanalysis, differential cryptanalysis, impossible differential cryptanalysis. Hardware implementation of SVH is around 1171GE, which is comparable with the 1458 GE hardware implementation of Grain. The software implementation of SVH on 8-bit microcontroller is about 19.55Mb/s, and its efficiency is 30 times as much as that of Grain in RFID environment. The hardware complexity and throughput compares favourably to other hardware oriented stream ciphers like Grain. Introduction In recent years, a number of security and high performance stream cipher have been designed to promote the development of cryptography. However, with the development of wireless network technology, ordinary stream cipher is difficult to meet the mobile terminal resource-constrained, lightweight cryptographic algorithms required to meet hardware and software, computing power and energy consumption and other resource-constrained needs of the terminal. Grain [1] and WG-7 [2] as an outstanding representative of the lightweight stream cipher, provides us with a good opportunity based on the most advanced technologies designed for mobile terminals with limited resources. The stream cipher refers to a mathematical manipulation which the plain text is coded using the binary digital sequence xx1, xx2, ... . Each encryption is encrypted with the same length as the key stream, which is realized by the same key stream generated by the decryption, KS is the stream generator and KS0 is the initial key. The blocks are then converted into the equal length digital sequences yy = (yy1, yy2, ... ,yynn)using the key of kk = (kk1, kk2, ... , kktt). This process can be represented with the model in Fig.1.