Phelix

From Free net encyclopedia

Phelix is a high-speed stream cipher with a built-in message authentication code (MAC) functionality, submitted in 2004 to the eSTREAM contest by Doug Whiting, Bruce Schneier, Stefan Lucks, and Frédéric Muller. It has no intellectual property restrictions.

Phelix uses a 256-bit key and a 128-bit nonce, but the cipher has a design strength of 128 bits. The cipher uses only the operations of addition modulo 232, exclusive or, and rotation by a fixed number of bits. An unusual feature of Phelix is that it uses the plaintext to update the state, which in turn affects the key-stream. This allows Phelix to perform authentication as well as encryption.

Optimised for 32-bit platforms, the authors claim that Phelix can achieve up to eight cycles/byte on modern x86-based processors; it also achieves respectable performance in hardware.

As of 2005, no cryptanalytic attacks on Phelix are known.

Phelix has been selected as Phase 2 Focus Candidate for both Profile 1 and Profile 2 by the eSTREAM project.


[edit]

Helix

Phelix is a slightly modified form of an earlier cipher, Helix, published in 2003 by Niels Ferguson, Doug Whiting, Bruce Schneier, John Kelsey, Stefan Lucks, and Tadayoshi Kohno; Phelix adds 128 bits to the internal state. This was in response to cryptanalysis of Helix. In 2004, Muller published two attacks on Helix. The first has a complexity of 288 and requires 212 adaptive chosen-plaintext words, but requires nonces to be reused. Souradyuti Paul and Bart Preneel have later shown that the number of adaptive chosen-plaintext words of Muller's attack can be reduced by a factor of 3 in the worst case (a factor of 46.5 in the best case) using their optimal algorithms to solve differential equations of addition. In a later development, Souradyuti Paul and Bart Preneel showed that the above attack can also be implemented with chosen plaintexts (CP) rather than adaptive chosen plaintexts (ACP) with data complexity 235.64 CP's. Muller's second attack on Helix is a distinguishing attack that requires 2114 words of chosen-plaintext.

[edit]

References

  • D. Whiting, B. Schneier, S. Lucks, and F. Muller, Phelix: Fast Encryption and Authentication in a Single Cryptographic Primitive (includes source code)
  • Niels Ferguson, Doug Whiting, Bruce Schneier, John Kelsey, Stefan Lucks and Tadayoshi Kohno, Helix: Fast Encryption and Authentication in a Single Cryptographic Primitive, FSE 2003, pp330–346 (PDF).
  • Frédéric Muller, Differential Attacks against the Helix Stream Cipher, FSE 2004, pp94–108.
  • Souradyuti Paul and Bart Preneel, Solving Systems of Differential Equations of Addition, ACISP 2005. Full version (PDF)
  • Souradyuti Paul and Bart Preneel, Near Optimal Algorithms for Solving Differential Equations of Addition With Batch Queries, Indocrypt 2005. Full version (PDF)
[edit]

External links

Template:Stream ciphers

Retrieved from "http://www.netipedia.com/index.php/Phelix"