IEC and ISO adopt lower power encryption standard Enocoro stream cipher
ISO/IEC 29192-3: International standard for light-weight cryptography in constrained environments
Geneva, Switzerland, 2012-11-14 – The IEC (International Electrotechnical Commission) and ISO (International Organization for Standardization) have adopted ISO/IEC 29192-3 which sees Enocoro, a light-weight stream cipher(1)which Hitachi developed from work commissioned by the NICT (National Institute of Information and Communications Technology), Japan in 2007 as a standard.
ISO/IEC 29192-3 is a standard for light-weight cryptography for implementation in constrained environments. Enocoro achieves the encryption process with about one-tenth the amount of power compared to AES (Advanced Encryption Standard)(3), the current de facto standard for data encryption. It is able to provide the basic security functions for compact control equipment and sensors used in important infrastructure at a low cost.
Today increased security is necessary for compact devices such as RFID (Radio Frequency IDentification)(5) and sensors with wireless communication functions as they connect more and more PCs, mobile phones, PDAs (personal digital assistants) to the Internet. However, these compact devices have limited information processing resources in their CPU or memory and low power consuming technology enabling encryption of data and authentication of devices as well as low-cost implementation of these functions is vitally needed. The IEC and ISO have been working on ISO/IEC 29192 as an international standard for light-weight cryptography for implementation in constrained environments and have now issued ISO/IEC 29192-3, the section on stream ciphers, adopting Enocoro as an international standard.
The Enocoro stream cipher family consists of two algorithms, Enocoro-80 which has a key length of 80 bits and Enocoro-128v2 which has a key length of 128 bits. Enocoro, based on the high-speed stream cipher MUGI, an ISO/IEC standard, achieves its reduced hardware circuit size by drastically reducing the number of registers required to maintain the internal state. Further, by employing the mixing function of the 2 iterations of SPN (substitution-permutation network)(9) structure, it is able to mix data on the register more efficiently, thus improving security at the same time as reducing power consumption. This cipher is an extended development of research results from work commissioned by Japan's NICT (National Institute of Information and Communications Technology) under their FY 2005-2007 project entitled RD for the safe circulation and storage of mass data.
Specifically, when Enocoro-128v2 with a key length of 128 bits is compared with the light-weight implemented AES-128 which offers the same level of security, 2 to 10 times faster processing speeds were achieved, i.e. data encryption was achieved with even less processing. Further, when a FPGA (field programmable gate array) was used to measure the power consumption for encryption per bit: with AES it was 1.16 nW/s (nanowatts per second) and with Enocoro-128 v2 it was 0.103 nW/s, confirming that Enocoro-128v2 consumed approximately one-tenth the amount of power to encrypt the same amount of data.(10)
(1) Stream cipher: A cryptographic method which encrypts data bit by bit using a random bit stream (key stream)
generated by means of a private key.
(2) ISO/IEC 29192: Information technology ̶ Security techniques ̶ Lightweight cryptography: An encryption
standard for implementation in constrained environments.12288; The standard consists of 4 parts: 1) General,
2) Block ciphers, 3) Stream ciphers and 4) Mechanism for using public key cryptography. Part 1 and Part 2
were issued on 29 May 2012 and 10 January 2012, respectively.
(3) AES (Advanced Encryption Standard): An encryption standard adopted by the US government in 2001, and
the de facto world standard for data encryption. AES was ratified 12288; after 3 years of open public
assessment sponsored by NIST (the National Institute of Standards and Technology).
(4) In the Phase 2 action plan for information security measures concerning critical infrastructure
(03 February 2009, Information Security Policy Council of the Information Security Center, Cabinet Office
of Japan), critical infrastructure is defined as platforms formed by business entities providing
highly irreplaceable services essential in the daily lives of citizens and for socio-economic activity;
which if suspended, reduced or become unavailable, has the potential to greatly disrupt the lives of citizens
and the socio-economic activity of society. The plan identifies 10 areas which should be protected:
information communication, finance, rail, air, electricity, gas, water, distribution, medical care and municipal services.
(5) RFID (Radio Frequency IDentification): ID tag with wireless communication capability
(6) MULTI-S01 (MULTImedia encryption algorithm and Stream cipher No.01): A stream cipher operation mode
developed by Hitachi in 2000. Conventional stream ciphers only provided a function for data confidentiality but
with MULTI-S01, data tampering detection was also achieved. MULTI-S01 was adopted as an
ISO/IEC standard in July 2005.
(7) MUGI (MUlti GIga cipher): A stream cipher developed by Hitachi in 2001. MUGI was listed as a
recommended encryption code for electronic government, and adopted as an ISO/IEC standard in July 2005.
(8) HIME(R) (High Performance Modular-squaring-based public-key Encryption): A public key encryption
scheme, i.e. data is encrypted and decrypted using different keys, developed by Hitachi in 2001.
HIME(R) was adopted as an ISO/IEC standard in May 2006.
(9) Substitution-permutation Network (SPN): A mixing method, also used in AES, where text replacement
based on a substitution box and linear transformations are alternately repeated. MUGI employs a mixing
method based on the Feistel scheme, and is comprised of a layer of the Feistel scheme. The Feistel scheme
is also a mixing method, used widely in symmetric-key cryptography such as DES, which was standardized
by the US in 1977.
(10) In practice, measurement results may differ depending on evaluation conditions.