SOBER
Encyclopedia
In cryptography
, SOBER is a family of stream cipher
s initially designed by Greg Rose
of QUALCOMM Australia
starting in 1997. The name is a contrived acronym for Seventeen Octet Byte Enabled Register. Initially the cipher was intended as a replacement for broken ciphers in cellular telephony. The ciphers evolved, and other developers (primarily Phillip Hawkes) joined the project.
SOBER was the first cipher, with a 17-byte Linear Feedback Shift Register, a form of decimation
called stuttering, and a nonlinear output filter function. The particular configuration of the shift register turned out to be vulnerable to "guess and determine" attacks.
SOBER-2 changed the position of the feedback and output taps to resist the above attacks.
S16 was an expansion to 16-bit words rather than bytes, with an expected increase of security.
call for new cryptographic primitives, three new versions called the t-class were developed; SOBER-t8 was virtually identical to SOBER-2 but did not have sufficient design strength for NESSIE submission; SOBER-t16 and SOBER-t32 were submitted. t32 was a further expansion to 32-bit words, while both ciphers had a more efficient method of computing the linear feedback.
Subsequent to NESSIE, SOBER-128
was designed to take into account what had been learned. The stuttering was dropped because it added too little strength for the overhead, and the nonlinear output function was strengthened. As a stream cipher, SOBER-128 remains unbroken. The message authentication capability that was added at the same time was trivially broken.
Mundja: An integrated message authentication feature based on SHA-256 that was designed to be added to stream ciphers such as SOBER-128.
Turing
: Named after Alan Turing
, shares the LFSR design of SOBER-128, but has a block-cipher-like output filter function with key-dependent S-boxes, and remains unbroken subject to a minor usage constraint.
NLS: Short for Non-Linear SOBER, it was submitted to the European eSTREAM
project. It uses nonlinearity for the shift register, and simplifies the output filter for increased performance, using Mundja for message authentication. SSS, for Self-Synchronizing SOBER, was also submitted but has very little relationship to the other SOBER ciphers, and was quickly broken.
Shannon: Named after Claude Shannon, shortens the register to 16 32-bit words, and has completely new feedback and output filter tap positions. It incorporates a new and more efficient message authentication mechanism.
Boole: Named after George Boole
, is a family of combined hash function
s and stream ciphers that were developed for submission to the NIST call for development of an advanced hash standard, but were withdrawn when a collision was discovered.
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
, SOBER is a family of stream cipher
Stream cipher
In cryptography, a stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream . In a stream cipher the plaintext digits are encrypted one at a time, and the transformation of successive digits varies during the encryption...
s initially designed by Greg Rose
Gregory G. Rose
Gregory G. "Greg" Rose is a Senior Vice President of Technology for Qualcomm. Rose designed the SOBER family of stream ciphers.-Selected publications:...
of QUALCOMM Australia
Qualcomm
Qualcomm is an American global telecommunication corporation that designs, manufactures and markets digital wireless telecommunications products and services based on its code division multiple access technology and other technologies. Headquartered in San Diego, CA, USA...
starting in 1997. The name is a contrived acronym for Seventeen Octet Byte Enabled Register. Initially the cipher was intended as a replacement for broken ciphers in cellular telephony. The ciphers evolved, and other developers (primarily Phillip Hawkes) joined the project.
SOBER was the first cipher, with a 17-byte Linear Feedback Shift Register, a form of decimation
Decimation (signal processing)
In digital signal processing, decimation is a technique for reducing the number of samples in a discrete-time signal. The element which implements this technique is referred to as a decimator.Decimation is a two-step process:...
called stuttering, and a nonlinear output filter function. The particular configuration of the shift register turned out to be vulnerable to "guess and determine" attacks.
SOBER-2 changed the position of the feedback and output taps to resist the above attacks.
S16 was an expansion to 16-bit words rather than bytes, with an expected increase of security.
Adaptions for and since NESSIE
For the NESSIENESSIE
NESSIE was a European research project funded from 2000–2003 to identify secure cryptographic primitives. The project was comparable to the NIST AES process and the Japanese Government-sponsored CRYPTREC project, but with notable differences from both...
call for new cryptographic primitives, three new versions called the t-class were developed; SOBER-t8 was virtually identical to SOBER-2 but did not have sufficient design strength for NESSIE submission; SOBER-t16 and SOBER-t32 were submitted. t32 was a further expansion to 32-bit words, while both ciphers had a more efficient method of computing the linear feedback.
Subsequent to NESSIE, SOBER-128
SOBER-128
SOBER-128 is a synchronous stream cipher designed by Hawkes and Rose and is a member of the SOBER family of ciphers. SOBER-128 was also designed to provide MAC functionality....
was designed to take into account what had been learned. The stuttering was dropped because it added too little strength for the overhead, and the nonlinear output function was strengthened. As a stream cipher, SOBER-128 remains unbroken. The message authentication capability that was added at the same time was trivially broken.
Mundja: An integrated message authentication feature based on SHA-256 that was designed to be added to stream ciphers such as SOBER-128.
Turing
Turing (cipher)
Turing is a stream cipher developed by Gregory G. Rose and Philip Hawkes at Qualcomm for CDMA. It is designed to be fast in software and achieves around 5.5 cycles/byte on some x86 processors....
: Named after Alan Turing
Alan Turing
Alan Mathison Turing, OBE, FRS , was an English mathematician, logician, cryptanalyst, and computer scientist. He was highly influential in the development of computer science, providing a formalisation of the concepts of "algorithm" and "computation" with the Turing machine, which played a...
, shares the LFSR design of SOBER-128, but has a block-cipher-like output filter function with key-dependent S-boxes, and remains unbroken subject to a minor usage constraint.
NLS: Short for Non-Linear SOBER, it was submitted to the European eSTREAM
ESTREAM
eSTREAM is a project to "identify new stream ciphers suitable for widespread adoption", organised by the EU ECRYPT network. It was set up as a result of the failure of all six stream ciphers submitted to the NESSIE project. The call for primitives was first issued in November 2004. The project was...
project. It uses nonlinearity for the shift register, and simplifies the output filter for increased performance, using Mundja for message authentication. SSS, for Self-Synchronizing SOBER, was also submitted but has very little relationship to the other SOBER ciphers, and was quickly broken.
Shannon: Named after Claude Shannon, shortens the register to 16 32-bit words, and has completely new feedback and output filter tap positions. It incorporates a new and more efficient message authentication mechanism.
Boole: Named after George Boole
George Boole
George Boole was an English mathematician and philosopher.As the inventor of Boolean logic—the basis of modern digital computer logic—Boole is regarded in hindsight as a founder of the field of computer science. Boole said,...
, is a family of combined hash function
Hash function
A hash function is any algorithm or subroutine that maps large data sets to smaller data sets, called keys. For example, a single integer can serve as an index to an array...
s and stream ciphers that were developed for submission to the NIST call for development of an advanced hash standard, but were withdrawn when a collision was discovered.
External links
- QUALCOMM Australia - info on the whole SOBER family
- NIST - NIST call for an Advanced Hash Standard