Authenticated Encryption Based on Lesamnta-LW Hashing Mode

Hirose, Sachiko; Kuwakado, Hidenori; Yoshida, Hirotaka

doi:10.1007/978-3-030-40921-0_3

Cited by 3 publications

(2 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It employs the internal AES-based block cipher. ere is a pseudorandom function mode [28] and an authenticated encryption with associated data (AEAD) [29] based on Lesamnta-LW. We consider that we obtain multiple applications for a TPMS protocol by using one primitive.…”

Section: Perspectives From Lightweight Crypto Stackmentioning

confidence: 99%

Lightweight Crypto Stack for TPMS Using Lesamnta-LW

Watanabe

Yamamoto

Yoshida

2020

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

Modern vehicles which have internal sensor networks are one of the examples of a cyberphysical system (CPS). The tire pressure monitoring system (TPMS) is used to monitor the pressure of the tires and to inform the driver of them. This system is mandatory for vehicles in the US and EU. To ensure the security of TPMS, it is important to reduce the cost of the cryptographic mechanisms implemented in resource-constrained devices. To address this problem, previous works have proposed countermeasures employing lightweight block ciphers such as PRESENT, SPECK, or KATAN. However, it is not clear to us that any of these works have addressed the issues of software optimization that considers TPMS packet protection as well as session key updates for architectures consisting of the vehicle TPMS ECU and four low-cost TPMS sensors equipped with the tires. In this paper, we propose the application of ISO/IEC 29192-5 lightweight hash function Lesamnta-LW to address these issues. When we apply cryptographic mechanisms to a practical system, we consider the lightweight crypto stack which contains cryptographic mechanisms, specifications for the implementation, and performance evaluation. Our approach is to apply the known method of converting Lesamnta-LW to multiple independent pseudorandom functions (PRFs) in TPMS. In our case, we generate five PRFs this way and then use one PRF for MAC generation and four for key derivation. We use the internal AES-based block cipher of Lesamnta-LW for encryption. Although we follow the NIST SP 800-108 framework of converting PRFs to key derivation functions, we confirm the significant advantage of Lesamnta-LW-based PRFs over HMAC-SHA-256 by evaluating the performance on AVR 8-bit microcontrollers, on which we consider simulating TPMS sensors. We expect that our method to achieve multiple purposes with a single cryptographic primitive will help us to reduce the total implementation cost required for TPMS security.

show abstract

Section: Perspectives From Lightweight Crypto Stackmentioning

confidence: 99%

Lightweight Crypto Stack for TPMS Using Lesamnta-LW

Watanabe

Yamamoto

Yoshida

2020

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

show abstract

“…in 2010 [1, 2], which has been specified in ISO/IEC 29192‐5:2016. Lesamnta‐LW is the successor to Lesamnta [3], which was chosen for one of the first round candidates of SHA‐3 competition. As the internal block cipher of Lesamnta‐LW, Lesamnta‐LW‐BC is based on the Advanced Encryption Standard (AES) round function and the unbalanced Feistel network with 128‐bit security.…”

Section: Introductionmentioning

confidence: 99%

Integral and impossible‐differential attacks on the reduced‐round Lesamnta‐LW‐BC

Shiba

Sakamoto

Liu

et al. 2021

IET Information Security

View full text Add to dashboard Cite

Lesamnta-LW-BC is the internal block cipher of the Lesamnta-LW lightweight hash function, specified in ISO/IEC 29192-5:2016. It is based on the unbalanced Feistel network and Advanced Encryption Standard round function. In this study, the security of Lesamnta-LW-BC against integral and impossible-differential attacks is evaluated. Specifically, the authors searched for the integral distinguishers and impossible differentials with Mixed-Integer Linear Programming-based methods. As a result, the discovered impossible differential can reach up to 21 rounds, while three integral distinguishers reaching 18, 19 and 25 rounds are obtained, respectively. Moreover, it is also feasible to construct a 47-round integral distinguisher in the known-key setting. Finally, a 20-round key-recovery attack is proposed based on the discovered 18-round integral distinguisher and a 19-round key-recovery attack using a 17-round impossible differential. To the best of the authors' knowledge, this is the first third-party cryptanalysis of Lesamnta-LW-BC.

show abstract