logo

SCIENCE CHINA Information Sciences, Volume 63 , Issue 12 : 220301(2020) https://doi.org/10.1007/s11432-019-2907-4

An overview of cryptographic primitives for possible use in 5G and beyond

More info
  • ReceivedDec 9, 2019
  • AcceptedMay 11, 2020
  • PublishedNov 11, 2020

Abstract


Acknowledgment

This work was in part financially supported by Swedish Foundation for Strategic Research (Grant No. RIT17-0005), and ELLIIT Research Program. The author Jing YANG is also supported by the scholarship from National Digital Switching System Engineering and Technological Research Center, China. We would like to thank all anonymous reviewers for providing valuable comments to the manuscript.


References

[1] ITU-R. Recommendation ITU-R M. 2083-0: IMT Vision ramework and overall objectives of the future development of IMT for 2020 and beyond. 2015. Google Scholar

[2] ITU. Minimum requirements related to technical performance for IMT 020 radio interface. 2017. Google Scholar

[3] Security architecture (Release 16). 2019-12. Google Scholar

[4] Huawei, Heavy Reading. Cloud RAN & the Next-Generation Mobile Network Architecture. White Paper, 2017. Google Scholar

[5] Stage 2 (Release 16). 2019-12. Google Scholar

[6] Generic Bootstrapping Architecture (GBA) (Release 16). 2019-09. Google Scholar

[7] Security architecture and procedures for 5G system (Release 16). 2019-12. Google Scholar

[8] Study on the support of 256-bit algorithms for 5G (Release 16). 2019-03. Google Scholar

[9] Numbering, addressing and identification (Release 16). 2019-12. Google Scholar

[10] Huawei. Partnering with the Industry for 5G Security Assurance. White Paper, 2019. https://www-file.huawei.com/-/media/corporate/pdf/trust-center/huawei-5g-security-white-paper-4th.pdf. Google Scholar

[11] Jing Y, Thomas J, Alexander M. Vectorized linear approximations for attacks on SNOW 3G. In: Proceedings of the 27th Annual Fast Software Encryption Conference, 2020. Google Scholar

[12] Jing Y, Thomas J, Alexander M. Spectral analysis of ZUC-256. In: Proceedings of the 27th Annual Fast Software Encryption Conference, 2020. Google Scholar

[13] Patrik E, Thomas J, Maximov A, et al. A new SNOW stream cipher called SNOW-V. IACR Transactions on Symmetric Cryptology, 2019, 20: 1-42. Google Scholar

[14] ZUC Design Team. The ZUC-256 Stream Cipher. 2018. http://www.is.cas.cn/ztzl2016/zouchongzhi/201801/W020180126529970733243.pdf. Google Scholar

[15] NIST. Announcing the advanced encryption standard (AES). Federal Information Processing Standards Publication, 2001, 197: 1-51. Google Scholar

[16] International Organization for Standardization. (2012). Information technology - Security techniques - Lightweight cryptography - Part 2: Block ciphers (ISO/IEC 29192-2:2012). Google Scholar

[17] International Organization for Standardization. (2012). Information technology - Security techniques - Lightweight cryptography - Part 3: Stream ciphers (ISO/IEC 29192-3:2012). Google Scholar

[18] International Organization for Standardization. (2016). Information technology - Security techniques - Lightweight cryptography - Part 5: Hash-functions (ISO/IEC 29192-5:2016). Google Scholar

[19] International Organization for Standardization. (2013). Information technology - Security techniques - Lightweight cryptography - Part 4: Mechanisms using asymmetric techniques (ISO/IEC 29192-4:2013). Google Scholar

[20] CRYPTREC Lightweight Cryptography Working Group. CRYPTREC Cryptographic Technology Guideline (Lightweight Cryptography). 2017. https://www.cryptrec.go.jp/report/cryptrec-gl-2003-2016en.pdf. Google Scholar

[21] Alex B, Léo P. State of the art in lightweight symmetric cryptography. IACR Cryptology ePrint Archive, 2017. https://www.semanticscholar.org/paper/State-of-the-Art-in-Lightweight-Symmetric-Biryukov-Perrin/532441547d905feae7a65f635594585c96d2987b. Google Scholar

[22] Nicholas J H, Manuel B. Secure human identification protocols. In: Proceedings of International Conference on the Theory and Application of Cryptology and Information Security. Berlin: Springer, 2001. 52--66. Google Scholar

[23] Ari J, Stephen A W. Authenticating pervasive devices with human protocols. In: Proceedings of Annual International Cryptology Conference. Berlin: Springer, 2005. 293--308. Google Scholar

[24] Julien B, Herv C, Emmanuelle D. HB+: a lightweight authentication protocol secure against some attacks. In: Proceedings of the 2nd International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing, 2006. 28--33. Google Scholar

[25] Stefan H, Eike K, Vadim L, et al. Lapin: an efficient authentication protocol based on ring-LPN. In: Proceedings of International Workshop on Fast Software Encryption, Berlin: Springer, 2012. 346--365. Google Scholar

[26] Frederik A, Matthias H, Vasily M. Lightweight authentication protocols on ultra-constrained RFIDs - myths and facts. In: Radio Frequency Identification: Security and Privacy Issues. Cham: Springer, 2015. 1--18. Google Scholar

[27] Buchanan W J, Li S, Asif R. Lightweight cryptography methods. J Cyber Security Tech, 2017, 1: 187-201 CrossRef Google Scholar

[28] Markku-Juhani O S. Ring-LWE ciphertext compression and error correction: tools for lightweight post-quantum cryptography. In: Proceedings of the 3rd ACM International Workshop on IoT Privacy, Trust, and Security, 2017. 15--22. Google Scholar

[29] SECG. SEC 1: Recommended Elliptic Curve Cryptography (Version 2.0). 2009. http://www.secg.org/sec1-v2.pdf. Google Scholar

[30] SECG. SEC 2: Recommended Elliptic Curve Domain Parameters (Version 2.0). 2010. http://www.secg.org/sec2-v2.pdf. Google Scholar

[31] Adam L, Mike M, Sean T. Elliptic Curves for Security. IETF RFC 7748, 2016. https://www.rfc-editor.org/info/rfc7748. Google Scholar

[32] Hugo K, Mihir B, Ran C. HMAC: keyed-hashing for message authentication. IETF RFC 2104, 1997. https://www.rfc-editor.org/rfc/pdfrfc/rfc2104.txt.pdf. Google Scholar

[33] International Organization for Standardization. (2004). Information Technology -Security techniques - Hash-functions -- Part 3: Dedicated hash-functions (ISO/IEC 10118-3:2004). Google Scholar

[34] ETSI SAGE. S3-200929: Observations and questions on 256-bit security goals (document for: information, discussion). 2020. https://www.3gpp.org/FTP/tsg_sa/WG3_Security/TSGS3_99e/Docs. Google Scholar

[35] ETSI SAGE. S3-190107: Expectations and requirements for 256-bit algorithms (document for: information, discussion). 2019. https://www.3gpp.org/DynaReport/TDocExMtg--S3-94--33863.htm. Google Scholar

[36] ETSI SAGE. S3-194534: 256-bit algorithm candidates (document for: information, discussion). 2019. https://www.3gpp.org/ftp/meetings_3gpp_sync/SA3/Docs/. Google Scholar

[37] Rei U, Sumio M, Naofumi H, et al. A high throughput/gate aes hardware architecture by compressing encryption and decryption datapaths toward efficient cbc-mode implementation. Cryptology ePrint Archive, Report 2016/595, 2016. https://eprint.iacr.org/2016/595. Google Scholar

[38] Andrey B, Dmitry K, Christian R. Biclique cryptanalysis of the full AES. In: Proceedings of International Conference on the Theory and Application of Cryptology and Information Security. Berlin: Springer, 2011. Google Scholar

[39] Sen Gupta S, Chattopadhyay A, Khalid A. Designing integrated accelerator for stream ciphers with structural similarities. Cryptogr Commun, 2013, 5: 19-47 CrossRef Google Scholar

[40] Roberto A, Billy B B. Faster 128-EEA3 and 128-EIA3 software. In: Proceedings of the 16th International Conference on Information Security, Cham: Springer, 2015. 199--208. Google Scholar

[41] Zongbin L, Qinglong Z, Cunqing M, et al. HPAZ: a high-throughput pipeline architecture of ZUC in hardware. 2016 Design, Automation & Test in Europe Conference & Exhibition (DATE), IEEE, 2016. 269--272. Google Scholar

[42] ETSI/SAGE. Specification of the 3GPP confidentiality and integrity algorithms UEA2 & UIA2, document 2: SNOW 3G specification (version 1.1). 2006. Google Scholar

[43] Carlos C, Matthew D, Sean M. A Security Evaluation of the SNOW-V Stream Cipher. Jan 2020, Private Correspondence. Google Scholar

[44] Lin J, Yongqiang L, Yonglin H. A Guess-And-Determine Attack On SNOW-V Stream Cipher. The Computer Journal, 2020. Google Scholar

[45] ETSI/SAGE. Specification of the 3GPP confidentiality and integrity algorithms 128-EEA3 & 128-EIA3, document 2: ZUC specification. 2011. Google Scholar

[46] Guang G. Securing Internet-of-Things. In: Proceedings of International Symposium on Foundations and Practice of Security. Berlin: Springer, 2018. 3--16. Google Scholar

[47] Andrey B, Lars R K, Gregor L, et al. PRESENT: an ultra-lightweight block cipher. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2007. 450--466. Google Scholar

[48] Shirai T, Kyoji S, Toru A, et al. The 128-bit blockcipher CLEFIA. In: Proceedings of International Workshop on Fast Software Encryption. Berlin: Springer, 2007. 181--195. Google Scholar

[49] Christophe D C. Trivium: a stream cipher construction inspired by block cipher design principles. In: Proceedings of International Conference on Information Security, Berlin: Springer, 2006. Google Scholar

[50] Dai W, Kota I, Jun K, et al. Enocoro-80: a hardware oriented stream cipher. In: Proceedings of the 3rd International Conference on Availability, Reliability and Security, Barcelona, 2008. 1294--1300. Google Scholar

[51] Guo J, Peyrin T, Poschmann A. The PHOTON family of lightweight hash functions family. In: Proceedings of Advances in Cryptology-Crypto. Berlin: Springer, 2011. 222--239. Google Scholar

[52] Bogdanov A, Knevzević M, Leander G, et al. SPONGENT: the design space of lightweight cryptographic hashing. IEEE Transactions on Computers, 2012, 62(10): 2041-2053. Google Scholar

[53] Hirose S, Ideguchi K, Kuwakado H, et al. A lightweight 256-bit hash function for hardware and low-end devices: Lesamnta-LW. In: Proceedings of International Conference on Information Security and Cryptology. Berlin: Springer, 2011. 151--168. Google Scholar

[54] ?gren M, Hell M, Johansson T. Grain-128a: a new version of Grain-128 with optional authentication. IJWMC, 2011, 5: 48-59 CrossRef Google Scholar

[55] Mitsuru M. New block encryption algorithm MISTY. In: Proceedings of International Workshop on Fast Software Encryption. Berlin: Springer, 1997. Google Scholar

[56] Deukjo H, Jaechul S, Seokhie H, et al. HIGHT: a new block cipher suitable for low-resource device. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2006. Google Scholar

[57] Mar'ıa N P. Lightweight cryptography. In: Proceedings of Summer School on Real-world Crypto and Privacy, Sibenik, 2018.. Google Scholar

[58] Frederik A, Vasily M. On lightweight stream ciphers with shorter internal states. In: Proceedings of International Workshop on Fast Software Encryption. Berlin: Springer, 2015. Google Scholar

[59] Martin H, Thomas J, Meier W, et al. Grain-128AEAD-A lightweight AEAD stream cipher. NIST Lightweight Cryptography project, Round 2. Google Scholar

[60] Jonathan S, Martin H, Mattias S, et al. Efficient hardware implementations of Grain-128AEAD. In: Proceedings of International Conference on Cryptology in India. Cham: Springer, 2019. 495--513. Google Scholar

[61] Eisenbarth T, Kumar S, Paar C, et al. A survey of lightweight-cryptography implementations. IEEE Design & Test of Computers, 2007, 24(6): 522-533. Google Scholar

[62] Éric L, Pirre-Alain F. An improved LPN algorithm. In: Proceedings of International Conference on Security and Cryptography for Networks. Berlin: Springer, 2006. 348--359. Google Scholar

[63] Jonathan K, Ji S S. Parallel and concurrent security of the HB and HB+ protocols. In: Proceedings of Annual International Conference on the Theory and Applications of Cryptographic Techniques. Berlin: Springer, 2006. 73--87. Google Scholar

[64] Katz J, Shin J S, Smith A. Parallel and Concurrent Security of the HB and HB+ Protocols. J Cryptol, 2010, 23: 402-421 CrossRef Google Scholar

[65] Martin F, Sandra D, and Johannes W. Strong authentication for RFID systems using the AES algorithm. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2004. 357--370. Google Scholar

[66] Lily Chen, Stephen J, Yi-Kai L, et al. Report on post-quantum cryptography (NISTIR 8105). 2016. https://nvlpubs.nist.gov/nistpubs/ir/2016/nist.ir.8105.pdf. Google Scholar

[67] Xianhui L, Yamin L, Dingding J, et al. LAC. 2019. https://csrc.nist.gov/Projects/~Post-Quantum-Cryptography/Round-2-Submissions. Google Scholar

[68] Tim G, Tobias O. Towards lightweight Identity-Based Encryption for the post-quantum-secure Internet of Things. In: Proceedings of 2017 18th International Symposium on Quality Electronic Design (ISQED), 2017. 319--324. Google Scholar

[69] NIST Post-Quantum Cryptography Standardization https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Post-Quantum-Cryptography-Standardization. Google Scholar

[70] Hugo K, Pasi E. HMAC-based Extract-and-Expand Key Derivation Function (HKDF). IETF RFC 5869, 2010. https://www.rfc-editor.org/info/rfc5869. Google Scholar

  • Figure 1

    5G system architecture.

  • Figure 3

    The authentication procedure of 5G-AKA.

  • Figure 4

    The authentication procedure of EAP-AKA$'$.

  • Figure 6

    The overall schematic of AES-256.

  • Figure 7

    The keystream generation phase of the SNOW 3G cipher.

  • Figure 8

    The keystream generation phase of the SNOW-V cipher.

  • Figure 9

    The keystream generation phase of the ZUC-256 cipher.

  • Table 11  

    Table 1Table 1

    Summary of main acronyms

  • Table 2  

    Table 2Summary of some references

    Aspect References Main contribution
    5G Security [5] 3GPP specification of system architecture for 5G
    [6] 3GPP specification, describes the security features and mechanisms to bootstrap authentication and key agreement for application security
    [7] 3GPP specification of the security architecture, i.e., the security features, security mechanisms and the security procedures
    [8] 3GPP specification, specifies the need for cryptographic algorithms with the 256-bit security level
    [9] 3GPP specification, defines the principal purpose and use of different naming, numbering, addressing and identification resources
    [4,10] Huawei whitepapers about 5G architecture and security
    5G confidentiality and [11] Proposes an attack on SNOW 3G with complexity $2^{177}$
    integrity protection[12] Proposes an attack on ZUC with complexity $2^{236}$
    SNOW-V [13] Proposes a new algorithm SNOW-V for 5G use
    ZUC-256 [14] Specifies the 256-bit version of ZUC
    AES [15] Specifies the AES algorithm
    LWC [16-19] ISO/IEC standards for lightweight block ciphers, stream ciphers, hash functions, and asymmetric mechanisms
    [20] Japan CRYPTREC guideline for lightweight cryptography
    [27] Outlines some techniques that are defined as replacements for conventional cryptography; discusses some trends in the design of lightweight algorithms
    [21] Identifies several trends in the design of lightweight algorithms; discusses more general trade-offs facing the authors
    Post-quantum LWC [22-24] Respectively specifiesHB, HB$^+$, HB$^{++}$ protocols
    [25] Specifies the Lapin protocol
    [26] Extended protocols of HB protocols and their applicability in practice
    [28] Lightweight schemes based on LWE
  • Table 3  

    Table 3Some performance results of AES-256, SNOW 3G, SNOW-V, and ZUC-256$^{\rm~a)}$

    Ciphers Software Env. (plaintext sizes)Hardware implementationAttacks
    4096 2048 1024256AreaThroughput
    AES-256 34.16[13] 32.9430.9522.67 17232 GEs[37] 50.85[37] $2^{254.4}$[38]
    SNOW 3G (256-bit) 8.89[13] 8.50 7.815.38 18100 GEs[39] 52.8 [39] $2^{177}$[11]
    SNOW-V (256-bit)54.60[13] 50.70 45.2826.37 13041 GEs[13] 358[13] $2^{256}$[13]
    ZUC-2563.50[40] 3.39 3.172.29 12500 GEs[41]80[41]$2^{236}$[12]

    a) The implementations are under different platforms or resources and it is unreasonable to compare them directly according to the figures shown here. We refer to the given references for more details. Columns 2–5 are the throughput under different plaintext sizes: all throughput is measured in Gbps and plaintext sizes are in bytes.