SNOW
{{Short description|Family of stream ciphers}}
{{about|the stream cipher|the MI5 agent|Arthur Owens|other uses|Snow (disambiguation)}}
SNOW is a family of word-based synchronous stream ciphers developed by Thomas Johansson and Patrik Ekdahl at Lund University.
They have a 512-bit linear feedback shift register at their core, followed by a non-linear output state machine with a few additional words of state.
SNOW 1.0, SNOW 2.0, and SNOW 3G use a shift register of 16 32-bit words, and a 32-bit add-rotate-XOR (ARX) output transformation with 2 or 3 words of state. Each iteration advances the shift register by 32 bits and produces 32 bits of output.
SNOW-V and SNOW-Vi use a shift register of 32 16-bit words (designed to be implemented as 4 128-bit SIMD registers) which is advanced by 16 bits per iteration. 8 LFSR iterations can be performed simultaneously using SIMD operations, after which one output transformation step is performed, producing 128 bits of output. The output transformation uses the Advanced Encryption Standard (AES) round function (commonly implemented in hardware on recent processors), and maintains 2 additional 128-bit words of state.
History
SNOW 1.0, originally simply SNOW, was submitted to the NESSIE project.{{cite conference
|first1=Patrik |last1=Ekdahl |first2=Thomas |last2=Johansson
|title=SNOW - a new stream cipher
|conference=First NESSIE Workshop |location=Heverlee, Belgium
|year=2000
|url=http://www.madchat.fr/crypto/hash-lib-algo/snow/snow10.pdf
|access-date=2024-05-15
}} The cipher has no known intellectual property or other restrictions. The cipher works on 32-bit words and supports both 128- and 256-bit keys. The cipher consists of a combination of a LFSR and a finite-state machine (FSM) where the LFSR also feeds the next state function of the FSM. The cipher has a short initialization phase and very good performance on both 32-bit processors and in hardware.
During the evaluation, weaknesses were discovered and as a result, SNOW was not included in the NESSIE suite of algorithms. The authors have developed a new version, version 2.0 of the cipher, that solves the weaknesses and improves the performance.{{cite conference
|first1=Patrik |last1=Ekdahl |first2=Thomas |last2=Johansson
|title=A New Version of the Stream Cipher SNOW
|conference=Selected Areas in Cryptography: 9th Annual International Workshop |location=St. John's, Newfoundland |date=August 2002
|url=https://typeset.io/pdf/a-new-version-of-the-stream-cipher-snow-f60zcs5mt3.pdf
|access-date=2024-05-15
|doi=10.1007/3-540-36492-7_5
|citeseerx=10.1.1.7.4280
}}
During ETSI SAGE evaluation, the design was further modified to increase its resistance against algebraic attacks with the result named SNOW 3G.[http://www.gsma.com/aboutus/wp-content/uploads/2014/12/uea2designevaluation.pdf UEA2 Design and Evaluation Report]
It has been found that related keys exist both for SNOW 2.0 and SNOW 3G,{{cite web
|url=https://users.encs.concordia.ca/~youssef/Publications/Papers/On%20the%20Sliding%20Property%20of%20SNOW%203G%20and%20SNOW.pdf
|title=On the Sliding Property of SNOW 3G and SNOW 2.0
|last1=Kircanski |first1=Aleksandar |last2=Youssef |first2=Amr
|date=15 April 2012
|accessdate=19 October 2021
}} allowing attacks against SNOW 2.0 in the related-key model.
Use
SNOW has been used in the ESTREAM project as a reference cipher for the performance evaluation.
SNOW 2.0 is one out of stream ciphers chosen for ISO/IEC standard ISO/IEC 18033-4.{{Cite web|url=https://www.iso.org/standard/54532.html|title=ISO/IEC 18033-4:2011 Information technology — Security techniques — Encryption algorithms — Part 4: Stream ciphers|publisher=ISO|access-date=30 October 2020}}
SNOW 3G{{cite web|url=https://www.gsma.com/aboutus/wp-content/uploads/2014/12/snow3gspec.pdf|title=Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2. Document 2: SNOW 3G Specification|website=www.gsma.com|date=6 September 2006|access-date=13 October 2017}} is chosen as the stream cipher for the 3GPP encryption algorithms UEA2 and UIA2.{{cite web|url=http://www.quintillion.co.jp/3GPP/Specs/etsi_sage_doc1_v1_1.pdf|title=Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2. Document 1: UEA2 and UIA2 Specification|website=www.quintillion.co.jp|access-date=30 October 2020|url-status=dead|archive-url=https://web.archive.org/web/20120319194406/http://www.quintillion.co.jp/3GPP/Specs/etsi_sage_doc1_v1_1.pdf|archive-date=19 March 2012}}
SNOW-V was an extensive redesign published in 2019,{{cite journal
|title=A new SNOW stream cipher called SNOW-V
|first1=Patrik |last1=Ekdahl |first2=Thomas |last2=Johansson
|first3=Alexander |last3=Maximov |first4=Jing |last4=Yang
|journal=IACR Transactions on Symmetric Cryptology
|volume=2019 |issue=3 |pages=1–42
|date=September 2019
|doi=10.13154/tosc.v2019.i3.1-42
|url=https://tosc.iacr.org/index.php/ToSC/article/view/8356
}} designed to match 5G cellular network speeds by generating 128 bits of output per iteration. SNOW-Vi{{cite conference
|title=SNOW-Vi: an extreme performance variant of SNOW-V for lower grade CPUs
|first1=Patrik |last1=Ekdahl |first2=Thomas |last2=Johansson
|first3=Alexander |last3=Maximov |first4=Jing |last4=Yang
|conference=14th ACM Conference on Security and Privacy in Wireless and Mobile Networks
|date=June 2021
|doi=10.1145/3448300.3467829
|url=https://eprint.iacr.org/2021/236
|url-access=subscription}} was tweaked for even higher speed using small changes to the LFSR; the output transformation is identical.
Sources
{{Reflist}}
External links
- [https://www.eit.lth.se/index.php?gpuid=90&L=1 The Lund Crypto and Security group website]
{{Cryptography navbox | stream}}