Abstract
Dragon is a word-based stream cipher. It was submitted to the eSTREAM project in 2005 and has advanced to Phase 3 of the software profile. This paper discusses the Dragon cipher from three perspectives: design, security analysis and implementation. The design of the cipher incorporates a single word-based non-linear feedback shift register and a non-linear filter function with memory. This state is initialized with 128- or 256-bit key-IV pairs. Each clock of the stream cipher produces 64 bits of keystream, using simple operations on 32-bit words. This provides the cipher with a high degree of efficiency in a wide variety of environments, making it highly competitive relative to other symmetric ciphers. The components of Dragon were designed to resist all known attacks. Although the design has been open to public scrutiny for several years, the only published attacks to date are distinguishing attacks which require keystream lengths greatly exceeding the stated 264 bit maximum permitted keystream length for a single key-IV pair.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Adams, C.: Designing Against the ‘Overdefined System of Equations’ Attack (May 2004), http://eprint.iacr.org/2004/110/
Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., Tokita, T.: Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 39–56. Springer, Heidelberg (2001)
Biryukov, A., Shamir, A.: Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 1–13. Springer, Heidelberg (2000)
Chambers, W.: On Random Mappings and Random Permutations. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 22–28. Springer, Heidelberg (1995)
Chen, K., Millan, W., Fuller, J., Simpson, L., Dawson, E., Lee, H., Moon, S.: Dragon: A Fast Word Based Stream Cipher. In: Park, C.-s., Chee, S. (eds.) ICISC 2004. LNCS, vol. 3506, pp. 33–50. Springer, Heidelberg (2005), http://www.ecrypt.eu.org/stream/dragonp3.html
Cho, J., Pieprzyk, J.: An improved distinguisher for Dragon (Date accessed: September 28, 2007), http://eprint.iacr.org/2007/108.pdf
Coppersmith, D., Halevi, S., Jutla, C.: Cryptanalysis of Stream Ciphers with Linear Masking. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 515–532. Springer, Heidelberg (2002)
Courtois, N.: Higher Order Correlation Attacks, XL Algorithm and Cryptanalysis of Toyocrypt. In: Lee, P., Lim, C. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 182–199. Springer, Heidelberg (2003)
Courtois, N., Pieprzyk, J.: Cryptanalysis of Block Ciphers with Overdefined Systems of Equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267–287. Springer, Heidelberg (2002)
Dawson, E., Clark, A., Gustafson, G., May, L.: CRYPT-X 1998 User Manual (1999)
Englund, H., Maximov, A.: Attack the Dragon. ECRYPT eSTREAM submission (submitted, September 2005), http://www.ecrypt.eu.org/stream/papersdir/062.pdf
eSTREAM, the ECRYPT Stream Cipher Project, http://www.ecrypt.eu.org/stream
Fuller, J., Millan, W.: Linear Redundancy in S-Boxes. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 74–86. Springer, Heidelberg (2003)
Hawkes, P., Rose, G.: Guess-and-Determine Attacks on SNOW. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 37–46. Springer, Heidelberg (2003)
Kam, J., Davida, G.: Structured Design of Substitution-Permutation Encryption Networks. IEEE Transactions on Computers 28(10), 747–753 (1979)
Lee, H., Moon, S.: Parallel Stream Cipher for Secure High-Speed Communications. Signal Processing 82(2), 137–143 (2002)
Meier, W., Pasalic, E., Carlet, C.: Algebraic Attacks and Decomposition of Boolean Functions. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 474–491. Springer, Heidelberg (2004)
Millan, W., Fuller, J., Dawson, E.: New Concepts in Evolutionary Search for Boolean Functions in Cryptology. In: The 2003 Congress on Evolutionary Computation, 2003. CEC 2003, vol. 3, pp. 2157–2164. IEEE, Los Alamitos (2003)
National Institute of Standards and Technology. Federal Information Processing Standards Publication 197 (2001)
Rose, G., Hawkes, P.: Turing: A Fast Stream Cipher. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 290–306. Springer, Heidelberg (2003)
Seberry, J., Zhang, X., Zheng, Y.: Nonlinearly Balanced Boolean Functions and Their Propagation Characteristics. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 49–60. Springer, Heidelberg (1994)
Siegenthaler, T.: Correlation Immunity of Nonlinear Combining Functions for Cryptographic Applications. IEEE Transactions on Information Theory 30(5), 776–780 (1984)
Watanabe, D., Furuya, S., Yoshida, H., Takaragi, K., Preneel, B.: A New Keystream Generator MUGI. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 179–194. Springer, Heidelberg (2002)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Dawson, E., Henricksen, M., Simpson, L. (2008). The Dragon Stream Cipher: Design, Analysis, and Implementation Issues. In: Robshaw, M., Billet, O. (eds) New Stream Cipher Designs. Lecture Notes in Computer Science, vol 4986. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-68351-3_3
Download citation
DOI: https://doi.org/10.1007/978-3-540-68351-3_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68350-6
Online ISBN: 978-3-540-68351-3
eBook Packages: Computer ScienceComputer Science (R0)