The QARMA Block Cipher Family. Almost MDS Matrices Over Rings With Zero Divisors, Nearly Symmetric Even-Mansour Constructions With Non-Involutory Central Rounds, and Search Heuristics for Low-Latency S-Boxes
This paper introduces QARMA, a new family of lightweight tweakable block ciphers targeted at applications such as memory encryption, the generation of very short tags for hardware-assisted prevention of software exploitation, and the construction of keyed hash functions. QARMA is inspired by reflect...
Saved in:
| Published in | IACR Transactions on Symmetric Cryptology pp. 4 - 44 |
|---|---|
| Main Author | |
| Format | Journal Article |
| Language | English |
| Published |
Ruhr-Universität Bochum
01.03.2017
|
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | This paper introduces QARMA, a new family of lightweight tweakable block ciphers targeted at applications such as memory encryption, the generation of very short tags for hardware-assisted prevention of software exploitation, and the construction of keyed hash functions. QARMA is inspired by reflection ciphers such as PRINCE, to which it adds a tweaking input, and MANTIS. However, QARMA differs from previous reflector constructions in that it is a three-round Even-Mansour scheme instead of a FX-construction, and its middle permutation is non-involutory and keyed. We introduce and analyse a family of Almost MDS matrices defined over a ring with zero divisors that allows us to encode rotations in its operation while maintaining the minimal latency associated to {0, 1}-matrices. The purpose of all these design choices is to harden the cipher against various classes of attacks. We also describe new S-Box search heuristics aimed at minimising the critical path. QARMA exists in 64- and 128-bit block sizes, where block and tweak size are equal, and keys are twice as long as the blocks. We argue that QARMA provides sufficient security margins within the constraints determined by the mentioned applications, while still achieving best-in-class latency. Implementation results on a state-of-the art manufacturing process are reported. Finally, we propose a technique to extend the length of the tweak by using, for instance, a universal hash function, which can also be used to strengthen the security of QARMA. |
|---|---|
| AbstractList | This paper introduces QARMA, a new family of lightweight tweakable block ciphers targeted at applications such as memory encryption, the generation of very short tags for hardware-assisted prevention of software exploitation, and the construction of keyed hash functions. QARMA is inspired by reflection ciphers such as PRINCE, to which it adds a tweaking input, and MANTIS. However, QARMA differs from previous reflector constructions in that it is a three-round Even-Mansour scheme instead of a FX-construction, and its middle permutation is non-involutory and keyed. We introduce and analyse a family of Almost MDS matrices defined over a ring with zero divisors that allows us to encode rotations in its operation while maintaining the minimal latency associated to {0, 1}-matrices. The purpose of all these design choices is to harden the cipher against various classes of attacks. We also describe new S-Box search heuristics aimed at minimising the critical path. QARMA exists in 64- and 128-bit block sizes, where block and tweak size are equal, and keys are twice as long as the blocks. We argue that QARMA provides sufficient security margins within the constraints determined by the mentioned applications, while still achieving best-in-class latency. Implementation results on a state-of-the art manufacturing process are reported. Finally, we propose a technique to extend the length of the tweak by using, for instance, a universal hash function, which can also be used to strengthen the security of QARMA. |
| Author | Roberto Avanzi |
| Author_xml | – sequence: 1 fullname: Roberto Avanzi organization: Qualcomm Product Security, Munich |
| BookMark | eNotkN1u1DAQhSMEEqX0CbiZByAh_skmudymfyvttmK3CMRN5NiTrktiV7YTyFPySjUt0kgzGs35zuh8SN4aazBJPpE8I4wU_EuwXmYzzUmZaZLxlPM3yQktSJ2Skv14n5x5_5jnOa1qtuL1SfL3_ojwdb3freF8sPIXNPrpiA6uxKiHJYP1MFofYHdxgJ0ITkv0cDfHg702Dx6-63CEn-gsXOhZe-v8Z7hF4YYFDss44j8FXM5o0p0w3k4OGmt8cJMMOg6v-ltr0o2Z7TAF6xZo0AQnBtjbyajIE0bBITLlEW5wctoHLT301sHW_k63IqCR0S49t3_Qf0ze9WLwePa_nybfri7vm5t0e3e9adbbVJGChFQyUkrOKyakQipjGkjVinVC8bLkknZVGUPrFRG0I9iznscSBeG8YzXvkJ0mm1eusuKxfXJ6FG5prdDty8K6h1a4-OiALVW5olVV57TLo2NelaLjEmvV92TFVwV7BsPvjUU |
| ContentType | Journal Article |
| DBID | DOA |
| DOI | 10.13154/tosc.v2017.i1.4-44 |
| DatabaseName | DOAJ Directory of Open Access Journals |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: DOA name: DOAJ Directory of Open Access Journals url: https://www.doaj.org/ sourceTypes: Open Website |
| DeliveryMethod | fulltext_linktorsrc |
| EISSN | 2519-173X |
| EndPage | 44 |
| ExternalDocumentID | oai_doaj_org_article_2d0d288902b0483087ab4ce9dff16465 |
| GroupedDBID | ADBBV ALMA_UNASSIGNED_HOLDINGS BCNDV GROUPED_DOAJ |
| ID | FETCH-LOGICAL-d151t-c317c4483acde2c893e2d63bad4774c2b87251fd1a2b1ef3f43f4a5144b394be3 |
| IEDL.DBID | DOA |
| IngestDate | Wed Aug 27 01:29:12 EDT 2025 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-d151t-c317c4483acde2c893e2d63bad4774c2b87251fd1a2b1ef3f43f4a5144b394be3 |
| OpenAccessLink | https://doaj.org/article/2d0d288902b0483087ab4ce9dff16465 |
| PageCount | 41 |
| ParticipantIDs | doaj_primary_oai_doaj_org_article_2d0d288902b0483087ab4ce9dff16465 |
| PublicationCentury | 2000 |
| PublicationDate | 2017-03-01 |
| PublicationDateYYYYMMDD | 2017-03-01 |
| PublicationDate_xml | – month: 03 year: 2017 text: 2017-03-01 day: 01 |
| PublicationDecade | 2010 |
| PublicationTitle | IACR Transactions on Symmetric Cryptology |
| PublicationYear | 2017 |
| Publisher | Ruhr-Universität Bochum |
| Publisher_xml | – name: Ruhr-Universität Bochum |
| SSID | ssj0002893649 |
| Score | 2.4207695 |
| Snippet | This paper introduces QARMA, a new family of lightweight tweakable block ciphers targeted at applications such as memory encryption, the generation of very... |
| SourceID | doaj |
| SourceType | Open Website |
| StartPage | 4 |
| SubjectTerms | Almost MDS Matrices Even-Mansour Schemes Memory Encryption Pointer Authentication Reflection Ciphers S-Box Search Heuristics Short Hashes Tweak Extension Tweak Masking Tweakable Block Ciphers |
| Title | The QARMA Block Cipher Family. Almost MDS Matrices Over Rings With Zero Divisors, Nearly Symmetric Even-Mansour Constructions With Non-Involutory Central Rounds, and Search Heuristics for Low-Latency S-Boxes |
| URI | https://doaj.org/article/2d0d288902b0483087ab4ce9dff16465 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrZ1LT9tAEMdXiBOXClRQaaGaQ49siL0TxzkmPBQQTtUAAvUS7VMNEBth8_qU_UrM2EaCExckywdLXq9mVjv_2V3_RohfJnKYIvYkxpZuDMHUmBoZxQHR04Q4MJwoZpNkfI7Hl73LN6W--ExYgwduDLcbu66LU94NM0w_76Z9bdD6gQuB0Vg1vZRi3ptk6qrZPlMJDlrMkCKdsFsVpe08ULzrd-ZRByXiO0x_HU8OV8WXVgjCsOnAmljy-Vfxn7wGf4bTbAgjijLXsDfn3_6hKU_RgeHNoigryPZPIavZ-r6E3zQYYcoL3nAxr_7BX39XwP78gbGa5Q5MPCOM4fR5seDiWRYOaHqTGUUo6gFwvc5Xgmz7_qTI5VHOsxbvv0O7_AtTrr9E7encQXNGGcb-vuU8A0lfOCke5YlmDU6fk6PiyZfr4vzw4GxvLNuSC9JR6K-kJTlhKWNT2jofW7Kij12ijHZIOtHGJu2TIAou0rGJfFAB6dIkutCoARqvNsRyXuT-mwD0ygTd7fnQ06j7CeV1zF6MgkmUTl2yKUZs_dltQ9WYMee6fkDen7Xen33k_e-f0cgPscLDojlZtiWWyex-m6RGZX7Wo-oFLQ_Tyw |
| linkProvider | Directory of Open Access Journals |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=The+QARMA+Block+Cipher+Family.+Almost+MDS+Matrices+Over+Rings+With+Zero+Divisors%2C+Nearly+Symmetric+Even-Mansour+Constructions+With+Non-Involutory+Central+Rounds%2C+and+Search+Heuristics+for+Low-Latency+S-Boxes&rft.jtitle=IACR+Transactions+on+Symmetric+Cryptology&rft.au=Roberto+Avanzi&rft.date=2017-03-01&rft.pub=Ruhr-Universit%C3%A4t+Bochum&rft.eissn=2519-173X&rft.spage=4&rft.epage=44&rft_id=info:doi/10.13154%2Ftosc.v2017.i1.4-44&rft.externalDBID=DOA&rft.externalDocID=oai_doaj_org_article_2d0d288902b0483087ab4ce9dff16465 |