ECRYPT logo

Call for Stream Cipher Primitives

Version 1.3
12th April 2005

 

Introduction

The ECRYPT NoE plans to manage and co-ordinate a multi-year effort to identify new stream ciphers suitable for widespread adoption. To launch this initiative, algorithm designers are invited to submit new stream cipher proposals to the ECRYPT Stream Cipher project; more information and detailed submission requirements are provided below.

The deadline for the submission of primitives will be April 29th 2005. 

A workshop will be organised for submitters to present their primitives on 26-27th May 2005 in Denmark, right after Eurocrypt.
The website of this workshop (SKEW) can be found here.
Important notice: If you would like to present your design at the SKEW workshop, we request that submitters also send the paper describing their algorithm (essentially part B of the formal submission, cf. below) to the SKEW workshop. See the SKEW Call for papers. You should send the paper describing your design by April 30th to stvl2005@it.lth.se .

The ECRYPT NoE is not a standardisation body. Instead the ECRYPT NoE will centrally pool and manage information related to submitted stream cipher proposals. This resource will be available to developers, implementers, and researchers alike and consist of specifications, implementation information, and research results. Throughout the duration of the project, comments from industry and the results of work in the research community will be sought and compiled. At notable points during the process ECRYPT will prepare and publish updates on the progress of the submitted algorithms.

There will be two phases to the ECRYPT Stream Cipher project. The first phase will concentrate on accumulating information related to the submitted stream ciphers. At the end of the first phase, it is likely that a subset of the first phase ciphers will be advanced to the second phase. This will provide further focus to ongoing analysis within the cryptographic community. Since the goal of the project is to derive good stream ciphers, it is likely that potentially significant "tweaks" will be permitted in moving to the second phase.

ECRYPT is a Network of Excellence within the Information Societies Technology (IST) Programme of the European Commission.

Background

The cryptographic community is well served by a variety of efficient and trusted block ciphers. However the same does not seem to hold for stream ciphers. Following public discussions at the State of the Art of Stream Ciphers (SASC) Workshop in Brugge (October 14-15, 2004) the ECRYPT NoE would like to solicit stream cipher proposals suited to at least one of the stream cipher PROFILES listed below:

  1. PROFILE 1.
  2. PROFILE 2.

Some have emphasized the importance of including an authentication method and so two further profiles are also proposed:

  1. PROFILE 1A.
  2. PROFILE 2A.

REMARK: Since the first publication of this call for primitives, a paper was published by Hong and Sarkar about time-memory-data tradeoffs on eprint. These issues are certainly an interesting topic of discussion for the upcoming ECRYPT workshops.

The ECRYPT NoE will not make any formal evaluation of the submissions. Rather the ECRYPT NoE will accumulate and package together results related to submissions. Thus, it is the input of the cryptographic community at large that will point to the most suitable stream cipher from the pool.

The main evaluation criteria are likely to be long-term security, efficiency (performance), flexibility and market requirements.

Security Criteria

Implementation Criteria

Licensing Requirements

Provisional Timetable

Submission Requirements

For the ECRYPT NoE a stream cipher takes as input

For the ECRYPT NoE a stream cipher gives as output

For stream ciphers without an authentication mechanism, the required parameter values are given below.

  1. PROFILE 1.
  2. PROFILE 2.

For stream ciphers with an authentication mechanism, the required parameter values are given below.

  1. PROFILE 1A.
  2. PROFILE 2A.

The following additional information might be useful.

Formal Submission Requirements

The following are to be provided with any submission:

A. Cover sheet with the following information:

  1. Name of submitted algorithm
  2. Type of submitted algorithm, proposed security level, and proposed environment.
  3. Principal submitter's name, telephone, fax, organization, postal address, e-mail address
  4. Name(s) of auxiliary submitter(s)
  5. Name of algorithm inventor(s)/developer(s)
  6. Name of owner, if any, of the algorithm (normally expected to be the same as the submitter)
  7. Signature of submitter
  8. (optional) Backup point of contact (telephone, fax, postal address, e-mail)

B. Primitive specification and supporting documentation

  1. A complete and unambiguous description of the primitive in the most suitable forms, such as a mathematical description, a textual description with diagrams, or pseudo-code.  The specification of a primitive using code is not permitted.  Input and output should be in the form of binary strings.  For asymmetric algorithms, a method for key generation and parameter selection needs to be specified.
  2. A statement that there are no hidden weaknesses inserted by the designers.
  3. A statement of the claimed security properties and expected security level, together with an analysis of the primitive with respect to standard cryptanalytic attacks.  Weak keys should also be considered.
  4. A statement giving the strengths and advantages of the primitive.
  5. A design rationale explaining design choices.
  6. A statement of the estimated computational efficiency in software.  Estimates are required for different sub-operations like key setup, primitive setup, and encryption/decryption (as far as applicable).  The efficiency should be estimated both in cycles per byte and cycles per block, indicating the processor type and memory. If performance varies with the size of the inputs, then values for some typical sizes should be provided.  Optionally the designers may provide estimates for performance in hardware (area, speed, gate count, a description in VHDL).
  7. A description of the basic techniques for implementers to avoid implementation weaknesses.

C. Implementations and test values

  1. A reference implementation in portable C. The ECRYPT NoE specifies the following API.
  2. A sufficient number of test vectors.
  3. Optionally, an optimized implementation for some architectures, a JAVA implementation, an assembly language implementation.

D. Intellectual property statement

  1. A statement that gives the position concerning intellectual property position and the royalty policy for the primitive.
  2. This statement should include an undertaking to update the ECRYPT Stream Cipher project when necessary.

Requirements:

  1. Items A, B, and D shall be supplied in paper form and in electronic form (Adobe PDF or PostScript).
  2. Item C shall be supplied in electronic form only.
  3. Item A, B, C and D shall be clearly labelled and supplied on one CD.  The CD shall contain an ASCII file labeled "README", that lists all files included on the CD and provides a brief description of the content of each file.
  4. All submissions must be in English.
  5. Designers cannot ask for their design to remain secret, as ECRYPT intends public evaluation of the designs.
  6. Submissions should be sent to the following address:
  7. Submissions should arrive on or before 29th April 2005. An acknowledgment of receipt will be sent by email and also regular mail if requested.

Further Information

Email: streamciphercall@ecrypt.eu.org.
Website: http://www.ecrypt.eu.org.