{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,30]],"date-time":"2025-07-30T17:04:53Z","timestamp":1753895093501,"version":"3.41.2"},"reference-count":29,"publisher":"International Association for Cryptologic Research","issue":"4","license":[{"start":{"date-parts":[[2024,10,8]],"date-time":"2024-10-08T00:00:00Z","timestamp":1728345600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IACR CiC"],"accepted":{"date-parts":[[2024,12,3]]},"abstract":"In recent years, there has been a growing interest in low-latency ciphers. Since the first low-latency block cipher PRINCE was proposed at ASIACRYPT 2012, many low-latency primitives sprung up, such as Midori, MANTIS, QARMA and SPEEDY. Some ciphers, like SPEEDY and Orthros, introduce bit permutations to achieve reduced delay. However, this approach poses a challenge in evaluating the resistance against some cryptanalysis, especially differential and linear attacks. SPEEDY-7-192, was fully broken by Boura et.al. using differential attack, for example. In this paper, we manage to propose a novel low-latency block cipher, which guarantees security against differential and linear attacks. Revisiting the permutation technique used in Orthros, we investigate the selection of nibble permutations and propose a method for selecting them systematically rather than relying on random search. Our new nibble permutation method ensures the existence of impossible differential and differential trails for up to 8 rounds, while the nibble permutations for both branches of Orthros may lead to a 9-round impossible differential trail. Furthermore, we introduce a new approach for constructing low-latency coordinate functions for 4-bit S-boxes, which involves a more precise delay computation compared to traditional methods based solely on circuit depth. The new low-latency primitive uLBC we propose, is a family of 128-bit block ciphers, with three different versions of key length, respectively 128-bit and 256-bit key, as well as a 384-bit tweakey version with variable-length key. According to the key length, named uLBC-128, uLBC-256 and uLBC-384t. Our analysis shows that uLBC-128 exhibits lower latency and area requirements compared to ciphers such as QARMA9-128 and Midori128. On performance, uLBC-128 has excellent AT performance, the best performance except SPEEDY-6, and even the best performance in UMC 55nm in our experiments. <\/jats:p>","DOI":"10.62056\/a63zzoja5","type":"journal-article","created":{"date-parts":[[2025,1,13]],"date-time":"2025-01-13T17:00:52Z","timestamp":1736787652000},"update-policy":"https:\/\/doi.org\/10.62056\/adfjwm02dj","source":"Crossref","is-referenced-by-count":0,"title":["Ultra Low-Latency Block Cipher uLBC"],"prefix":"10.62056","volume":"1","author":[{"given":"Guoxiao","family":"Liu","sequence":"first","affiliation":[{"name":"Institute for Network Sciences and Cyberspace, Tsinghua University","place":["Beijing, China"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2814-5431","authenticated-orcid":false,"given":"Qingyuan","family":"Yu","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Technology, Shandong University","place":["Qingdao, China"]},{"name":"Key Laboratory of Cryptologic Technology and Information Security","place":["Jinan, China"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Liyuan","family":"Tang","sequence":"additional","affiliation":[{"name":"Institute for Network Sciences and Cyberspace, Tsinghua University","place":["Beijing, China"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shihe","family":"Ma","sequence":"additional","affiliation":[{"name":"Institute for Network Sciences and Cyberspace, Tsinghua University","place":["Beijing, China"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Congming","family":"Wei","sequence":"additional","affiliation":[{"name":"School of Cyberspace Science and Technology, Beijing Institute of Technology","place":["Beijing, China"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6396-8882","authenticated-orcid":false,"given":"Keting","family":"Jia","sequence":"additional","affiliation":[{"name":"Institute for Network Sciences and Cyberspace, Tsinghua University","place":["Beijing, China"]},{"name":"Zhongguancun Laboratory","place":["Beijing, China"]},{"name":"BNRist, Tsinghua University","place":["Beijing, China"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3312-2189","authenticated-orcid":false,"given":"Lingyue","family":"Qin","sequence":"additional","affiliation":[{"name":"Zhongguancun Laboratory","place":["Beijing, China"]},{"name":"BNRist, Tsinghua University","place":["Beijing, China"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3444-6030","authenticated-orcid":false,"given":"Xiaoyang","family":"Dong","sequence":"additional","affiliation":[{"name":"Institute for Network Sciences and Cyberspace, Tsinghua University","place":["Beijing, China"]},{"name":"Zhongguancun Laboratory","place":["Beijing, China"]},{"name":"BNRist, Tsinghua University","place":["Beijing, China"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yantian","family":"Shen","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Technology, Tsinghua University","place":["Beijing, China"]}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"48349","published-online":{"date-parts":[[2025,1,13]]},"reference":[{"key":"ref1:PRINCE2012","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"208","DOI":"10.1007\/978-3-642-34961-4_14","article-title":"PRINCE - A Low-Latency Block Cipher for Pervasive\n Computing Applications - Extended Abstract","volume":"7658","author":"Julia Borghoff","year":"2012"},{"key":"ref2:DBLP:conf\/asiacrypt\/BanikBISHAR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"411","DOI":"10.1007\/978-3-662-48800-3_17","article-title":"Midori: A Block Cipher for Low Energy","volume":"9453","author":"Subhadeep Banik","year":"2015"},{"key":"ref3:DBLP:conf\/crypto\/BeierleJKL0PSSS16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1007\/978-3-662-53008-5_5","article-title":"The SKINNY Family of Block Ciphers and Its Low-Latency\n Variant MANTIS","volume":"9815","author":"Christof Beierle","year":"2016"},{"key":"ref4:DBLP:journals\/tosc\/Avanzi17","doi-asserted-by":"publisher","first-page":"4","DOI":"10.13154\/tosc.v2017.i1.4-44","article-title":"The QARMA Block Cipher Family. Almost MDS Matrices Over\n Rings With Zero Divisors, Nearly Symmetric Even-Mansour Constructions With\n Non-Involutory Central Rounds, and Search Heuristics for Low-Latency\n S-Boxes","volume":"2017","author":"Roberto Avanzi","year":"2017","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"ref5:DBLP:journals\/tches\/LeanderMMR21","doi-asserted-by":"publisher","first-page":"510","DOI":"10.46586\/tches.v2021.i4.510-545","article-title":"The SPEEDY Family of Block Ciphers Engineering an Ultra\n Low-Latency Cipher from Gate Level for Secure Processor Architectures","volume":"2021","author":"Gregor Leander","year":"2021","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref6:cryptoeprint:2015\/1189","first-page":"1189","article-title":"Invariant Subspace Attack Against Full Midori64","author":"Jian Guo","year":"2015","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref7:10.1007\/978-3-319-49890-4_16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"287","DOI":"10.1007\/978-3-319-49890-4_16","article-title":"Related-Key Cryptanalysis of Midori","volume":"10095","author":"David G\u00e9rault","year":"2016"},{"key":"ref8:10.1007\/978-3-662-45608-8_15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"274","DOI":"10.1007\/978-3-662-45608-8_15","article-title":"Tweaks and Keys for Block Ciphers: The TWEAKEY Framework","volume":"8874","author":"J\u00e9r\u00e9my Jean","year":"2014"},{"key":"ref9:DBLP:journals\/tosc\/AvanziBDEGNR23","doi-asserted-by":"publisher","first-page":"25","DOI":"10.46586\/TOSC.V2023.I3.25-73","article-title":"The QARMAv2 Family of Tweakable Block Ciphers","volume":"2023","author":"Roberto Avanzi","year":"2023","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"ref10:20PRINCEv2","series-title":"Lecture Notes in Computer Science","isbn-type":"print","doi-asserted-by":"publisher","first-page":"483","DOI":"10.1007\/978-3-030-81652-0_19","article-title":"PRINCEv2 - More Security for (Almost) No Overhead","author":"Du\u0161an Bo\u017eilov","year":"2021","ISBN":"https:\/\/id.crossref.org\/isbn\/9783030816513"},{"key":"ref11:cryptoeprint:2022\/1351","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1007\/978-3-031-30634-1_2","article-title":"Better Steady than Speedy: Full Break of SPEEDY-7-192","volume":"14007","author":"Christina Boura","year":"2023"},{"key":"ref12:DBLP:journals\/tches\/BelkheyarDDGR23","doi-asserted-by":"publisher","first-page":"326","DOI":"10.46586\/tches.v2023.i1.326-368","article-title":"BipBip: A Low-Latency Tweakable Block Cipher with Small\n Dimensions","volume":"2023","author":"Yanis Belkheyar","year":"2023","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"ref13:Banik_Isobe_Liu_Minematsu_Sakamoto_2021","doi-asserted-by":"publisher","first-page":"37","DOI":"10.46586\/tosc.v2021.i1.37-77","article-title":"Orthros: A Low-Latency PRF","volume":"2021","author":"Subhadeep Banik","year":"2021","journal-title":"IACR Transactions on Symmetric Cryptology"},{"key":"ref14:Bao_Guo_Ling_Sasaki_2019","doi-asserted-by":"publisher","first-page":"330","DOI":"10.13154\/tosc.v2019.i1.330-394","article-title":"PEIGEN \u2013 a Platform for Evaluation, Implementation, and\n Generation of S-boxes","volume":"2019","author":"Zhenzhen Bao","year":"2019","journal-title":"IACR Transactions on Symmetric Cryptology"},{"key":"ref15:DBLP:journals\/tosc\/Rasoolzadeh22","doi-asserted-by":"publisher","first-page":"403","DOI":"10.46586\/TOSC.V2022.I3.403-447","article-title":"Low-Latency Boolean Functions and Bijective S-boxes","volume":"2022","author":"Shahram Rasoolzadeh","year":"2022","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"ref16:DBLP:conf\/asiacrypt\/QinDWHW22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"287","DOI":"10.1007\/978-3-031-22963-3_10","article-title":"Mind the TWEAKEY Schedule: Cryptanalysis on\n SKINNYe-64-256","volume":"13791","author":"Lingyue Qin","year":"2022"},{"key":"ref17:LS16-FSE-MDS","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1007\/978-3-662-52993-5_6","article-title":"Lightweight MDS Generalized Circulant Matrices","volume":"9783","author":"Meicheng Liu","year":"2016"},{"key":"ref18:Tolba2017ImprovedMI","doi-asserted-by":"publisher","first-page":"1733","DOI":"10.1587\/TRANSFUN.E100.A.1733","article-title":"Improved Multiple Impossible Differential Cryptanalysis of\n Midori128","volume":"100-A","author":"Mohamed Tolba","year":"2017","journal-title":"IEICE Trans. Fundam. Electron. Commun. Comput. Sci."},{"key":"ref19:Sutherland1999LogicalED","isbn-type":"print","volume-title":"Logical Effort: Designing Fast CMOS Circuits","author":"Ivan Sutherland","year":"1999","ISBN":"https:\/\/id.crossref.org\/isbn\/1558605576"},{"key":"ref20:10.1007\/978-3-319-63715-0_22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"647","DOI":"10.1007\/978-3-319-63715-0_22","article-title":"Proving Resistance Against Invariant Attacks: How to Choose\n the Round Constants","volume":"10402","author":"Christof Beierle","year":"2017"},{"key":"ref21:LH94_DiffLin","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/3-540-48658-5_3","article-title":"Differential-Linear Cryptanalysis","volume":"839","author":"Susan K. Langford","year":"1994"},{"key":"ref22:DBLP:conf\/crypto\/DunkelmanKS10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"393","DOI":"10.1007\/978-3-642-14623-7_21","article-title":"A Practical-Time Related-Key Attack on the KASUMI\n Cryptosystem Used in GSM and 3G Telephony","volume":"6223","author":"Orr Dunkelman","year":"2010"},{"key":"ref23:DBLP:conf\/eurocrypt\/BihamBS99","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"12","DOI":"10.1007\/3-540-48910-X_2","article-title":"Cryptanalysis of Skipjack Reduced to 31 Rounds Using\n Impossible Differentials","volume":"1592","author":"Eli Biham","year":"1999"},{"key":"ref24:DBLP:conf\/sacrypt\/AokiS08","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1007\/978-3-642-04159-4_7","article-title":"Preimage Attacks on One-Block MD4, 63-Step MD5 and More","volume":"5381","author":"Kazumaro Aoki","year":"2008"},{"key":"ref25:DBLP:conf\/eurocrypt\/SasakiA09","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"134","DOI":"10.1007\/978-3-642-01001-9_8","article-title":"Finding Preimages in Full MD5 Faster Than Exhaustive\n Search","volume":"5479","author":"Yu Sasaki","year":"2009"},{"key":"ref26:DBLP:conf\/asiacrypt\/BogdanovKR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"344","DOI":"10.1007\/978-3-642-25385-0_19","article-title":"Biclique Cryptanalysis of the Full AES","volume":"7073","author":"Andrey Bogdanov","year":"2011"},{"key":"ref27:DBLP:conf\/fse\/DaemenKR97","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"149","DOI":"10.1007\/BFb0052343","article-title":"The Block Cipher Square","volume":"1267","author":"Joan Daemen","year":"1997"},{"key":"ref28:DBLP:conf\/asiacrypt\/XiangZBL16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"648","DOI":"10.1007\/978-3-662-53887-6_24","article-title":"Applying MILP Method to Searching Integral Distinguishers\n Based on Division Property for 6 Lightweight Block Ciphers","volume":"10031","author":"Zejun Xiang","year":"2016"},{"key":"ref29:DBLP:journals\/tosc\/HuWW20","doi-asserted-by":"publisher","first-page":"396","DOI":"10.13154\/tosc.v2020.i1.396-424","article-title":"Finding Bit-Based Division Property for Ciphers with Complex\n Linear Layers","volume":"2020","author":"Kai Hu","year":"2020","journal-title":"IACR Trans. Symmetric Cryptol."}],"container-title":["IACR Communications in Cryptology"],"original-title":[],"language":"en","deposited":{"date-parts":[[2025,1,13]],"date-time":"2025-01-13T17:12:00Z","timestamp":1736788320000},"score":1,"resource":{"primary":{"URL":"https:\/\/cic.iacr.org\/p\/1\/4\/25"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1,13]]},"references-count":29,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2025,1,13]]}},"URL":"https:\/\/doi.org\/10.62056\/a63zzoja5","archive":["Internet Archive","Internet Archive"],"relation":{},"ISSN":["3006-5496"],"issn-type":[{"type":"electronic","value":"3006-5496"}],"subject":[],"published":{"date-parts":[[2025,1,13]]},"assertion":[{"value":"2024-10-08","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-12-03","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"cc1-4-50"}}