Stream Cipher by Reed-Solomon Codes

Article history: Received: 04 May, 2018 Accepted: 07 July, 2018 Online: 14 July, 2018


Introduction
Stream cipher by Reed-Solomon (RS) code this work intends to implement encryption by encoding if necessary [1]. As the encoding-encryption paradigm has been used in the standard for mobile telephony GSM [2,3], it has received much attention so far. RS code has been widely used in communications and storage systems to correct errors, which can also be used together with BCH code to ensure data integrity [4]. The idea of using RS code as a carriage for stream cipher comes from the observation of RS code for code-based cryptography, where it is found that the errors are intentionally inserted and recovered with much computation and energy [5,6]. In fact, the code-based peudo random generator and its security can be considered to achieve stream cipher [7]. In [8], the generalized RS code is used to reduces the density of a transform matrix and improves weakly secure data exchange.
Stream cipher belongs to symmetric cryptography and can be built by many devices, such as linear and nonlinear feedback shift registers. For example, the Rakaposhi stream cipher consists of a 128-bit nonlinear feedback shift register, a 192-bit dynamic linear feedback shift register, and a nonlinear filter function [9]. Ubiquitous environments demands security, speed and power consciousness in processing huge amount of multimedia data [10], in which stream cipher can be used. Stream cipher is an engine that generates bit streams to mix the message. At the sending part, the plain text is confused with one bit stream, while at the receiving part, the cipher text is processed with the same bit stream again to recover the message. The stream cipher is like a determined peudo-random discrete function, of which the security can be analyzed by the generating mechanism of the cipher. A stream cipher can be marked by a key stream (K) and the initialization vector (IV ), while the adversary may recover all the secret bits of K after observing many related (K, IV ) pairs [9].
Usually, an one-way function and multiple steps are devised to safeguard the key generations or initialization processes, let bit XOR as the only operation to encrypt the message. By contrast, people also seek approaches to implement more secure code by public key cryptography. Code based cryptography [11] with Goppa codes [12] or MDPC codes [13], for example, can be applied to realize McEliece system . Meanwhile, generalized RS code can also be used to implement asymmetric cryptography [6], which brings out short keys compared with that obtained by Goppa code.
In this work, a stream cipher with RS code is proposed, in which the messages are encoded as RS codewords. This idea comes from its similarity to the configured logic with a DSP unit in FPGA. At the receiving part, the plaintexts and cipher are recovered from RS codes. The contributions of this paper include: • a mechanism to include stream cipher in RS encoding and decoding, which is able to cover the message in a simple way.
• a review of related work about stream cipher of different schemes.
• a hardware implementation of stream cipher along by RS code.
The remaining parts of this paper is organized as follows: Sect. 2 is a review of RS encoding and decoding; Sect. 3 briefly introduces the related work with stream cipher and code-based cryptography; Sect. 4 discusses the stream cipher along with RS code; then the hardware implementation and comparison of the stream cipher are given in Sect. 5; the last section concludes this paper.
The RS decoding is divided into four steps, i.e., syndrome computation, solution of error location polynomial, Chien search, and determination of the error values by Forney's algorithm. RS code is defined in the extension field GF(2 m·s ), and syndromes can be Figure 1: System architecture to solve error location polynomial [16,1].
The error polynomial can be obtained by the improved inversion-less Berlekamp-Massey algorithm [16]. The resulting error polynomial reads where ν t. λ i is used to calculate the error locations.
The error values are where i (z) · z i , the symbol h denotes the higher partial products from z 2t to z 2t+e−1 , and e is the number of error locations.
The system architecture of RS decoding [16,1] is shown in Fig. 2. First, the original passages through processing elements are replaced by direct connections of signals. Second, the control logics are totaly integrated into the last processing element for simplicity. The signal k(j) m is the sign bit of the integer k(j), where m denotes the m-th bit. The coefficients from λ t to λ 0 come out of from PE t to PE 2t, while the coefficients from ω The Chien search circuit is composed of t multipliers in GF(2 m ) and a few adders. It is used to find out the error locations by a full search if λ i 0.

Related Work
The popular stream cipher consists of two key stream generators, as is shown in Fig. 2 [18,19]. The plaintexts are masked by the keys on the left, and then decrypted by the same stream on the right. The symbol 'IV' denotes initialization vector. A random number generator (RNG) can be implemented by the linear feedback shift register (LFSR) [20] that generates peudo-random numbers for stream cipher, as is shown in Fig. 3. In practise the RNG can also be constructed by other digital or analog circuits. www.astesj.com A light-weight and energy-friendly stream cipher is proposed for wireless sensor network (WSN) in [18]. The paper suggests use the linear combination of pervious packets to generate the peudo-random key bits in a stream cipher, where a mixed protocol is advanced and public key is used to achieve data privacy [18]. Joint encoding and encryption by LDPC codes and RS codes for public key cryptography is a tradeoff between security and reliable communication [5,22,6]. New scrambling and permutating matrices for McEliece system with RS codes are proposed in [6] to enhance security. In [2] the wire-tap encoding and the error correction encoding are concatenated to enhance security. And in [3], a generator matrix, an invertible matrix, and gamma generator are used to produce the ciphertexts.
A provable secure stream cipher based syndrome decoding problem is presented in [7], which uses regular words to speed the system up and quasi-cyclic codes to reduce memory requirements. The results seem to be based on quasi-cyclic BCH codes.

Proposed Approach
Now suppose the message piece is r and the random numbers s are combined or XORed, then one can encode (r ⊕α ·s), where α is the multiple of s or a u ×v matrix with u = s/w, v = r/w and w is the width of a symbol. Next, one piece of the symbols s is inserted by addition modulo 2 m , and the new message reads r = M + s. At the other terminal, by RS decoding one can recover s as well as (r + αs). Finally, the r = (r + αs) − αs can be restored. The whole process is shown in Fig. 4. Especially, the insertion of errors avoids zero bytes by changing them as nonzero bytes within random numbers. First, the security of a code-based system can be seemed as a public-key security problem, while the usual stream cipher is a symmetric cryptosystem. The proposed mechanism embeds the stream cipher along Reed-Solomon codes looking like a public-key cryptography: considering the key streams as private keys for encoding, and looking at the RS code parameters as the public key to decrypt the ciphertexts.
The security of the proposed scheme may also be improved by the application of shortened codes. In this way, the n-symbol codewords are replaced by a (n − δ)-symbol codewords. Take the wireless communication for example, the sender and receiver share the same hardware units, i.e., stream engines, encoders and decoders. Then, the stream cipher with the sender can be seen as private keys to encrypt the messages. The choices of (1) whether a subfield subcode is chosen (2) whether a shortened code is chosen (3) whether the same decoder exists can be used as the public keys. If the decoder exists and the other two parameters are rightly chosen, then the stream cipher can be separated from the message bits by RS decoding.
In detail, one can use subcode or shortened code to decrease the error rate or improve the security of the system, as is shown in Fig. 5. The subfield subcode over GF(p s ) have the same length n but is smaller than its parent code [23] with the word width, which is compressed from sm log 2 p to s log 2 p . In fact, the length n of a subfield subcode may be larger than the size of a subfield, but is constrained its parent field size. Notice that the parity check symbols keep about double word size of other code symbols in Fig. 5. Secondly, the proposed scheme reduce the hardware cost and complexity by reusing the encoder for encryption and recovering the key streams by the decoder. Therefore, the task of aligning the stream engines to time sequence becomes unnecessary. As the number of stream cipher engines decreases from 2 to 1, it reduces the continuous power consumption much. On the one hand, it reduces the hardware units by a half; on the other hand, the renewal frequency of the stream cipher engine can be lowered down. Also, it is not easy to align the messages to real time, but it is feasible to align the messages at code sequence. The oscillator frequency may vary from time to time, while the stream cipher engines requires accurate alignments. The existence of time delay in mobile phones proves the validity of code alignment.
Furthermore, if the function of RS decoding and encoding is occasionally used, then the encryption can be used as an auxiliary function. Otherwise, if the error correction through the transmission path is requirable, then the first few code symbols can be designated as masks of key streams while the next words can be corrected by the remained error correction capability. Since error correction logic and stream cipher are basic units in wireless communications, this scheme   Thirdly, it may be applicable to transmit extra data through the key streams and therefore increase the throughput of inserted codewords. For example, the (255, 223, 16) RS code has 223 information symbols. If the encoder are used for stream cipher, then 16 symbols of information can be added to the codeword secretly. The information rate is increased from 223/255 = 0.87 to 239/255 = 0.94. As is shown in Fig. 6, it is able to mix information with secret data in the proposed codes.

Comparison
The comparisons of this work compared with peer works are shown in Tab. 1. It should be noticed that the proposed scheme is not full symmetric, for which the cipher is decoded through the public-key. The architecture is implemented in a topology of 1-to-N, with N being any natural numbers including 1. If N = 1, then there are two parties to communicate with each other; or else it can be used in a network. By contrast, the stream cipher is usually supposed to follow 1-to-1 topology. While the encoding and decoding architectures in our work are non-symmetric, the whole stream cipher engine can be made nearly symmetric by integrating an encoder and decoder together. Moreover, this work needs only 1 random number generator while other stream ciphers requires 2 to N random number generators, since the key stream is embedded in the data stream in this work.
The weakly secure data exchange problem with generalized Reed-Solomon code is discussed in [8], in which data exchange between multiple parts rather than two parts are considered.
Also, in the proposal the random number generator is not that strictly required and pseudo random numbers can be used, while other works pay much attention to the random number generator itself, owing to different mechanism for stream ciphers. While traditional stream cipher uses continuous random bits, this work applies data structures of codewords to separate data. The references [8,7] also uses GRS codes and quasi-cyclic codes to encode data and bring out randomness.
The architecture and hardware implementation results with [10] is demonstrated in Tab. 1 and Tab. 2. It uses a hardware common key cryptography named RAC for stream cipher, where the random numbers are used as addresses to relocate the data bits. The random numbers are generated by the recipient as addresses to resort the received ciphertext. Assuming the stream cipher engine in [10] works in a pipeline, then it is able to encrypt and decrypt 1 byte every clock cycle with throughput up to 3.2 Gps. Nevertheless, considering that the data from the sender or to the recipient should be stored in a RAM for reorganization, so the real decryption throughput may be only a half, let alone the time for fetching instructions.
Finally, the power consciousness of this design is demonstrated by the application of RS code, whereas McEliece systems usually use nonsystematic encoding with an increase of computational efforts by n/(n − k) times. In addition, if there are demands of error corrections for channels, the hardware units may be reconfigured and reused at different times. The stream cipher with encoding and decoding by RS codes is described by Matlab for test at first, then it is described by Verilog HDL for hardware implementation. As is shown in Tab. 2, the stream cipher engine is simulated by Modelsim 6.2, synthesized by Synopsys Synplify Pro 2014, and placed and rooted in Xilinx ISE 14.7. The code parameters are chosen as usual in [24], i.e., m = 8: number of bits per symbol, n = 255: number of symbols per codeword, k = 223: number of message symbols in a codeword, t = 16: number of corrected errors by symbols.
According to the theory and results in [7], the security level of the cipher in the above table is about 80 bits of keys with symmetric cryptography.
In Tab. 2, the RS code supports correcting 16 symbols of errors along with 223 symbols of messages. It takes about 3.78 µs to correct 2 errors of symbols, and 7.06 µs to correct 16 errors of symbols. Its information throughput without parity check bits are 1.59/0.253 Gbit/s respectively for encoding and decoding.

Conclusion
Stream cipher is often used for mobile communications between two parties. In general, this paper proposes an easy scheme to implement stream cipher along with the popular RS code, which relies on RS encoding and decoding to cover and uncover the key streams. It is beneficial to easily evaluate the complexity and enhance the security of communication systems. The proposed cipher is based on the NP-complete problem of decoding a random linear code, which simply conforms to many solved code-based security issues. The cipher also decreases one key generator and reduces unnecessary power consumption for the synchronization between parties.