A New Type of Cipher: DICING_csb

In this paper, we will propose a new type of cipher named DICING_csb, which is derived from our previous stream cipher DICING. It has applied a stream of subkey and an encryption form of block ciphers, so it may be viewed as a combinative of stream cipher and block cipher. Hence, the new type of cipher has fast rate like a stream cipher and need no MAC.

💡 Research Summary

The paper introduces DICING_csb, a new cryptographic construction that blends the high‑throughput characteristics of stream ciphers with the security features of block ciphers. The design builds directly on the authors’ earlier stream cipher DICING, reusing most of its components while changing the encryption mode.

Two “projectors” (denoted 1Γ and 2Γ) form the core of the key‑stream generator. Each projector is an LFSR‑like element that operates in a finite field GF(2^m) (m = 127 or 128). Instead of the usual shift operation, the state σ is multiplied by a constant k (σ ← k·σ). The first projector’s state t_α produces an 8‑bit “dice” value D, which controls the update of the second projector’s state t_ω. The second projector’s state is combined with a memory variable u via XOR to produce a sequence of sub‑keys {t_u}.

Key setup takes a secret key K of 128 or 256 bits and derives two keyed S‑boxes (S₁ and S₂) and a linear diffusion matrix L. The base S‑box is defined over GF(2^8) as S₀(x) = 5·x ⊕ x; affine transformations A, B, C (computed from K) are applied to obtain the keyed versions. L is a 4×4 matrix that operates on 32‑bit words, providing diffusion across the block. The key schedule also includes several XOR, rotation, and matrix‑multiplication steps to mix the key thoroughly.

During IV setup, a 32‑byte initialization vector is processed by a byte‑wise permutation φ, XORed with the key‑derived material, and passed through the same S‑boxes and L transformation. This initializes the internal states α, ω, and u, and determines the dice value D for the subsequent sub‑key generation.

Encryption follows a non‑iterative block‑cipher style formula:

 C = Q( S( P( X ⊕ t_u ) ) ) ⊕ η

where X is the plaintext block, t_u is the current sub‑key, P and S denote the keyed S‑box and linear diffusion operations, Q is an additional mixing step, and η is a constant or round‑dependent mask. Decryption applies the inverse operations in reverse order. This construction replaces the simple XOR of a stream cipher with a sequence of non‑linear transformations, thereby increasing resistance to plaintext‑recovery attacks that exploit additive structures.

Security analysis argues that the stream‑cipher component inherits the proven resistance of the original DICING against correlation, algebraic, and distinguishing attacks. The block‑cipher‑like encryption adds non‑linearity and diffusion, making traditional differential, linear, and algebraic attacks less applicable. The authors claim the sub‑key stream can be safely reused up to 2¹⁶ times; if more reuse is required, additional rounds can be added at the cost of roughly two extra cycles per byte.

Performance measurements on a 32‑bit Windows platform with an AMD Athlon 64 ×2 processor show key setup costs of 8 340–12 100 cycles, IV setup around 4 300 cycles, and an encryption/decryption throughput of 8.4 cycles per byte. A variant that changes the multiplication constant to 16 reduces the per‑byte cost to 6.8 cycles for large messages. Further variants replace the projectors with a single GF(2^256) element or allow multiple reuses of the sub‑key stream, improving speed while preserving the same security rationale.

In conclusion, DICING_csb is presented as a hybrid “CSB” mode that achieves stream‑cipher speed, block‑cipher security, and eliminates the need for a separate MAC when used as a synchronous stream cipher. The design is simple to implement, offers competitive performance, and provides flexibility in how the sub‑key stream is reused. However, the security proof largely relies on the earlier DICING analysis; independent cryptanalytic evaluation of the new CSB mode would be necessary to fully validate its claimed security properties.