Achterbahn (stream cipher) explained

In cryptography, Achterbahn is the name of a synchronous stream cipher algorithm submitted to the eSTREAM Project of the eCRYPT network.In the final specification the cipher is called ACHTERBAHN-128/80, because it supports the key lengths of 80 bits and 128 bits, respectively.^[1] Achterbahn was developed by Berndt Gammel, Rainer Göttfert and Oliver Kniffler.Achterbahn means rollercoaster (in German), though a literal translation of the term would be eight-track, which indicates that the cipher can encrypt eight bit streams in parallel.

The parameters of the cipher are given in the following table:

	ACHTERBAHN-80	ACHTERBAHN-128
Max. key length	80 bit	128 bit
Max. IV length	80 bit	128 bit
Max. frame length	244	244
Internal state	297 bit	351 bit

ACHTERBAHN-128 is downward compatible and can produce the same keystream as ACHTERBAHN-80 if so desired. The keystream generator of ACHTERBAHN-128/80 is based on the design principle of the nonlinear combination generator, however it deploys primitive nonlinear feedback shift registers (NLFSR) instead of linear ones (LFSR).

Security

There are no known cryptanalytic attacks against ACHTERBAHN-128/80 for the tabulated parameters that are faster than brute force attack. Recent analysis showed that attacks are possible if larger frame (packet) lengths are used in a communication protocol.^{[2] [3] [4]} The cipher's authors recommend a maximum frame length of 2⁴⁴ bits.^[5] This value does however not imply practical limitations.

Performance

The ACHTERBAHN-128/80 stream cipher is optimized for hardware applications with restricted resources, such as limited gate count and power consumption. An implementation of ACHTERBAHN-80 has a design size of only 2188 gate equivalents (Nand-GE) in a standard CMOS technologyand delivers a throughput of up to 400 Megabit/s. This makes it suitable for RFID tags. A high-speed implementation with a throughput of 8 Gigabit/s has a design size of 8651 Nand-GE.^[6]

External links

• Achterbahn home page
• M.I. Mahmoud et.al.: Wavelet Data Hiding using Achterbahn-128 on FPGA Technology, UbiCC Journal - Special Issue of IKE'07 Conference, IKE'07 - Special Issue, 1/15/2008

Notes and References

1. Web site: Berndt M.. Gammel . Rainer. Göttfert . Oliver. Kniffler . ACHTERBAHN-128/80 . ECRYPT Stream Cipher Project Report . 30 June 2006 .
2. María . Naya-Plasencia . Cryptanalysis of Achterbahn-128/80 . Fast Software Encryption, 14th International Workshop. Luxembourg. March 26–28, 2007. Revised Selected Papers, Lecture Notes in Computer Science. 4593. 73–86 . 978-3-540-74617-1. Springer .
3. María . Naya-Plasencia . Cryptanalysis of Achterbahn-128/80 with a New Keystream Limitation . Research in Cryptology: Second Western European Workshop, WEWoRC . Bochum, Germany. July 4–6, 2007. Revised Selected Papers, Lecture Notes in Computer Science. 4945. 142–152. 978-3-540-88352-4. Springer .
4. Gammel. Berndt M.. Göttfert. Rainer. Kniffler. Oliver. Jan 31 – Feb 1, 2007. Achterbahn-128/80: Design and Analysis. dead. Workshop Record of The State of the Art of Stream Ciphers - SASC. Ruhr University Bochum, Germany. 152–165. https://web.archive.org/web/20070724074451/http://sasc.crypto.rub.de/files/sasc2007_record.zip. July 24, 2007.
5. Rainer . Göttfert . Berndt M. . Gammel . On the frame length of Achterbahn-128/80 . Proceedings of the 2007 IEEE Information Theory Workshop on Information Theory for Wireless Networks. July 1–6, 2007. Solstrand, Norway. T.. Helleseth. V.. Kumar. Ø. . Ytrehus . 91–95 . 978-1-4244-1199-3 .
6. Web site: Gammel . Berndt M. . Göttfert . Rainer . Kniffler . Oliver . 30 June 2006 . ACHTERBAHN-128/80 . The Achterbahn Stream Cipher.