Overview

What does VEST do?

VEST is the world's first and only known family of 160-bit to 512-bit symmetric key cryptosystems targeted by Synaptic from its conception solely for semiconductor and multi-factor hardware authentication applications.

Although the lightweight implementation of VEST-4 supports authenticated encryption and a message authentication code (MAC) it can compete with low-power implementations without these features or even outperform them.

VEST ciphers offer a wide range of functions including single-pass authenticated encryption (privacy with integrated message authentication) and cryptographic hashing operations.

What problem does VEST solve?

VEST is the result of Synaptic Labs' three year security project that set out to design a post quantum secure cipher capable of achieving 10 gigabit/s authenticated encryption with low power in FPGA based chip-to-chip and networking applications. The project required maximum efficiency in semiconductor applications.

The VEST design solves several problems:

• reducing circuit area and power consumption without sacrificing security margins or performance
  
• build a very wide substitution box that would execute efficiently in hardware
• achieve a post quantum secure symmetric primitive for highly constrained devices
• achieve an inherent level of resistance against side-channel attacks
• achieve single-pass authenticated encryption in an stream-cipher design
• achieve long guaranteed minimum periods using a nonlinear component in a way that protected against decimation attacks and increased the security of the cipher
• achieve a collision resistant hash function in the same cipher logic
• enable the end-user to create proprietary versions of the cipher logic
• support per-chip unique s-boxes with non-volatile-memory efficiently
• efficiently differentiate the execution of a cryptographic challenge-response executed in hardware from software

Previously, secure on-chip cryptosystems were not commercially viable for the vast majority of commodity semiconductor products. The need to combine different modules and associated chip resource demands with increased implementation complexity to create a specific on-chip cryptosystem were added costs and risks that many products could not accept.

Synaptic Labs' VEST cipher addresses these market needs by designing a cipher from first principles specifically for semiconductor applications.

What environments is VEST intended for?

VEST is intended for semiconductor applications.

The combinatorial logic of the cipher design is optimised for efficient operation on 4-to-1 and 6-to-1 look-up-table architectures. Having achieved this VEST is also efficient on standard-cell ASIC architectures.

Due to the bit-level addressing of the VEST cipher scheme, VEST is approximately 1000x times slower per clock cycle in software than in hardware. This design feature supports detection of software-emulation of VEST challenge responses. This is useful in identification and access control applications such as cable-TV environments.

What applications is VEST intended for?

VEST is ideal for:

• any application requires a high speed cryptographic hash function such as next generation digital signature algorithms based on Lamport-Diffie-Merkle schemes.
• any semiconductor application that needs to reduce circuit area and power consumption for proprietary security operations
• applications that require each pair of chips employ a unique cryptographic algorithm

Examples include:

• authentication of RFID and smart card devices
  
• ambient intelligence applications
  
• secure chip-to-chip communications
• digital rights management in game consoles
• up to 10 gigabit/s network applications

What advantages does VEST have over the nearest competition?

Synaptic Labs' VEST cryptosystem has several advantages over standards based solutions:

• At time of publication VEST offered the world's smallest cryptographic hash functions when implemented in hardware
• VEST-4 (160-bit key, 80-bit security) is fast and efficient, performing single-pass authenticated encryption at least 3x faster and 3x more efficiently than 128-bit key AES ciphers (regardless of mode-of-operation) in ASIC
  
• VEST is at least 6x faster and 6x more efficient than AES when running authenticated encryption operations using NIST standards (AES-GCM)
• VEST allows the user to create proprietary variations of the cipher
• VEST has larger security margins that most published ciphers

What other components are required to make a complete system?

The typical online cryptographic system designed to enable secure communications between two users requires a privacy primitive (block cipher or stream cipher), a cryptographic hash function, a key exchange algorithm and may also use a digital signature algorithm.

The VEST algorithm is designed to perform privacy operations (stream cipher), cryptographic hash operations, to be used within the Synaptic key exchange algorithms, and for use in the Lamport-Diffie-Merkle digital signature algorithms.

Was VEST submitted to any cryptographic competitions?

Yes.

The first version of VEST was originally submitted to ECRYPT – the European Network of Excellence for Cryptology eSTREAM stream cipher competition in April 2005. The VEST (P2.0) cipher specifications were published on ECRYPT in September 2006. On the 19th of January 2007 a single-digit typographic error correction was published on ECRYPT for the VEST P2.0 cipher. On the 31st of January 2007 cryptanalysis against uncorrected cipher, "Overtaking VEST" was published by Joux and Reinhard at SASC 2007. On the 12th of March Gittins and Landman performed a formal analysis of typographic correction and published the VEST P2.1 specifications. On the 26th of March 2007 the authors of the attack paper Joux and Reinhard publish their acknowledgment that the correction of 19th of January 2007 removes all attacks. On the same day there is an official Publication stating VEST was not accepted into the final Phase of eSTREAM due to the Joux-Reinhard attack. In April 2007 eSTREAM acknowledged that the correction of 19 January 2007 removes the Joux-Reinhard attacks.

There are no published attacks on the VEST Version 2.1 specifications as of Q1 2009.

Was VEST submitted to the NIST SHA-3 competition?

No.

The NIST SHA-3 competition is intended to search for a royalty free replacement for SHA-2. The SHA-3 competition is targeted to the design of hash functions that software efficient on 64-bit general purpose computers.

For these reasons we assessed this was not the most appropriate venue to submit VEST.