A hybrid modified lightweight algorithm for achieving data integrity and confidentiality

ABSTRACT


INTRODUCTION
The protection of data from unauthorized access, disclosure, alteration, or destruction while ensuring confidentiality, integrity, and availability is very important to information security [1]. As there are unknown risks, threats, and vulnerabilities, there is no 100% guaranteed security [1]- [4]. Cryptography is used to keep data secure while it is in transit (electronic or physical). The increasing demand for the confidentiality of information necessitates the creation of new encryption techniques and algorithms [1], [2], [5], [6]. According to William Stalling, the security of encrypted data is entirely dependent on two factors: the strength of the cryptographic technology and the secrecy of the key [7]. These algorithms must be fast and secure enough to prevent wasting resources in low constrain devices.
Modern encryption algorithms are essential in data transmission systems. Choosing an appropriate encryption algorithm will have an impact on device longevity and performance in terms of battery life, device memory, processing lag, and connection bandwidth [8], [9]. Conventional encryption techniques are slow, complex, and very energy-intensive when dealing with resource-constrained systems [9], [10]. Solutions for resource-limited hardware lightweight algorithms are becoming more common and used [9],  [10]. The face of lightweight cryptography has been a popular research topic for decades. The lightweight cipher design has better performance in resource-limited devices than conventional ciphers because of: (limited block sizes, fewer key sizes, simpler rounds, reduced key tables, and few implementations) [8], [9]. Here are some lightweight algorithms like (Present, Simon, Speck, Rabbit, and Salsa 20/12) [8], [9], [11], [12].
Cryptographic analysts have successfully exploited any flaws in algorithm designs and there have been security breaches in [7]- [9]. To prevent a cryptanalyst from exploiting algorithm weaknesses, two or more algorithms are combined to create a new one called a hybrid cipher. Decrypting a hybrid text is more difficult than decrypting a block or stream of ciphertext [8]. We propose a hybrid algorithm called Speck-Salsa20 algorithm for data integrity and confidentiality (SSDIC) that combines a lightweight stream with a lightweight block cipher to achieve data integrity and confidentiality. It is a secure and lightweight hybrid cipher with greater energy efficiency and effective throughput, as well as good software and hardware performance, and is a suitable choice for devices with low resources. SSDIC is a hybrid lightweight algorithm combined (Speck-Salsa20) that generates a fast key using a hash function that generates a wide range of plain text and key sizes that the SSDIC proposed to address Speck algorithm weaknesses.
When examining the Speck algorithm in statistical analysis, the Speck fails because the generated sequence is not random, and it also restores the right half of the original key. To increase the randomness of Speck, we generate the key using the Salsa20 method instead of using the Speck key. Due to Salsa20 being faster than advanced encryption standard (AES) and is a suitable choice for devices with low resources. It uses a hash function and has a key size of 128 or 256 bits updating the Speck round function and key tables solved the problem of restoring the right half of the original key. SSDIC is more random, secure, and passes all National Institute of Standards and Technology (NIST) SP 800-22 tests with better results rather than a Speck algorithm.
The remaining portions of this work are organized as follows. Section 2 presents an overview of the related work. Section 3 describes the encryption mechanism in detail. Section 4 goes through the proposed encryption technique in detail. Section 5 addresses the system's performance and security. Finally, in section 6, there is a succinct conclusion.

RELATED WORK
Speck and Salsa20 are discussed separately in several papers. Almazrooie et al. [13] proposes a Salsa20 modification based on the logistic map to improve the speed of the Salsa20-based encryption. After the second cycle, an XOR network is used to raise the level of unpredictability by modifying each of the 64 bytes in the sequence, as well as to address the statistical leakage. It generates a 32-byte sequence as a secret key. There is only 1-bit of difference at the inputs of any two sequential blocks of Salsa20. However, there are 33-bits of differences in the proposed chaotic Salsa system. The enlargement of the differences in the inputs can strengthen the system against different types of attacks. It is possible to achieve good diffusion and a faster speed. Against differential attacks, the method performed admirably.
Fukushima et al. [14] proposed the ChaCha and Salsa20 algorithm to describe an incorrect injection attack to obtain an X (20) matrix. By skipping add-ons and attacking the initial array, it was able to extract the key. The proposed strategy is evaluated using a small countermeasure. In [15], reported the first quantum attack that uses the cipher's diffusion to estimate add-rotate-XOR (ARX) round differences. At 8 rounds of Salsa with a 256-bit key sequence length, the results were faster. The work is contained in [16]. This algorithm was the first to employ a hybrid strategy (block and stream). It uses a 16-bit input and a 256-bit key to perform twenty rounds. Hummingbird-2 accepts 64-bit input with a key length of 128 bits and is optimized for low-end microprocessors. While it outperforms present, it does have a few disadvantages (initialization before encryption and decryption, distinct encryption, and decryption functions). In [17], Mouha et al.'s framework has concentrated on and created an auto-differential coding study of ARX block ciphers for XOR variance. The suggested method significantly decreases search time and allows for the discovery of differential properties of ARX block zeros with high word sizes, such as n=48.64. When calculating several features, it takes into consideration the differential effect and finds that the differential probability increases by a factor of 416 for Speck and more than 210 for lightweight encryption algorithm (LEA). It demonstrated efficiency by improving Speck and LEA attacks, which attack 1, 1, 4, and 6 more rounds of Speck48, Speck64, Speck96, and Speck128, respectively, and two more rounds of LEA than earlier work.
AES block ciphers are used in the internal functionality of the current format-preserving standard encryption, FF1 and FF3-1. The approach is implemented by altering the cipher to lightweight block ciphers LEA and Speck to improve the speed of FF1 and FF3-1, according to the research. By splitting it into high-performance computing environments and low-performance internet of things (IoT) environments, the encryption speed is studied and compared with the present encryption speed. In comparison to FF1 and

835
FF3-1, the results revealed an increase in encoding speed. It will be easier to use format-preserving ciphers across multiple systems if their coding speed is improved. The evaluation is conducted using physical area (GEs): energy, latency, and throughput [8] and found that the Speck software-based ciphers consume the least energy (1.6), have the highest throughput (471.5), and have the lowest latency [8] are algorithms that are software-efficient and lightweight. Speck, Simon, PRIDE, ITUbee, and IDEA are the top five. Algorithms with low latency Speck, Simon, PRIDE, Hummingbird-2, and ITUbee are the top five [8]. The performance of random Speck exceeds the acceptable success rate; we used SSDIC to solve the difficulties of the Speck algorithm.

BACKGROUND 3.1. Salsa20 algorithm
Salsa20 is a highly reliable stream cipher algorithm that encrypts quickly with a key size of 128 or 256 bits [18] that was submitted to eSTREAM, the encrypt stream cipher project. The hash function is used in Salsa20, which takes 64-byte inputs and outputs 64 bytes [18], [19]. This hash function is implemented as a stream cipher in counter mode [18], [19].

Speck algorithm
The Speck algorithm is one of the lightweight block ciphers. It can handle a large number of different blocks and key sizes [12], [20]. While there are numerous lightweight block ciphers available, the majority is designed for a single platform, and it is not intended to perform well across a range of devices. The purpose of Speck is to address the need for secure and high-performance computing on hardware and software platforms [12], [20] while remaining flexible enough to support a range of implementations on a given platform in a variety of devices running lightweight applications [12], [20].

SPECK-SALSA20 FOR DATA INTEGRITY AND CONFIDENTIALITY
The performance of random Speck exceeds the acceptable success rate, indicating that the algorithm's sequence is insecure [21], [22]. Because Speck requires the key to be supplied alongside the plaintext to be encrypted, as well as the good attack point in a side-channel attack is where the plaintext directly mixes with the key. The first XOR operation of the round function in Speck is where the plaintext directly mixes with the key. In [23] have already demonstrated that using random plaintext to attack the first round of XOR operation can recover the right half of the original key using a correlation power analysis (CPA) attack, because the round key used in the first round is the right half of the original key [24], as illustrated in Figure 2.
When an attacker can recover the right half of the original key of the Speck method using a CPA attack the Speck method is not secure, as it allows for predictability and provides cryptanalysts with partial understanding as part of the known key. This proposed paper addresses the issue of non-random Speck as well as restoring the right half of the original key by combining Speck and the Salsa20 algorithm as a block cipher and stream cipher called SSDIC method, respectively, and exploiting the strengths of the two algorithms. It is optimized for lightweight applications to ensure performance is applied during software and hardware implementation. The Speck algorithm's key will not be used; instead, the Salsa20 stream's keys will be used as the SSDIC algorithm's key to circumvent the Speck algorithm's weakness. As a result, Figure 1 illustrates the key generated using the Salsa20 hash function.
The ten Speck variants are designated as Speck 2n/wn. For instance, Speck 128/256 denotes the Speck block cipher with a block size of 128 bits and a key size of 256 bits. Thus, n=64, w=4, α=8, β=3 and T=34 is obtained from Table 1. Because no Speck algorithm key is used, a Salsa20 algorithm key must be generated to overcome a weakness, as previously indicated. As a result, Salsa20 must generate a key with a length commensurate with the lengths of the keys listed in Table 1. In this case, Salsa20 must generate 256 keys and then pass them to the Speck algorithm, as illustrated in algorithm 3 pseudocode. Also, Figure 3 shows that the SSDIC method which consists of two iterative components: Figure 3(a) a key schedule and Figure 3(b) a round function denoted by R.
As illustrated in Figure 1, the keystream is generated using Salsa20 hash functions. It accepts a (((m * n)/16) * 8)-bit key (k0, k1, ..., k7) constants (c0, c1, c2, c3) as input. Equation maps the inputs to a 4X4 matrix (1). As shown in (1) to (5) are used to generate a keystream with a length of (m*n). All inputs to Salsa20 are displayed in Table 2. Following the process of generating the key for use in encryption and decryption using the Speak algorithm, the encryption and decryption (6) and (7) were modified to eliminate the restoring of the right half of the original key, as illustrated in Figure 3. A benefit of any stream cipher-based system is its ease of implementation. However, the strength of such systems is entirely dependent on how the keystream is generated. The ten instances of Speck have been designed to provide excellent performance in both hardware and software, but have been optimized for performance on microcontrollers [20].

RESULTS AND DISCUSSION
In this paper, we propose a hybrid algorithm called SSDIC that combines a lightweight stream with a lightweight block cipher (Speck and Salsa20) to achieve data integrity and confidentiality to create a flexible and secure hybrid cipher, a remarkable fusion that combines the qualities of both the Speck algorithm and the Salsa20 algorithm. We proposed SSDIC to improve the vulnerabilities of the Speck algorithm. Speck fails to pass an acceptable success rate in the statistical analysis because the generated sequence is not random, and the right half is retrieved from Speck's original main algorithm. Although a lot of research has been done to exploit Speck's security in terms of linear and differential cipher analysis, few have attempted to address non-randomness, a basic need of all encryption methods. The SSDIC method is built and implemented in a Python 3.9.7 environment, on a machine with an Intel(R) Xeon(R) CPU E3-1545M v5 running at 2.90 GHz and 8 GB of RAM running Windows 10, Intel(R) Xeon(R) CPU E3-1545M v5 running at 2.90 GHz. The run-time is determined by a timer running in the visual studio code environment. The run-time for the SSDIC and the Speck is 0.0019991 and 0.0010006 μs, respectively. Where a small difference in execution time is observed between SSDIC and the Speck algorithm, but it has high randomness and security based on NIST test results shown in Table 3. Several statistical tests are also available to evaluate the randomness features of cryptographic algorithms. The statistical analysis is evaluated using NIST SP 800-22. Based on the significance value, the NIST tests determine whether the sequence ratio is random. When the P-value is less than 0.01, the sequence is considered random or vice versa and is called a non-random sequence [25], [26]. The SSDIC method and Speck encryption algorithm are subject to each of the fifteen NIST tests [26]. Test results will also be discussed below. − Frequency (Monobit) test: passing this test is required for all subsequent tests [25]. In this test, the SSDIC method is generally superior to the Speck, as shown in Table 3. SSDIC increases nearly 0.1907 more than the Speck algorithm, according to NIST tests. − Frequency block test: in this test, the SSDIC is generally superior to the Speck, as shown in Table 3.
SSDIC increases nearly 0.1907 more than the Speck, according to NIST tests. − Runs test: in this test, SSDIC is generally superior to the Speck, as shown in Table 3. SSDIC increases nearly 0.1998 more than the Speck algorithm, according to NIST tests. − Longest run test: in this test, SSDIC is generally superior to the Speck, as shown in Table 3. SSDIC increases nearly 0.4567 more than the Speck, according to NIST tests. − Binary matrix rank test: in this test, SSDIC is generally superior to the Speck, as shown in Table 3.
SSDIC increases nearly 0.2 more than the Speck, according to NIST tests. − Discrete Fourier transform test: in this test, SSDIC is generally less than the Speck, as shown in Table 3.
SSDIC decreases nearly 0.297 more than the Speck, according to NIST tests. − Non-overlapping template matching test in this test, SSDIC is generally equal to the Speck, as shown in Table 3. − Overlapping template matching test: in this test, SSDIC is generally superior to the Speck, as shown in Table 3. SSDIC increases nearly 0.8376 more than the Speck, according to NIST tests. − Maurer's "Universal Statistical" Test: In this test, SSDIC is generally superior to the Speck, as shown in Table 3. SSDIC increases nearly 0.2207 more than the Speck, according to NIST tests. − Linear complexity test: in this test, SSDIC is generally superior to the Speck, as shown in Table 3. SSDIC increases nearly 0.3688 more than the Speck, according to NIST tests. − Serial test: in this test, SSDIC is generally superior to the Speck, as shown in Table 3. SSDIC increases nearly 0.2145 more than the Speck, according to NIST tests. − Approximate entropy test: in this test, SSDIC is generally superior to the Speck, as shown in Table 3.
SSDIC increases nearly 0.5 more than the Speck, according to NIST tests. − Cumulative Sums (Cusum) test: in this test, SSDIC is generally superior to the Speck, as shown in Table 3. SSDIC increases nearly 0.0925 more than the Speck, according to NIST tests.  Table 3 according to NIST tests. − Random excursions test: in this test, SSDIC is generally superior to the Speck, as shown in Table 3.
SSDIC increases nearly 0.0925 more than the Speck, according to NIST tests.

CONCLUSION
The disadvantage of Speck's algorithm is that the performance of randomization exceeds the allowable success rate. The Speck also requires that the key be supplied with the plaintext to be encrypted, as well as part of the key and part of the known text in the first round. The Speck indicates that the algorithm sequence is not secure because it allows for predictability and gives cryptanalysts partial understanding of the key and plaintext. To increase the non-randomness, this study introduces the SSDIC algorithm to improve the vulnerability of the Speck method by using the Salsa20 algorithm key instead of the Speck algorithm key. Also, change the Speck round function and the key schedule to process recovery of the right half of the original key and plaintext of the Speck algorithm. Random cipher performance was tested using 15 NIST statistical tests, which were created to evaluate pseudo-random numbers of cryptographic applications and successfully bypass the randomness of the SSDIC algorithm.