Showing papers by "Jean-Philippe Aumasson published in 2011"

Practical attack on 8 rounds of the lightweight block cipher KLEIN

Abstract: KLEIN is a family of lightweight block ciphers presented at RFIDSec 2011 that combines a 4-bit Sbox with Rijndael's byte-oriented MixColumn. This approach allows compact implementations of KLEIN in both low-end software and hardware. This paper shows that interactions between those two components lead to the existence of differentials of unexpectedly high probability: using an iterative collection of differential characteristics and neutral bits in plaintexts, we find conforming pairs for four rounds with amortized cost below 212 encryptions, whereas at least 230 was expected by the preliminary analysis of KLEIN. We exploit this observation by constructing practical (≈235-encryption), experimentally verified, chosen-plaintext key-recovery attacks on up to 8 rounds of KLEIN-64--the instance of KLEIN with 64-bit keys and 12 rounds.

Tuple cryptanalysis of ARX with application to BLAKE and Skein

Abstract: We introduce tuple cryptanalysis, a variant of structural cryptanalysis techniques as square, saturation, integral, internal collision, or multiset cryptanalysis, the main difference being that tuple cryptanalysis considers ordered rather than unordered multisets. This allows cryptanalysts to better trace structural properties within a cipher’s internal state. Unlike previous works that focus on S-box based algorithms, structural analysis is applied to ARX constructions, with preliminary results on reduced versions of Skein’s and BLAKE’s ARX cores. Due to its simplicity and efficient verification, tuple cryptanalyis can be used as a security benchmark for ARX schemes.

VLSI Characterization of the Cryptographic Hash

Abstract: Cryptographic hash functions are used to protect in- formation integrity and authenticity in a wide range of applica- tions. After the discovery of weaknesses in the current deployed standards, the U.S. Institute of Standards and Technology started a public competition to develop the future standard SHA-3, which will be implemented in a multitude of environments, after its selec- tion in 2012. In this paper, we investigate high-speed and low-area hardware architectures of one of the 14 "second-round" candidates in this competition: BLAKE. VLSI performance results of the pro- posed high-speed designs indicate a throughput improvement be- tween 16% and 36% compared to the current standard SHA-2. Additionally, we propose a compact implementation of BLAKE with memory optimization that fits in 0.127 mm of a 0.18 m CMOS. Measurements reveal a minimal power dissipation of 9.59 W/MHz at 0.65 V, which suggests that BLAKE is suitable for re- source-limited systems.