Mohammad Dakhilalian

Bio: Mohammad Dakhilalian is an academic researcher from Isfahan University of Technology. The author has contributed to research in topics: Block cipher & Differential cryptanalysis. The author has an hindex of 11, co-authored 34 publications receiving 441 citations. Previous affiliations of Mohammad Dakhilalian include Pompeu Fabra University.

Improved Impossible Differential Cryptanalysis of 7-Round AES-128

Abstract: Using a new 4-round impossible differential in AES that allows us to exploit the redundancy in the key schedule of AES-128 in a way more effective than previous work, we present a new impossible differential attack on 7 rounds of this block cipher. By this attack, 7-round AES-128 is breakable with a data complexity of about 2106 chosen plaintexts and a time complexity equivalent to about 2110 encryptions. This result is better than any previously known attack on AES-128 in the single-key scenario.

Recursive diffusion layers for block ciphers and hash functions

Abstract: Many modern block ciphers use maximum distance separable (MDS) matrices as the main part of their diffusion layers In this paper, we propose a new class of diffusion layers constructed from several rounds of Feistel-like structures whose round functions are linear We investigate the requirements of the underlying linear functions to achieve the maximal branch number for the proposed 4×4 words diffusion layer The proposed diffusion layers only require word-level XORs, rotations, and they have simple inverses They can be replaced in the diffusion layer of the block ciphers MMB and Hierocrypt to increase their security and performance, respectively Finally, we try to extend our results for up to 8×8 words diffusion layers

On construction of involutory MDS matrices from Vandermonde Matrices in GF(2q)

Abstract: Due to their remarkable application in many branches of applied mathematics such as combinatorics, coding theory, and cryptography, Vandermonde matrices have received a great amount of attention. Maximum distance separable (MDS) codes introduce MDS matrices which not only have applications in coding theory but also are of great importance in the design of block ciphers. Lacan and Fimes introduce a method for the construction of an MDS matrix from two Vandermonde matrices in the finite field. In this paper, we first suggest a method that makes an involutory MDS matrix from the Vandermonde matrices. Then we propose another method for the construction of 2 n × 2 n Hadamard MDS matrices in the finite field GF(2 q ). In addition to introducing this method, we present a direct method for the inversion of a special class of 2 n × 2 n Vandermonde matrices.

New Results on Impossible Differential Cryptanalysis of Reduced---Round Camellia---128

Abstract: Camellia, a 128---bit block cipher which has been accepted by ISO/IEC as an international standard, is increasingly being used in many cryptographic applications. In this paper, using the redundancy in the key schedule and accelerating the filtration of wrong pairs, we present a new impossible differential attack to reduced---round Camellia. By this attack 12---round Camellia---128 without FL/FL ? 1 functions and whitening is breakable with a total complexity of about 2116.6 encryptions and 2116.3 chosen plaintexts. In terms of the numbers of the attacked rounds, our attack is better than any previously known attack on Camellia---128.

Cryptanalysis of mCrypton—A lightweight block cipher for security of RFID tags and sensors

Abstract: mCrypton is a 64-bit lightweight block cipher designed for use in low-cost and resource-constrained applications such as RFID tags and sensors in wireless sensor networks. In this paper, we investigate the strength of this cipher against related-key impossible differential cryptanalysis. First, we construct two 6-round related-key impossible differentials for mCrypton-96 and mCrypton-128. Then, using these distinguishers, we present 9-round related-key impossible differential attacks on these two versions. The attack on mCrypton-96 requires 259.9 chosen plaintexts, and has a time complexity of about 274.9 encryptions. The data and time complexities for the attack on mCrypton-128 are 259.7 chosen plaintexts and 266.7 encryptions, respectively. Copyright © 2011 John Wiley & Sons, Ltd.

Biclique cryptanalysis of the full AES

Abstract: Since Rijndael was chosen as the Advanced Encryption Standard (AES), improving upon 7-round attacks on the 128-bit key variant (out of 10 rounds) or upon 8-round attacks on the 192/256-bit key variants (out of 12/14 rounds) has been one of the most difficult challenges in the cryptanalysis of block ciphers for more than a decade. In this paper, we present the novel technique of block cipher cryptanalysis with bicliques, which leads to the following results: The first key recovery method for the full AES-128 with computational complexity 2126.1. The first key recovery method for the full AES-192 with computational complexity 2189.7. The first key recovery method for the full AES-256 with computational complexity 2254.4. Key recovery methods with lower complexity for the reduced-round versions of AES not considered before, including cryptanalysis of 8-round AES-128 with complexity 2124.9. Preimage search for compression functions based on the full AES versions faster than brute force. In contrast to most shortcut attacks on AES variants, we do not need to assume related-keys. Most of our techniques only need a very small part of the codebook and have low memory requirements, and are practically verified to a large extent. As our cryptanalysis is of high computational complexity, it does not threaten the practical use of AES in any way.

A survey on lightweight block ciphers for low-resource devices

Abstract: This paper investigates the lightweight block ciphers' implementations, which have received a fair amount of research for their essential security role in low-resource devices Our objective is to present a comprehensive review of state-of-the-art research progress in lightweight block ciphers' implementation and highlight future research directions At first, we present taxonomy of the cipher design space and accurately define the scope of lightweight ciphers for low-resource devices Moreover, this paper discusses the performance metrics that are commonly reported in the literature when comparing cipher implementations The sources of inaccuracies and deviations are carefully examined In order to mitigate the confusion in the composite metrics, we developed a general metric which includes the basic metrics Our analysis designated the energy/bit metric as the most appropriate metric for energy-constrained low-resource designs Afterwards, the software and hardware implementations of the block cipher algorithms are surveyed, investigated, and compared The paper selects the top performing ciphers in various metrics and suggests the Present cipher as a good reference for hardware implementations What transpires from this survey is that unresolved research questions and issues are yet to be addressed by future research projects

Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting

Abstract: In this paper, we revisit meet-in-the-middle attacks on AES in the single-key model and improve on Dunkelman, Keller and Shamir attacks at Asiacrypt 2010. We present the best attack on 7 rounds of AES-128 where data/time/memory complexities are below 2100. Moreover, we are able to extend the number of rounds to reach attacks on 8 rounds for both AES-192 and AES-256. This gives the best attacks on those two versions with a data complexity of 2107 chosen-plaintexts, a memory complexity of 296 and a time complexity of 2172 for AES-192 and 2196 for AES-256. Finally, we also describe the best attack on 9 rounds of AES-256 with 2120 chosen plaintexts and time and memory complexities of 2203. All these attacks have been found by carefully studying the number of reachable multisets in Dunkelman et al. attacks.

Block Ciphers – Focus on the Linear Layer (feat. PRIDE)

Abstract: The linear layer is a core component in any substitution-permutation network block cipher. Its design significantly influences both the security and the efficiency of the resulting block cipher. Surprisingly, not many general constructions are known that allow to choose trade-offs between security and efficiency. Especially, when compared to Sboxes, it seems that the linear layer is crucially understudied. In this paper, we propose a general methodology to construct good, sometimes optimal, linear layers allowing for a large variety of trade-offs. We give several instances of our construction and on top underline its value by presenting a new block cipher. PRIDE is optimized for 8-bit micro-controllers and significantly outperforms all academic solutions both in terms of code size and cycle count.

Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting.

Abstract: In this paper, we revisit meet-in-the-middle attacks on AES in the single-key model and improve on Dunkelman, Keller and Shamir attacks of Asiacrypt 2010. We present the best attack on 7 rounds of AES-128 where data/time/memory complexities are below 2. Moreover, we are able to extend the number of rounds to reach attacks on 8 rounds for both AES-192 and AES-256. This gives the best attacks on those two versions with a data complexity of 2 chosen-plaintexts, a memory complexity of 2 and a time complexity of 2 for AES-192 and 2 for AES-256. Finally, we also describe the best attack on 9 rounds of AES-256 with 2 chosen-plaintexts and time and memory complexities of 2. All these attacks have been found by carefully studying the number of reachable multisets in Dunkelman et al. attacks.