Showing papers by "Orr Dunkelman published in 2021"

Automatic Search for Bit-Based Division Property.

Abstract: Division properties, introduced by Todo at Eurocrypt 2015, are an extension of square attack (also called saturation attack or integral cryptanalysis). Given their importance, a large number of works tried to offer automatic tools to find division properties, primarily based on MILP or SAT/SMT. This paper studies better modeling techniques for finding division properties using the Constraint Programming and SAT/SMT-based automatic tools. We use the fact that the Quine-McCluskey algorithm produces a concise CNF representation corresponding to the division trail table of an Sbox. As a result, we can offer significantly more compact models, which allow SAT and Constraint Programming tools to outperform previous results.

Inverting Binarizations of Facial Templates Produced by Deep Learning (and Its Implications)

Abstract: We focus on attacks against a biometric authentication system aimed at reconstructing a biometric sample of the subject from the protected template. Such systems include three blocks: feature extraction, binarization, and protection. We propose a new white-box reversing attack on the binarization block that approximates a biometric template given the binary string obtained by the binarization block. The experiments show that the proposed attack reconstructs very accurate approximations that pass the verification threshold when compared to templates produced from the same and different samples of the subject. We then integrate this attack with known attacks on the other two blocks, namely, a variant of a guessing attack to extract the binary string and biometric inversion attack to reconstruct a sample from its template. We instantiate this end-to-end attack on a face authentication system using fuzzy commitments for protection. Facial images reconstructed by the end-to-end attack greatly resemble the original ones. In the simplest attack scenario, more than 83% of these reconstructed templates succeed in unlocking an account (when the system is configured to 0.1% FMR). Even in the “hardest” settings (in which we take a reconstructed image from one system and use it in a different system, with a different feature extraction process) the reconstructed image offers 170 to 210 times higher success rates than the system’s FMR.

Three Third Generation Attacks on the Format Preserving Encryption Scheme FF3

Abstract: Format-Preserving Encryption (FPE) schemes accept plaintexts from any finite set of values (such as social security numbers or birth dates) and produce ciphertexts that belong to the same set. They are extremely useful in practice since they make it possible to encrypt existing databases or communication packets without changing their format. Due to industry demand, NIST had standardized in 2016 two such encryption schemes called FF1 and FF3. They immediately attracted considerable cryptanalytic attention with decreasing attack complexities. The best currently known attack on the Feistel construction FF3 has data and memory complexity of \({O}(N^{11/6})\) and time complexity of \({O}(N^{17/6})\), where the input belongs to a domain of size \(N \times N\).

Biased differential distinguisher – Cryptanalysis of reduced-round SKINNY

Abstract: SKINNY is a lightweight tweakable block cipher which received a great deal of cryptanalytic attention due to its elegant structure and efficiency. Despite the cryptanalytic efforts the security margins are remaining high. This has led to SKINNY being used as a component of multiple submissions in the NIST Lightweight Competition, an effort to standardize a lightweight AEAD scheme. Inspired by the SKINNY competitions, multiple attacks on it were reported in different settings (e.g. single vs. related-tweakey) using different techniques (impossible differentials, zero-correlation, meet-in-the-middle, etc.). In this paper we revisit some of these attacks, identify issues with several of them, and offer a series of improved attacks which were experimentally verified. Our best attack can attack up to 18 rounds of SKINNY -64 using 260 chosen plaintexts data, 2116 time, and 2112 memory.

Three Third Generation Attacks on the Format Preserving Encryption Scheme FF3.

Abstract: Format-Preserving Encryption (FPE) schemes accept plaintexts from any finite set of values (such as social security numbers or birth dates) and produce ciphertexts that belong to the same set. They are extremely useful in practice since they make it possible to encrypt existing databases or communication packets without changing their format. Due to industry demand, NIST had standardized in 2016 two such encryption schemes called FF1 and FF3. They immediately attracted considerable cryptanalytic attention with decreasing attack complexities. The best currently known attack on the Feistel construction FF3 has data and memory complexity of \({O}(N^{11/6})\) and time complexity of \({O}(N^{17/6})\), where the input belongs to a domain of size \(N \times N\).

DNS-Morph: UDP-Based Bootstrapping Protocol for Tor.

Abstract: Tor is a popular system for anonymous communication and censorship circumvention on the web, this puts Tor as a target for attacks by organizations and governmental bodies whose goal is to hinder users’ ability to connect to it. These attacks include deep packet inspection (DPI) to classify Tor traffic as well as legitimate Tor client impersonation (active probing) to expose Tor bridges. As a response to Tor-blocking attempts, the Tor community has developed Pluggable Transports (PTs), tools that transform the appearance of Tor’s traffic flow.