scispace - formally typeset
Search or ask a question
Author

Seyed Mojtaba Dehnavi

Bio: Seyed Mojtaba Dehnavi is an academic researcher from Kharazmi University. The author has contributed to research in topics: Boolean function & Modulo. The author has an hindex of 4, co-authored 29 publications receiving 47 citations.

Papers
More filters
Journal ArticleDOI
01 Dec 2018
TL;DR: By the aid of the tools given in this paper, the process of the search forlinear and differential characteristics of SIMON and SPECK families of block ciphers could be sped up, and the complexity of linear and differential attacks against these cipher could be reduced.
Abstract: SIMON and SPECK families of block ciphers are well-known lightweight ciphers designed by the NSA. In this note, based on the previous investigations on SIMON, a closed formula for the squared correlations and differential probabilities of the mapping ϕ ( x ) = x ⊙ S 1 ( x ) on F 2 n is given. From the aspects of linear and differential cryptanalysis, this mapping is equivalent to the core quadratic mapping of SIMON via rearrangement of coordinates and EA -equivalence. Based on the proposed explicit formula, a full description of DDT and LAT of ϕ is provided. In the case of SPECK, as the only nonlinear operation in this family of ciphers is addition mod 2 n , after reformulating the formula for linear and differential probabilities of addition mod 2 n , straightforward algorithms for finding the output masks with maximum squared correlation, given the input masks, as well as the output differences with maximum differential probability, given the input differences, are presented. By the aid of the tools given in this paper, the process of the search for linear and differential characteristics of SIMON and SPECK families of block ciphers could be sped up, and the complexity of linear and differential attacks against these ciphers could be reduced.

11 citations

Posted Content
TL;DR: This paper investigates linearized diffusion layers, which are a generalization of conventional diffusion layers; these diffusion layers are used in symmetric ciphers like SMS4, Loiss and ZUC, and introduces some new families of linearized MDS diffusion layers and presents a method for construction of randomized linear diffusion layers over a finite field.
Abstract: Diffusion layers are crucial components of symmetric ciphers. These components, along with suitable Sboxes, can make symmetric ciphers resistant against statistical attacks like linear and differential cryptanalysis. Conventional MDS diffusion layers, which are defined as matrices over finite fields, have been used in symmetric ciphers such as AES, Twofish and SNOW. In this paper, we study linear, linearized and nonlinear MDS diffusion layers. We investigate linearized diffusion layers, which are a generalization of conventional diffusion layers; these diffusion layers are used in symmetric ciphers like SMS4, Loiss and ZUC. We introduce some new families of linearized MDS diffusion layers and as a consequence, we present a method for construction of randomized linear diffusion layers over a finite field. Nonlinear MDS diffusion layers are introduced in Klimov’s thesis; we investigate nonlinear MDS diffusion layers theoretically, and we present a new family of nonlinear MDS diffusion layers. We show that these nonlinear diffusion layers can be made randomized with a low implementation cost. An important fact about linearized and nonlinear diffusion layers is that they are more resistant against algebraic attacks in comparison to conventional diffusion layers. A special case of diffusion layers are (0,1)-diffusion layers. This type of diffusion layers are used in symmetric ciphers like ARIA. We examine (0,1)-diffusion layers and prove a theorem about them. At last, we study linearized MDS diffusion layers of symmetric ciphers Loiss, SMS4 and ZUC, from the mathematical viewpoint.

8 citations

Posted Content
TL;DR: A closed formula for linear probabilities of modular addition modulo a power of two is given, based on what Schulte-Geers presented, which gives a better insight on these probabilities and more information can be extracted from it.
Abstract: Linear approximations of modular addition modulo a power of two was studied by Wallen in 2003. He presented an efficient algorithm for computing linear probabilities of modular addition. In 2013 Schulte-Geers investigated the problem from another viewpoint and derived a somewhat explicit formula for these probabilities. In this note we give a closed formula for linear probabilities of modular addition modulo a power of two, based on what Schulte-Geers presented: our closed formula gives a better insight on these probabilities and more information can be extracted from it.

7 citations

01 Jan 2019
TL;DR: A class of lightweight 4 × 4 cyclic MDS matrices lighter than the state-of-the-art which reduces the implementation cost (in terms of number of XOR gates required) of linear diffusion layers for hardwareoriented cryptographic primitives.
Abstract: Modern lightweight block ciphers and hash functions apply linear layers for the diffusion purpose. In this paper, we characterize a class of lightweight MDS matrices decomposed into two cyclic matrices. As the main contribution, we presents a class of lightweight 4 × 4 cyclic MDS matrices lighter than the state-of-the-art which reduces the implementation cost (in terms of number of XOR gates required) of linear diffusion layers for hardwareoriented cryptographic primitives.

4 citations

Proceedings ArticleDOI
22 Dec 2014
TL;DR: This article defines an equivalence relation between rings and based on this definition, MDS matrices are classified and determine over equivalent rings and constructs a family of lightweight M DS matrices with the same implementation cost as their inverses for the use in block ciphers.
Abstract: Diffusion layers are an important part of most symmetric ciphers and MDS matrices can be used to construct perfect diffusion layers. However, there are few techniques for constructing these matrices with low implementation cost in software/hardware. In this article, we try to give some construction methods of MDS matrices with at least the following properties: Easy implementation, dynamic use and constructing a large family of MDS matrices from one 0, 1)-matrix which is a block-wise MDS matrix. For this purpose, we define an equivalence relation between rings and based on this definition, we classify and determine MDS matrices over equivalent rings. At first, we construct a new family of MDS matrices only with XORs and right or left shifts. Then, we construct another family of MDS matrices with XORs and cyclic shifts operations. Finally, we construct a family of lightweight MDS matrices with the same implementation cost as their inverses for the use in block ciphers.

4 citations


Cited by
More filters
Journal ArticleDOI
Roberto Avanzi1
TL;DR: It is argued that QARMA provides sufficient security margins within the constraints determined by the mentioned applications, while still achieving best-in-class latency, and a technique to extend the length of the tweak by using, for instance, a universal hash function, which can also be used to strengthen the security of QARma.
Abstract: This paper introduces QARMA, a new family of lightweight tweakable block ciphers targeted at applications such as memory encryption, the generation of very short tags for hardware-assisted prevention of software exploitation, and the construction of keyed hash functions. QARMA is inspired by reflection ciphers such as PRINCE, to which it adds a tweaking input, and MANTIS. However, QARMA differs from previous reflector constructions in that it is a three-round Even-Mansour scheme instead of a FX-construction, and its middle permutation is non-involutory and keyed . We introduce and analyse a family of Almost MDS matrices defined over a ring with zero divisors that allows us to encode rotations in its operation while maintaining the minimal latency associated to {0, 1}-matrices. The purpose of all these design choices is to harden the cipher against various classes of attacks. We also describe new S-Box search heuristics aimed at minimising the critical path. QARMA exists in 64- and 128-bit block sizes, where block and tweak size are equal, and keys are twice as long as the blocks. We argue that QARMA provides sufficient security margins within the constraints determined by the mentioned applications, while still achieving best-in-class latency. Implementation results on a state-of-the art manufacturing process are reported. Finally, we propose a technique to extend the length of the tweak by using, for instance, a universal hash function, which can also be used to strengthen the security of QARMA.

125 citations

Book ChapterDOI
04 Dec 2016
TL;DR: In this article, the authors proposed the long trail design strategy (LTS), a dual of the wide-trail design strategy that is applicable (but not limited) to ARX constructions, which advocates the use of large S-boxes together with sparse linear layers.
Abstract: We present, for the first time, a general strategy for designing ARX symmetric-key primitives with provable resistance against single-trail differential and linear cryptanalysis. The latter has been a long standing open problem in the area of ARX design. The wide-trail design strategy (WTS), that is at the basis of many S-box based ciphers, including the AES, is not suitable for ARX designs due to the lack of S-boxes in the latter. In this paper we address the mentioned limitation by proposing the long trail design strategy (LTS) – a dual of the WTS that is applicable (but not limited) to ARX constructions. In contrast to the WTS, that prescribes the use of small and efficient S-boxes at the expense of heavy linear layers with strong mixing properties, the LTS advocates the use of large (ARX-based) S-Boxes together with sparse linear layers. With the help of the so-called long-trail argument, a designer can bound the maximum differential and linear probabilities for any number of rounds of a cipher built according to the LTS.

78 citations

Posted Content
TL;DR: This paper presents, for the first time, a general strategy for designing ARX symmetric-key primitives with provable resistance against single-trail differential and linear cryptanalysis and advocates the use of large (ARX-based) S-Boxes together with sparse linear layers.

76 citations

Journal ArticleDOI
TL;DR: A readiness assessment framework that encompasses the complex interplay of different underlying factors, social structures, and institutional mechanisms and that covers all key stakeholders is proposed and applied to the UAE's healthcare sector and its applicability and usefulness is established.

70 citations

Journal ArticleDOI
TL;DR: Comparing data from papers and patents is compared to help close the research-practice gap by showing how the two expectations for blockchain application in the healthcare sector are evolving.

58 citations