FPGA-Based High-Performance Computing Platform for Cryptanalysis of AES Algorithm
01 Jan 2020-pp 637-646
TL;DR: A brute force cryptanalytic attack on the AES algorithm with a 128-bit key is implemented on the proposed HPC platform, which achieves a computational complexity of 2124 for an attack against 10-rounds AES algorithm.
Abstract: Cryptanalysis is used to analyze the strength of a cryptographic algorithm. Various cryptanalytic attacks against AES algorithm target reduced-round variants. These attacks are theoretical and are generally considered infeasible due to the demand for a large number of computations. To meet this high-computational requirement, an FPGA-based High-Performance Computing (HPC) platform is presented in this paper. FPGAs are advantageous for implementing cryptanalytic attacks, as the modular arithmetic is implemented more efficiently in FPGAs as compared to GPUs. The proposed HPC platform consists of four Spartan6 FPGAs connected in a mesh topology. A brute force cryptanalytic attack on the AES algorithm with a 128-bit key is implemented on the proposed HPC platform. Four-AES key search engines are designed in each FPGA. Thus, 16-AES key search engines are instantiated in parallel to perform AES cryptanalysis using different keys in parallel. To allocate distinct the key space to the 16 AES key search engines, an efficient key generator is also proposed in this work. The proposed architecture achieves a computational complexity of 2124 for an attack against 10-rounds AES algorithm.
Citations
More filters
TL;DR: The study is novel as it is one of the few in the cryptology field to calculate analytical upper bounds of BC practical security against LDC methods as well as to show and prove that using random substitutions allows improvingupper bounds of linear and differential parameters.
Abstract: In up-to-date information and communication systems (ICS) cryptography is used for ensuring data confidentiality. The symmetric block ciphers (BC) are implemented in different ICS including critical applications. Today theory of analysis and security verification of BC with fixed substitution nodes against linear and differential cryptanalysis (LDC) is developed. There are also BC with substitution nodes defined by round keys. Random substitution nodes improve security of ciphers and complicate its cryptanalysis. But through it all, quantitative assessment is an actual and not simple task as well as the derivation of formulas for practical security verification for BC with random substitution nodes against LDC. In this paper analytical upper bounds of parameters characterized practical security of BC with random substitution nodes against LDC were given. These assessments generalize known analogs on BC with random substitution nodes and give a possibility to verify security improving against LDC. By using the example of BC Kalyna-128, it was shown that the use of random substitution nodes allows improving upper bounds of linear and differential parameters average probabilities in 246 and 290 times respectively. The study is novel as it is one of the few in the cryptology field to calculate analytical upper bounds of BC practical security against LDC methods as well as to show and prove that using random substitutions allows improving upper bounds of linear and differential parameters. The security analysis using quantitative parameters gives possibility to evaluate various BCs or other cryptographic algorithms and their ability to provide necessary and sufficient security level in ICS. A future research study can be directed on improving analytical upper bounds for analyzed LDC in context to practical security against LDC, as well as practical cryptographic security assessment for other BC with random substitutions against LDC and other cryptanalysis methods including quantum cryptanalysis (Shor, Grover, Deutsch-Jozsa algorithms).
1 citations
TL;DR: In this paper, the authors proposed an optimized algorithm that efficiently encrypts and decrypts large files by parallelizing processing tasks on a single heterogeneous many-core processor in the Sunway TaihuLight computer system.
Abstract: Data security is the focus of information security. As a primary method, file encryption is adopted for ensuring data security. Encryption algorithms created to meet the Data Encryption Standard (DES) and the Advanced Encryption Standard (AES) are widely used in a variety of systems. These algorithms are computationally highly complex, thus, the efficiency of encrypting or decrypting large files can be drastically reduced. To this end, we propose an optimized algorithm that efficiently encrypts and decrypts large files by parallelizing processing tasks on a single heterogeneous many-core processor in the Sunway TaihuLight computer system. Firstly, we convert the serial DES and AES programs to our experimental platform. Then we implement a task assignment strategy to test the converted algorithms. Finally, in order to optimize parallelized algorithms and improve data transmission performance, we apply the master-slave communication optimization, the three-stage parallel pipeline, and vectorization. Extensive experiments demonstrate that our optimized algorithm is faster than the state-of-the-art open-source implementations of DES and AES. Compared with the serial processing algorithms, our parallelized DES and AES perform nearly 40 times and 72 times faster, respectively. The work described in this paper leverages existing methods and provides a sound basis for the direction of future research in data encryption.
1 citations
01 Jan 2019
1 citations
Proceedings Article•
01 Jan 2020
TL;DR: Proposed cipher provides practical security against LDC with more high-speed in comparison with modern BC, and future research study can be related to practical cryptographic security assessment against other cryptanalysis methods.
Abstract: Today cryptographic methods use to provide confidentiality and integrity of the data. In other hand, there are many threats related to security breaches and restricted access data leakage in up-to-date information and communication technologies (ICT). The most popular and effective attacks are linear and differential cryptanalysis (LDC) as well as quantitative security assessment characterizing practical security against LDC is actual research task. Another valuable parameter is cryptographic data processing speed; as a rule it is decreasing in algorithms with high processing complexity. As time goes on some algorithms become worn out and outdated (i.e. DES, GOST 28147-89) as well as new more secure and high-speed algorithms are used in modern ICT (webapplications, IoT, blockchain, critical infrastructure). From this position, in this paper method of cryptographic security algorithms constructing for critical applications has been improved. This method uses substitution tables with increased capacity and randomized linear and non-linear operations. On the basis of this method, new advanced block cipher (BC) was proposed and its specifications were given. At the same time, analytical upper bounds of parameters characterized practical security of proposed BC against LDC were calculated. Besides, speed characteristics of developed BC were also evaluated. The results of experimental study showed that proposed cipher provides practical security against LDC with more high-speed in comparison with modern BC. Future research study can be related to practical cryptographic security assessment against other cryptanalysis methods.
Cites background from "FPGA-Based High-Performance Computi..."
...Also the security ratings of the proposed BC over the methods of LDC are calculated....
[...]
...Also the development and cost reduction of ICT positively affects the effectiveness of cryptanalysis, one of the most effective methods of which is linear and differential cryptanalysis (LDC) [6-8]....
[...]
...Accorfing to (9) – (14) formulas the parameters upper bounds values, characterizing this BC practical security against LDC methods are calculated: 142− = = , 4r = , 9MB = – 294( ) 2EDP − , 294( ) 2ELP − and number of round keys 9r = ....
[...]
...On the basis of paper [9], for the proposed method analytical upper bounds of the parameters that characterize its practical security against cyberattacks of LDC are obtained as following: ( ) 2 1 2 1 M M r B r B EDP + + , (9) ( ) 2 1 2 1 M M r B r B ELP + + , (10) where ( )EDP is the average probability of differential characteristic , ( )ELP is the average probability of linear characteristic , MB is M matrix branching index, and the parameters , , , are defined via the following formulas: ( ) ( ) max , : , \ 0 , 0, 1js td V j b = − , (11) ( ) ( ) max , : , \ 0 , 0, 1js t tl V V j b = − , (12) ( ) ( ) 1 1 0 max , : , \ 0j b s t j b d V − − = = , (13) ( ) ( ) 1 1 0 max , : , \ 0j b s t t j b l V V − − = = ....
[...]
...At the same time, analytical upper bounds of parameters characterized practical security of proposed BC against LDC were calculated....
[...]
References
More filters
Book•
14 Feb 2002
TL;DR: The underlying mathematics and the wide trail strategy as the basic design idea are explained in detail and the basics of differential and linear cryptanalysis are reworked.
Abstract: 1. The Advanced Encryption Standard Process.- 2. Preliminaries.- 3. Specification of Rijndael.- 4. Implementation Aspects.- 5. Design Philosophy.- 6. The Data Encryption Standard.- 7. Correlation Matrices.- 8. Difference Propagation.- 9. The Wide Trail Strategy.- 10. Cryptanalysis.- 11. Related Block Ciphers.- Appendices.- A. Propagation Analysis in Galois Fields.- A.1.1 Difference Propagation.- A.l.2 Correlation.- A. 1.4 Functions that are Linear over GF(2).- A.2.1 Difference Propagation.- A.2.2 Correlation.- A.2.4 Functions that are Linear over GF(2).- A.3.3 Dual Bases.- A.4.2 Relationship Between Trace Patterns and Selection Patterns.- A.4.4 Illustration.- A.5 Rijndael-GF.- B. Trail Clustering.- B.1 Transformations with Maximum Branch Number.- B.2 Bounds for Two Rounds.- B.2.1 Difference Propagation.- B.2.2 Correlation.- B.3 Bounds for Four Rounds.- B.4 Two Case Studies.- B.4.1 Differential Trails.- B.4.2 Linear Trails.- C. Substitution Tables.- C.1 SRD.- C.2 Other Tables.- C.2.1 xtime.- C.2.2 Round Constants.- D. Test Vectors.- D.1 KeyExpansion.- D.2 Rijndael(128,128).- D.3 Other Block Lengths and Key Lengths.- E. Reference Code.
3,444 citations
01 Jan 2002
TL;DR: This volume is the authoritative guide to the Rijndael algorithm and AES and professionals, researchers, and students active or interested in data encryption will find it a valuable source of information and reference.
Abstract: From the Publisher:
In October 2000, the US National Institute of Standards and Technology selected the block cipher Rijndael as the Advanced Encryption Standard (AES). AES is expected to gradually replace the present Data Encryption Standard (DES) as the most widely applied data encryption technology.|This book by the designers of the block cipher presents Rijndael from scratch. The underlying mathematics and the wide trail strategy as the basic design idea are explained in detail and the basics of differential and linear cryptanalysis are reworked. Subsequent chapters review all known attacks against the Rijndael structure and deal with implementation and optimization issues. Finally, other ciphers related to Rijndael are presented.|This volume is THE authoritative guide to the Rijndael algorithm and AES. Professionals, researchers, and students active or interested in data encryption will find it a valuable source of information and reference.
2,140 citations
04 Dec 2011
TL;DR: This paper presents the novel technique of block cipher cryptanalysis with bicliques, which leads to the following results: the first key recovery method for the full AES-128 with computational complexity 2126.1.4 and key recovery methods with lower complexity for the reduced-round versions of AES not considered before.
Abstract: Since Rijndael was chosen as the Advanced Encryption Standard (AES), improving upon 7-round attacks on the 128-bit key variant (out of 10 rounds) or upon 8-round attacks on the 192/256-bit key variants (out of 12/14 rounds) has been one of the most difficult challenges in the cryptanalysis of block ciphers for more than a decade. In this paper, we present the novel technique of block cipher cryptanalysis with bicliques, which leads to the following results:
The first key recovery method for the full AES-128 with computational complexity 2126.1.
The first key recovery method for the full AES-192 with computational complexity 2189.7.
The first key recovery method for the full AES-256 with computational complexity 2254.4.
Key recovery methods with lower complexity for the reduced-round versions of AES not considered before, including cryptanalysis of 8-round AES-128 with complexity 2124.9.
Preimage search for compression functions based on the full AES versions faster than brute force.
In contrast to most shortcut attacks on AES variants, we do not need to assume related-keys. Most of our techniques only need a very small part of the codebook and have low memory requirements, and are practically verified to a large extent. As our cryptanalysis is of high computational complexity, it does not threaten the practical use of AES in any way.
543 citations
06 Dec 2001
TL;DR: This paper expands the impossible differential attacks against Rijndael and Crypton to 6-round and uses the same 4-round impossible differential as in five round attacks, but puts this impossible differential in the middle of6-round.
Abstract: Impossible differential attacks against Rijndael and Crypton have been proposed up to 5-round. In this paper we expand the impossible differential attacks to 6-round. Although we use the same 4-round impossible differential as in five round attacks, we put this impossible differential in the middle of 6-round. That is, we will consider one round before the impossible differential and one more round after. The complexity of the proposed attack is bigger than that of the Square attack, but still less than that of the exhaustive search.
104 citations
12 Dec 2010
TL;DR: By this attack, 7-round AES- 128 is breakable with a data complexity of about 2106 chosen plaintexts and a time complexity equivalent to about 2110 encryptions, better than any previously known attack on AES-128 in the single-key scenario.
Abstract: Using a new 4-round impossible differential in AES that allows us to exploit the redundancy in the key schedule of AES-128 in a way more effective than previous work, we present a new impossible differential attack on 7 rounds of this block cipher. By this attack, 7-round AES-128 is breakable with a data complexity of about 2106 chosen plaintexts and a time complexity equivalent to about 2110 encryptions. This result is better than any previously known attack on AES-128 in the single-key scenario.
95 citations