Showing papers on "Block cipher published in 2018"

On the Security of a Class of Diffusion Mechanisms for Image Encryption

Abstract: The need for fast and strong image cryptosystems motivates researchers to develop new techniques to apply traditional cryptographic primitives in order to exploit the intrinsic features of digital images. One of the most popular and mature technique is the use of complex dynamic phenomena, including chaotic orbits and quantum walks, to generate the required key stream. In this paper, under the assumption of plaintext attacks we investigate the security of a classic diffusion mechanism (and of its variants) used as the core cryptographic primitive in some image cryptosystems based on the aforementioned complex dynamic phenomena. We have theoretically found that regardless of the key schedule process, the data complexity for recovering each element of the equivalent secret key from these diffusion mechanisms is only ${O}$ (1). The proposed analysis is validated by means of numerical examples. Some additional cryptographic applications of this paper are also discussed.

On the Boomerang Uniformity of Cryptographic Sboxes

Abstract: The boomerang attack is a cryptanalysis technique against block ciphers which combines two differentials for the upper part and the lower part of the cipher. The dependency between these two differentials then highly affects the complexity of the attack and all its variants. Recently, Cid et al. introduced at Eurocrypt’18 a new tool, called the Boomerang Connectivity Table (BCT) that permits to simplify this complexity analysis, by storing and unifying the different switching probabilities of the cipher’s Sbox in one table. In this seminal paper a brief analysis of the properties of these tables is provided and some open questions are raised. It is being asked in particular whether Sboxes with optimal BCTs exist for even dimensions, where optimal means that the maximal value in the BCT equals the lowest known differential uniformity. When the dimension is even and differs from 6, such optimal Sboxes correspond to permutations such that the maximal value in their DDT and in their BCT equals 4 (unless APN permutations for such dimensions exist). We provide in this work a more in-depth analysis of boomerang connectivity tables, by studying more closely differentially 4-uniform Sboxes. We first completely characterize the BCT of all differentially 4-uniform permutations of 4 bits and then study these objects for some cryptographically relevant families of Sboxes, as the inverse function and quadratic permutations. These two families provide us with the first examples of differentially 4-uniform Sboxes optimal against boomerang attacks for an even number of variables, answering the above open question.

Lightweight Block Ciphers for IoT: Energy Optimization and Survivability Techniques

Abstract: With extraordinary growth in the Internet of Things (IoT), the amount of data exchanged between IoT devices is growing at an unprecedented scale. Most of the IoT devices are low-resource devices handling sensitive and confidential data. Conventional encryption methods are inappropriate for low-resource devices. Lightweight block ciphers are used to encrypt data on such devices, as it balances security requirements and energy consumption. The objective of this paper is to explore opportunities to improve performance and optimize energy consumption for cipher designs targeted for low-resource IoT devices. This paper also presents an energy management algorithm to improve IoT survivability against Denial-of-service attacks in the form of battery exhaustion. We developed a simple and effective model for lightweight cipher performance metrics. Model results were compared and validated with published application-specific integrated circuit (ASIC) and field-programmable gate array (FPGA) designs. Using the model, we explored opportunities for performance enhancement in future cipher designs. Our analysis indicates that the optimum energy is achieved when block size is between 48-bit and 96-bit. Also, increasing size of overhead logic from one round to two rounds increases encryption energy-per-bit by 3.4%. Further, the optimum energy is attained when the number of algorithm rounds is 16 or less. Optimum throughput is achieved by implementations with large block sizes and large number of implemented rounds. Next, we present a novel algorithm to manage cipher energy consumption. The algorithm allows low-resource IoT devices to encrypt critical messages during low-energy mode while balancing throughput, energy per bit, and device activity.

Chaotic S-box: six-dimensional fractional Lorenz–Duffing chaotic system and O-shaped path scrambling

Abstract: This paper is concerned with designing a chaotic encryption system to generate the nonlinear component, substitution box (S-box), of a block cipher system. Many existing S-boxes generation methods employ a single or complicate chaotic systems to yield S-boxes. All of these chaotic systems are integral and have promoted the development of the theoretical research of chaotic S-boxes. However, it is difficult to implement the integral chaotic S-box generation systems that are appropriate for practical engineering applications. In this paper, a six-dimensional fractional Lorenz–Duffing chaotic system and O-shaped path scrambling algorithm (FLDSOP) is developed to yield an S-box with good dynamic characteristics. First, FLDSOP leverages a six-dimensional fractional Lorenz–Duffing chaotic system to construct a preliminary S-box. Second, it designs an O-Shaped path scrambling scheme to disturb the order of elements in the obtain S-box. Experimental results have shown that the chaotic S-box produced by the proposed FLDSOP algorithm can effectively resist to multiple types of cryptanalysis attacks.

Persistent Fault Analysis on Block Ciphers

Abstract: Persistence is an intrinsic nature for many errors yet has not been caught enough attractions for years. In this paper, the feature of persistence is applied to fault attacks, and the persistent fault attack is proposed. Different from traditional fault attacks, adversaries can prepare the fault injection stage before the encryption stage, which relaxes the constraint of the tight-coupled time synchronization. The persistent fault analysis (PFA) is elaborated on different implementations of AES-128, specially fault hardened implementations based on Dual Modular Redundancy (DMR). Our experimental results show that PFA is quite simple and efficient in breaking these typical implementations. To show the feasibility and practicability of our attack, a case study is illustrated on the shared library Libgcrypt with rowhammer technique. Approximately 8200 ciphertexts are enough to extract the master key of AES-128 when PFA is applied to Libgcrypt1.6.3 with redundant encryption based DMR. This work puts forward a new direction of fault attacks and can be extended to attack other implementations under more interesting scenarios.

Making the Impossible Possible

Abstract: This paper introduces new techniques and correct complexity analyses for impossible differential cryptanalysis, a powerful block cipher attack. We show how the key schedule of a cipher impacts an impossible differential attack, and we provide a new formula for the time complexity analysis that takes this parameter into account. Further, we show, for the first time, that the technique of multiple differentials can be applied to impossible differential attacks. Then, we demonstrate how this technique can be combined in practice with multiple impossible differentials or with the so-called state-test technique. To support our proposal, we implemented the above techniques on small-scale ciphers and verified their efficiency and accuracy in practice. We apply our techniques to the cryptanalysis of ciphers including AES-128, CRYPTON-128, ARIA-128, CLEFIA-128, Camellia-256 and LBlock. All of our attacks significantly improve previous impossible differential attacks and generally achieve the best memory complexity among all previous attacks against these ciphers.

A survey of cryptographic algorithms for IoT devices

Abstract: The future of Internet is “Internet of Things” where trillions of physical objects, most of them with low or extremely low resources, communicate with each other without human intervention. Light weight cryptography includes cryptographic algorithms specifically meant for extremely constrained resources. They can be applied not only for encryption but also for hashing and authentication under environments that are highly constrained. □ In this paper, we first discuss the need of light weight cryptography and their design differences with normal block ciphers. An overview of some of the light weight cryptographic algorithms is discussed after that. Also, we look into different types of attacks that has been studied on some of these ciphers. Finally, we compare the performance of some of these ciphers on Windows and Embedded platform.

SPRING: a novel parallel chaos-based image encryption scheme

Abstract: Due to the increasing demand on secure image transmission, image encryption has emerged as an active research field in recent years Many of the proposed image encryption schemes are designed based on chaotic maps with permutation–diffusion architecture While most of these schemes reported good statistical properties, they are slow in execution speed due to inherent data dependency of the proposed schemes Some of these schemes are designed based on complex chaotic systems that require significant computational resources to obtain the keystream for encryption In this paper, we propose SPRING, a novel image encryption scheme designed based on lightweight chaotic maps and simple logical and arithmetic operations, which is also highly optimized for massively parallel architecture (eg GPU) The extensive experimental results show that SPRING is not only secure but also able to achieve high encryption speed in single-core CPU, multi-core CPU and many-core GPU Encrypting a 512 $$\times $$ 512 grayscale image in serial takes 09126 ms which is 220% faster than state-of-the-art ARX-based image encryption scheme proposed by Choi et al SPRING can be implemented in parallel to encrypt the same image in 00862 ms by exploiting many-core GPU, which is 10 $$\times $$ faster than the serial version implemented using CPU

Cube Attacks on Non-Blackbox Polynomials Based on Division Property

Abstract: The cube attack is a powerful cryptanalytic technique and is especially powerful against stream ciphers. Since we need to analyze the complicated structure of a stream cipher in the cube attack, the cube attack basically analyzes it by regarding it as a blackbox. Therefore, the cube attack is an experimental attack, and we cannot evaluate the security when the size of cube exceeds an experimental range, e.g., 40. In this paper, we propose cube attacks on non-blackbox polynomials. Our attacks are developed by using the division property, which is recently applied to various block ciphers. The clear advantage is that we can exploit large cube sizes because it never regards the cipher as a blackbox. We apply the new cube attack to Trivium , Grain128a, ACORN and Kreyvium. As a result, the secret keys of 832-round Trivium , 183-round Grain128a, 704-round ACORN and 872-round Kreyvium are recovered. These attacks are the current best key-recovery attack against these ciphers.

Mind the Gap - A Closer Look at the Security of Block Ciphers against Differential Cryptanalysis.

Abstract: Resistance against differential cryptanalysis is an important design criteria for any modern block cipher and most designs rely on finding some upper bound on probability of single differential characteristics. However, already at EUROCRYPT’91, Lai et al. comprehended that differential cryptanalysis rather uses differentials instead of single characteristics.

Trade-off of security and performance of lightweight block ciphers in Industrial Wireless Sensor Networks

Abstract: Lightweight block ciphers play an indispensable role for the security in the context of pervasive computing. However, the performance of resource-constrained devices can be affected dynamically by the selection of suitable cryptalgorithms, especially for the devices in the resource-constrained devices and/or wireless networks. Thus, in this paper, we study the trade-off between security and performance of several recent top performing lightweight block ciphers for the demand of resource-constrained Industrial Wireless Sensor Networks. Then, the software performance evaluation about these ciphers has been carried out in terms of memory occupation, cycles per byte, throughput, and a relative good comprehensive metric. Moreover, the results of avalanche effect, which shows the possibility to resist possible types of different attacks, are presented subsequently. Our results show that SPECK is the software-oriented lightweight cipher which achieves the best performance in various aspects, and it enjoys a healthy security margin at the same time. Furthermore, PRESENT, which is usually used as a benchmark for newer hardware-oriented lightweight ciphers, shows that the software performance combined with avalanche effect is inadequate when it is implemented. In the real application, there is a need to better understand the resources of dedicated platforms and security requirement, as well as the emphasis and focus. Therefore, this case study can serve as a good reference for the better selection of trade-off between performance and security in constrained environments.

Quantum key-recovery attack on Feistel structures

Abstract: Post-quantum cryptography has drawn considerable attention from cryptologists on a global scale At Asiacrypt 2017, Leander and May combined Grovers and Simons quantum algorithms to break the FX-based block ciphers, which were introduced by Kilian and Rogaway to strengthen DES In this study, we investigate the Feistel constructions using Grovers and Simons algorithms to generate new quantum key-recovery attacks on different rounds of Feistel constructions Our attacksrequire $2^{025nr-075n}$ quantum queries to break an $r$-round Feistel constructionThe time complexity of our attacks is less than that observed for quantum brute-force search by a factor of $2^{075n}$ When compared with the best classical attacks, ie, Dinur et als attacks at CRYPTO 2015, the time complexity is reduced by a factor of $2^{05n}$ without incurring any memory cost

A new efficient lightweight and secure image cipher scheme

Abstract: The protection of multimedia content has become a key area of research, since very often a user’s privacy and confidentiality can be at risk. Although a large number of image encryption algorithms have recently emerged, only a subset of these algorithms are suitable for real applications. These algorithms however use non-integer operations such as chaotic solutions that introduce a sizeable overhead in terms of latency and resources, in addition to floating-point hardware that is costly to implement. Designing an efficient, lightweight, and secure image encryption algorithm is still a hard challenge; yet, it is crucial to have in order to meet the demands of recent multimedia applications running on energy-limited devices. In this paper, an efficient image encryption scheme based on a dynamic structure is proposed. The structure of the proposed cipher consists of two different lightweight rounds (forward and backward chaining blocks) and a block permutation process. In addition, a key derivation function is proposed to produce a dynamic key based on a secret key and a nonce. This key, according to its configuration, can be changed for each validate time (session) or for each new input image. Then, based on this key, the cipher layers are produced, which are an integer or a binary diffusion matrix and a substitution table S-box, together with a permutation table P-box. The proposed dynamic cipher is designed to provide high robustness against contemporary powerful attacks, and permits reducing the required number of rounds for achieving the lightweight property. Experimental simulations demonstrate the efficiency and robustness levels of the proposed scheme.

HEVC Selective Encryption Using RC6 Block Cipher Technique

Abstract: The high efficiency video coding (HEVC) partial encryption (PE) technique depends on encrypting the highly sensitive data on the video bit stream. The HEVC PE technique should keep the video format compliance, should be of the same bit rate, and ensure real-time constraints. The paper suggests an effective RC6 HEVC PE technique which encrypts sensible video data bits with low complexity overhead, fast encoding time for real-time applications, and fixed HEVC bitrate. These features result from using the low computational complexity RC6 block cipher for encrypting the selective video bins. The proposed RC6 HEVC PE encrypts the discrete cosine transform (DCT) coefficients sign bit, the DCT remaining absolute values suffixes that are binarized by Exp-Golomb (EGk) order zero, the motion vector difference (MVD) sign bits, and MVD absolute values suffixes that are binarized by EGk order one. Also, this paper introduces experimental results that compare between the proposed RC6 HEVC PE and HEVC PE algorithms that use the Advanced Encryption Standard in different operation modes. This paper presents more details about the security analysis of RC6 HEVC PE including encryption quality test, key space test, statistical analysis such as histogram and correlation coefficient analysis, and sensitivity analysis such as the key sensitivity analysis. The achieved test results ensured and confirmed the security, reliability, and robustness of RC6 HEVC PE technique.

MILP-based Differential Attack on Round-reduced GIFT.

Abstract: At Asiacrypt 2014, Sun et al. proposed a MILP model [20] to search for differential characteristics of bit-oriented block ciphers. In this paper, we improve this model to search for differential characteristics of GIFT [2], a new lightweight block cipher proposed at CHES 2017. GIFT has two versions, namely GIFT-64 and GIFT-128. For GIFT-64, we find the best 12-round differential characteristic and a number of iterative 4-round differential characteristics with our MILP-based model. We give a key-recovery attack on 19-round GIFT-64. For GIFT-128, we find a 18-round differential characteristic and give the first attack on 23-round GIFT-128.

CAPA: The Spirit of Beaver Against Physical Attacks

Abstract: In this paper we introduce two things: On one hand we introduce the Tile-Probe-and-Fault model, a model generalising the wire-probe model of Ishai et al. extending it to cover both more realistic side-channel leakage scenarios on a chip and also to cover fault and combined attacks. Secondly we introduce CAPA: a combined Countermeasure Against Physical Attacks. Our countermeasure is motivated by our model, and aims to provide security against higher-order SCA, multiple-shot FA and combined attacks. The tile-probe-and-fault model leads one to naturally look (by analogy) at actively secure multi-party computation protocols. Indeed, CAPA draws much inspiration from the MPC protocol SPDZ. So as to demonstrate that the model, and the CAPA countermeasure, are not just theoretical constructions, but could also serve to build practical countermeasures, we present initial experiments of proof-of-concept designs using the CAPA methodology. Namely, a hardware implementation of the KATAN and AES block ciphers, as well as a software bitsliced AES S-box implementation. We demonstrate experimentally that the design can resist second-order DPA attacks, even when the attacker is presented with many hundreds of thousands of traces. In addition our proof-of-concept can also detect faults within our model with high probability in accordance to the methodology.

Statistical properties of side-channel and fault injection attacks using coding theory

Abstract: Naive implementation of block ciphers are subject to side-channel and fault injection attacks. To deceive side-channel attacks and to detect fault injection attacks, the designer inserts specially crafted error correcting codes in the implementation. The impact of codes on protection against fault injection attacks is well studied: the number of detected faults relates to their minimum distance. However, regarding side-channel attacks, the link between codes and protection efficiency is blurred. In this paper, we relate statistical properties of code-based countermeasures against side-channel attacks to their efficiency in terms of security, against uni- and multi-variate attacks.

RK-AES: An Improved Version of AES Using a New Key Generation Process with Random Keys

Abstract: Advanced Encryption Standard (AES) is a standard algorithm for block ciphers for providing security services. A number of variations of this algorithm are available in network security domain. In spite of the strong security features, this algorithm has been recently broken down by the cryptanalysis processes. Therefore, it is required to improve the security strength of this algorithm as AES is popular in commercial use. In this paper, we have shown the reasons of the loopholes in AES and also have provided a solution by using our Symmetric Random Function Generator (SRFG). The use of randomness in the key generation process in block cipher is novel in this domain. We have also compared our results with the original AES based upon some parameters such as nonlinearity, resiliency, balancedness, propagation characteristics, and immunity. The results show that our proposed version of AES is better in withstanding attacks.

More accurate differential properties of LED64 and Midori64

Abstract: In differential cryptanalysis, a differential is more valuable than the single trail belonging to it in general. The traditional way to compute the probability of the differential is to sum the probabilities of all trails within it. The automatic tool for the search of differentials based on Mixed Integer Linear Programming (MILP) has been proposed and realises the task of finding multiple trails of a given differential. The problem is whether it is reliable to evaluate the probability of the differential traditionally. In this paper, we focus on two lightweight block ciphers – LED64 and Midori64 and show the more accurate estimation of differential probability considering the key schedule. Firstly, an automated tool based on Boolean Satisfiability Problem (SAT) is put forward to accomplish the automatic search of differentials for ciphers with S-boxes and is applied to LED64 and Midori64. Secondly, we provide an automatic approach to detect the right pairs following a given differential, which can be exploited to calculate the differential property. Applying this technique to the STEP function of LED64, we discover some differentials with enhanced probability. As a result, the previous attacks relying upon high probability differentials can be improved definitely. Thirdly, we present a method to compute an upper-bound of the weak-key ratio for a given differential, which is utilised to analyse 4-round differentials of Midori64. We detect two differentials whose weak-key ratios are much lower than the expected 50%. More than 78% of the keys will make these two differentials being impossible differentials. The idea of the estimation for an upper-bound of the weak-key ratio can be employed for other ciphers and allows us to launch differential attacks more reliably. Finally, we introduce how to compute the enhanced differential probability and evaluate the size of keys achieving the improved probability. Such a property may incur an efficient weak-key attack. For a 4-round differential of Midori64, we obtain an improved differential property for a portion of keys.

A Generalization of Algebraic Expression for Nonlinear Component of Symmetric Key Algorithms of Any Characteristic p

Abstract: Recently several block ciphers are proposed which are based on the inversion mapping over binary Galois field with n-input. These proposed block ciphers are Camellia, AES, Square and Hierocrypt in which S-box over binary Galois field with n-input is used. Now with the passage of time it is necessary to increase the security of these blocks ciphers by increasing the key space which can be increased by generalizing this concept over non-binary Galois field with n-input. In this paper, we have designed an innovative techniques through which we can easily find element of nonlinear component of block cipher namely S-box through a single expression instead of matrix algebraic computations. Our main idea here is to reduce the computational complexity while performing calculations for S-box which is one of the most important nonlinear components for any modern block ciphers. Also, we have transformed our existing problem of being using matrix algebra to a symbolic single expression algebra which reduces the tedious calculations of S-boxes.

M&M: Masks and Macs against Physical Attacks

Abstract: Cryptographic implementations on embedded systems need to be protected against physical attacks. Today, this means that apart from incorporating countermeasures against side-channel analysis, implementations must also withstand fault attacks and combined attacks. Recent proposals in this area have shown that there is a big tradeoff between the implementation cost and the strength of the adversary model. In this work, we introduce a new combined countermeasure M&M that combines Masking with information-theoretic MAC tags and infective computation. It works in a stronger adversary model than the existing scheme ParTI, yet is a lot less costly to implement than the provably secure MPC-based scheme CAPA. We demonstrate M&M with a SCA- and DFA-secure implementation of the AES block cipher. We evaluate the side-channel leakage of the second-order secure design with a non-specific t-test and use simulation to validate the fault resistance.

Comparison of cost of protection against differential power analysis of selected authenticated ciphers

Abstract: Authenticated ciphers are vulnerable to side-channel attacks, including differential power analysis (DPA). Test Vector Leakage Assessment (TVLA) using Welch's t-test has been used to verify improved resistance of block ciphers to DPA after application of countermeasures. However, extension of this methodology to authenticated ciphers is non-trivial, since this requires additional input and output conditions, complex interfaces, and long test vectors interlaced with protocol necessary to describe authenticated cipher operations. In this research we augment an existing side-channel analysis architecture (FOBOS) with TVLA for authenticated ciphers. We use this capability to show that implementations in the Spartan-6 FPGA of the CAESAR Round 3 candidates ACORN, ASCON, CLOC (AES and TWINE), SILC (AES, PRESENT, and LED), JAMBU (AES and SIMON), and Ketje Jr., as well as AES-GCM, are potentially vulnerable to 1st order DPA. We then implement versions of the above ciphers, protected against 1st order DPA, using threshold implementations. TVLA is used to verify improved resistance to 1st order DPA of the protected cipher implementations. Finally, we benchmark unprotected and protected cipher implementations in the Spartan-6 FPGA, and compare the costs of 1st order DPA protection in terms of area, frequency, throughput, throughput-to-area (TP/A) ratio, power, and energy per bit. Our results show that ACORN is the most energy efficient, has the lowest area (in LUTs), and has the highest TP/A ratio of DPA-resistant implementations. However, Ketje Jr. has the highest throughput.

Power Consumption and Calculation Requirement Analysis of AES for WSN IoT

Abstract: Because of the ubiquity of Internet of Things (IoT) devices, the power consumption and security of IoT systems have become very important issues. Advanced Encryption Standard (AES) is a block cipher algorithm is commonly used in IoT devices. In this paper, the power consumption and cryptographic calculation requirement for different payload lengths and AES encryption types are analyzed. These types include software-based AES-CB, hardware-based AES-ECB (Electronic Codebook Mode), and hardware-based AES-CCM (Counter with CBC-MAC Mode). The calculation requirement and power consumption for these AES encryption types are measured on the Texas Instruments LAUNCHXL-CC1310 platform. The experimental results show that the hardware-based AES performs better than the software-based AES in terms of power consumption and calculation cycle requirements. In addition, in terms of AES mode selection, the AES-CCM-MIC64 mode may be a better choice if the IoT device is considering security, encryption calculation requirement, and low power consumption at the same time. However, if the IoT device is pursuing lower power and the payload length is generally less than 16 bytes, then AES-ECB could be considered.

Cryptanalysis of Low-Data Instances of Full LowMCv2

Abstract: LowMC is a family of block ciphers designed for a low multiplicative complexity. The specification allows a large variety of instantiations, differing in block size, key size, number of S-boxes applied per round and allowed data complexity. The number of rounds deemed secure is determined by evaluating a number of attack vectors and taking the number of rounds still secure against the best of these. In this paper, we demonstrate that the attacks considered by the designers of LowMC in the version 2 of the round-formular were not sufficient to fend off all possible attacks. In the case of instantiations of LowMC with one of the most useful settings, namely with few applied S-boxes per round and only low allowable data complexities, efficient attacks based on difference enumeration techniques can be constructed. We show that it is most effective to consider tuples of differences instead of simple differences, both to increase the range of the distinguishers and to enable key recovery attacks. All applications for LowMC we are aware of, including signature schemes like Picnic and more recent (ring/group) signature schemes have used version 3 of the roundformular for LowMC, which takes our attack already into account.

Multiple-Image Encryption Algorithm Based on the 3D Permutation Model and Chaotic System

Abstract: Large numbers of images are produced in many fields every day. The content security of digital images becomes an important issue for scientists and engineers. Inspired by the magic cube game, a three-dimensional (3D) permutation model is established to permute images, which includes three permutation modes, i.e., internal-row mode, internal-column mode, and external mode. To protect the image content on the Internet, a novel multiple-image encryption symmetric algorithm (block cipher) with the 3D permutation model and the chaotic system is proposed. First, the chaotic sequences and chaotic images are generated by chaotic systems. Second, the sender permutes the plain images by the 3D permutation model. Lastly, the sender performs the exclusive OR operation on permuted images. The simulation and algorithm comparisons display that the proposed algorithm possesses desirable encryption images, high security, and efficiency.