Showing papers on "Block cipher published in 2021"

A Deeper Look at Machine Learning-Based Cryptanalysis.

Abstract: At CRYPTO’19, Gohr proposed a new cryptanalysis strategy based on the utilisation of machine learning algorithms. Using deep neural networks, he managed to build a neural based distinguisher that surprisingly surpassed state-of-the-art cryptanalysis efforts on one of the versions of the well studied NSA block cipher SPECK (this distinguisher could in turn be placed in a larger key recovery attack). While this work opens new possibilities for machine learning-aided cryptanalysis, it remains unclear how this distinguisher actually works and what information is the machine learning algorithm deducing. The attacker is left with a black-box that does not tell much about the nature of the possible weaknesses of the algorithm tested, while hope is thin as interpretability of deep neural networks is a well-known difficult task.

A new lightweight cryptographic algorithm for enhancing data security in cloud computing

Abstract: Data has been pivotal to all facets of human life in the last decades. In recent years, the massive growth of data as a result of the development of various applications. This data needs to be secured and stored in secure sites. Cloud computing is the technology can be used to store those massive amounts of data. . The rapid development of this technology makes it more critical. Therefore, it has become urgent to secure data from attackers to preserve its integrity, confidentiality, protection, privacy and procedures required for handling it. This paper proposed a New Lightweight Cryptographic Algorithm for Enhancing Data Security that can be used to secure applications on cloud computing. The algorithm is a 16 bytes (128-bit) block cipher and wants 16 bytes (128-bit) key to encrypt the data. It is inspired by feistal and substitution permutation architectural methods to improve the complexity of the encryption. The algorithm achieves Shannon's theory of diffusion and confusion by the involvement of logical operations, such as (XOR, XNOR, shifting, swapping). It also features flexibility in the length of the secret key and the number of turns. The experimental results of the proposed algorithm presented a strong security level and an apparent enhancement in measures of cipher execution time and security forces compared to the cryptographic systems widely used in cloud computing.

Efficient Implementation of PRESENT and GIFT on Quantum Computers

Abstract: Grover search algorithm is the most representative quantum attack method that threatens the security of symmetric key cryptography. If the Grover search algorithm is applied to symmetric key cryptography, the security level of target symmetric key cryptography can be lowered from n-bit to n2-bit. When applying Grover’s search algorithm to the block cipher that is the target of potential quantum attacks, the target block cipher must be implemented as quantum circuits. Starting with the AES block cipher, a number of works have been conducted to optimize and implement target block ciphers into quantum circuits. Recently, many studies have been published to implement lightweight block ciphers as quantum circuits. In this paper, we present optimal quantum circuit designs of symmetric key cryptography, including PRESENT and GIFT block ciphers. The proposed method optimized PRESENT and GIFT block ciphers by minimizing qubits, quantum gates, and circuit depth. We compare proposed PRESENT and GIFT quantum circuits with other results of lightweight block cipher implementations in quantum circuits. Finally, quantum resources of PRESENT and GIFT block ciphers required for the oracle of the Grover search algorithm were estimated.

An encryption scheme based on chaotic Rabinovich-Fabrikant system and S 8 confusion component

Abstract: In this research article, we have proposed a novel image encryption scheme for the confidentiality of digital information. The modern block ciphers based on confusion and diffusion characteristic, as proposed by Claude Shannon in 1949. Firstly, we have designed a nonlinear confusion component of a block cipher and apply the action of symmetry group S8 to generate a pool of 40,320 substitution boxes with the same cryptographic strength. These nonlinear components are responsible for adding confusion in the encryption algorithm. Secondly, we have utilized a nonlinear chaotic dynamical system to add diffusion capability in our proposed encryption scheme. The suggested scheme is further examined under security performance evaluations, which shows the appropriateness of our offered scheme for digital contents.

Improved Rectangle Attacks on SKINNY and CRAFT

Abstract: The boomerang and rectangle attacks are adaptions of differential cryptanalysis that regard the target cipher E as a composition of two sub-ciphers, i.e., E = E1 ∘ E0, to construct a distinguisher for E with probability p2q2 by concatenating two short differential trails for E0 and E1 with probability p and q respectively. According to the previous research, the dependency between these two differential characteristics has a great impact on the probability of boomerang and rectangle distinguishers. Dunkelman et al. proposed the sandwich attack to formalise such dependency that regards E as three parts, i.e., E = E1 ∘ Em ∘ E0, where Em contains the dependency between two differential trails, satisfying some differential propagation with probability r. Accordingly, the entire probability is p2q2r. Recently, Song et al. have proposed a general framework to identify the actual boundaries of Em and systematically evaluate the probability of Em with any number of rounds, and applied their method to accurately evaluate the probabilities of the best SKINNY’s boomerang distinguishers. In this paper, using a more advanced method to search for boomerang distinguishers, we show that the best previous boomerang distinguishers for SKINNY can be significantly improved in terms of probability and number of rounds. More precisely, we propose related-tweakey boomerang distinguishers for up to 19, 21, 23, and 25 rounds of SKINNY-64-128, SKINNY-128-256, SKINNY-64-192 and SKINNY-128-384 respectively, which improve the previous boomerang distinguishers of these variants of SKINNY by 1, 2, 1, and 1 round respectively. Based on the improved boomerang distinguishers for SKINNY, we provide related-tweakey rectangle attacks on 23 rounds of SKINNY-64-128, 24 rounds of SKINNY-128-256, 29 rounds of SKINNY-64-192, and 30 rounds of SKINNY-128-384. It is worth noting that our improved related-tweakey rectangle attacks on SKINNY-64-192, SKINNY-128-256 and SKINNY-128-384 can be directly applied for the same number of rounds of ForkSkinny-64-192, ForkSkinny-128-256 and ForkSkinny-128-384 respectively. CRAFT is another SKINNY-like tweakable block cipher for which we provide the security analysis against rectangle attack for the first time. As a result, we provide a 14-round boomerang distinguisher for CRAFT in the single-tweak model based on which we propose a single-tweak rectangle attack on 18 rounds of this cipher. Moreover, following the previous research regarding the evaluation of switching in multiple rounds of boomerang distinguishers, we also introduce new tools called Double Boomerang Connectivity Table (DBCT), LBCT⫤, and UBCT⊨ to evaluate the boomerang switch through the multiple rounds more accurately.

Selective chaotic maps Tiki-Taka algorithm for the S-box generation and optimization

Abstract: Cryptography often involves substituting (and converting) the secret information into dummy data so that it could reach the desired destination without leakage. Within symmetric key cryptography, substitution-box (S-box) is often adopted to perform the actual block cipher substitution. To address the nonlinear requirement of cryptography (i.e., ensuring the generated S-box is sufficiently robust against linear and differential cryptanalysis attacks), many chaos-based metaheuristic algorithms have been developed in the literature. This paper introduces a new variant of a metaheuristic algorithm based on Tiki-Taka algorithm, called selective chaotic maps Tiki-Taka algorithm (SCMTTA). Unlike competing works (which typically integrates a single chaotic map into a particular metaheuristic algorithm), SCMTTA assembles five chaotic maps (i.e., tent map, logistic map, Chebyshev map, singer map and sine map) as part of the algorithm itself in order to further enhance ergodicity and unpredictability of the generated solution. Based on a simple penalized and reward mechanism, one best performing chaotic map will be selected in the current cycle, while the poor performing one will miss its current turn. Experimental results on the case study related to the generation of 8 × 8 substitution-box demonstrate that the proposed SCMTTA gives competitive performance against other existing works due to its ability to adaptively modify its chaotic behavior based on the performance feedback of the current search process.

A Truly Dynamic Substitution Box Generator for Block Ciphers Based on Elliptic Curves Over Finite Rings

Abstract: Several dynamic substitution box (S-box) generators have been proposed in recent years. Some of the existing S-box generators can generate an S-box with good cryptographic properties. However, no analysis has been performed for almost all generators to confirm if they can output highly dynamic S-boxes in a reasonable computational complexity. This article aims to propose an S-box generator that can efficiently generate highly dynamic S-boxes with good cryptographic properties. For this purpose, we use elliptic curves over finite rings. To create randomness in the points on the curves, we define two families of total orders. We then use these ordered curves to generate an S-box of size m using the y-coordinates of an ordered subset of size m of the underlying curve. We performed a rigorous analysis to show that our proposed generator can efficiently generate dynamic S-boxes with good cryptographic properties. Compared to some of the existing generators, it is shown that the proposed S-box generator is more suitable for cryptographic purposes.

Automatic Search of Meet-in-the-Middle Preimage Attacks on AES-like Hashing

Abstract: The Meet-in-the-Middle (MITM) preimage attack is highly effective in breaking the preimage resistance of many hash functions, including but not limited to the full MD5, HAVAL, and Tiger, and reduced SHA-0/1/2. It was also shown to be a threat to hash functions built on block ciphers like AES by Sasaki in 2011. Recently, such attacks on AES hashing modes evolved from merely using the freedom of choosing the internal state to also exploiting the freedom of choosing the message state. However, detecting such attacks especially those evolved variants is difficult. In previous works, the search space of the configurations of such attacks is limited, such that manual analysis is practical, which results in sub-optimal solutions. In this paper, we remove artificial limitations in previous works, formulate the essential ideas of the construction of the attack in well-defined ways, and translate the problem of searching for the best attacks into optimization problems under constraints in Mixed-Integer-Linear-Programming (MILP) models. The MILP models capture a large solution space of valid attacks; and the objectives of the MILP models are attack configurations with the minimized computational complexity. With such MILP models and using the off-the-shelf solver, it is efficient to search for the best attacks exhaustively. As a result, we obtain the first attacks against the full (5-round) and an extended (5.5-round) version of Haraka-512 v2, and 8-round AES-128 hashing modes, as well as improved attacks covering more rounds of Haraka-256 v2 and other members of AES and Rijndael hashing modes.

Efficient high nonlinearity S-box generating algorithm based on third-order nonlinear digital filter

Abstract: In this paper, we first design a third-order nonlinear digital filter (3rd-NDF) with twos complement arithmetic, its trajectories under discrete sine inputs are theoretically analyzed. Analysis results show the trajectories can be partitioned into three categories according to the periodicity of symbolic sequences and chaotic behavior can exhibit when the symbolic sequences are aperiodic. According to its Lyapunov exponents and statistical properties, we find not only the chaotic behaviors of the filter are better than many excellent chaotic systems, but also it has good pseudo-randomness. Then, an S-box generation algorithm based on the filter is presented, in which two Lemmas are presented and proven to construct bijective S-boxes with high nonlinearity. To best of our knowledge, similar methods have never been used in the existing studies. In addition, the designed S-boxes show good cryptographic performances in terms of strict avalanche criteria, differential uniformity, bits independence criterion and linear approximation probability. Finally, we present a novel block cipher algorithm based on the chaotic S-boxes. Analysis results show it is competitive with some of the most advanced algorithms.

Block cipher’s nonlinear component design by elliptic curves: an image encryption application

Abstract: Due to less computational effort with strong security, Elliptic curve based cryptographic architectures are more reliable as compared to the existing cryptographic methods. In this manuscript, we have introduced an efficient cryptosystem based on elliptic curves for digital image encryption. The designed scheme is consisting of three steps. Initially, the system uses the special type of the isomorphic elliptic curves over a prime field and scrambles the pixel position of the plain image. Consequently, it disperses the intra-correlation among the pixels of the original image, and capable the scheme to be secure against statistical attacks. In the next step, the scheme generates multiple S-boxes with good cryptographic features by using isomorphic elliptic curves. The generated S-boxes are then used to substitute the scrambled data that produce optimum confusion in the ciphered data. Eventually, the encryption procedure generates pseudo-random numbers (PRNs) through the arithmetic operation of the elliptic curves instead of elliptic curve group law; the operation used in the scheme creates high randomness as a result our proposed scheme shows high security against classical attacks. The simulation results and performance analysis divulge that the proposed scheme has excellent encryption performance with less computational effort, which indicates that the scheme has effective potential in real-time image encryption application.

A novel finite rings based algebraic scheme of evolving secure S-boxes for images encryption

Abstract: Substitution-boxes have significant role in block ciphers as they are the only component which offers nonlinearity in the anticipated symmetric encryption systems. This paper proposed to present a novel algebraic scheme to generate secure 8 × 8 substitution-boxes. We find the finite rings of integers with exactly 256 unit elements which are utilized to construct S-boxes. Firstly, the unit elements of the selected rings are used to create the initial random sequence of 256 elements. Secondly, the newly defined bijective polynomial maps are applied to create two initial seed S-boxes of decent cryptographic strength. Lastly, appropriate permutations of a symmetric group of degree 16 are employed to evolve two more S-boxes. The performances of the generated S-boxes are tested through the standard analyses consisting of criterions such as nonlinearity test, probability tests (linear and differential approximation), strictly avalanche criteria, and output bits independence criteria. Moreover, we examine the strength of generated S-boxes for symmetric image encryption applications through various performance measures. The simulation outcomes confirm the effectiveness of proposed scheme for secure communication.

On Evaluating Fault Resilient Encoding Schemes in Software

Abstract: Cryptographic implementations are often vulnerable against physical attacks, fault injection analysis being among the most popular techniques. On par with development of attacks, the area of countermeasures is advancing rapidly, utilizing both hardware- and software-based approaches. When it comes to software encoding countermeasures for fault protection and their evaluation, there are very few proposals so far, mostly focusing on single operations rather than cipher as a whole. In this paper we propose an evaluation framework that can be used for analyzing the effectivity of software encoding countermeasures against fault attacks. We first formalize the encoding schemes in software, helping us to define what properties are required when designing a fault protection. Based on these findings, we develop an evaluation metric that can be used universally to determine the robustness of a software encoding scheme against bit flip faults and instruction skips. We provide a way to select a code according to user criteria and also a dynamic code analysis method to estimate the level of protection of assembly implementations using encoding schemes. Finally, we verify our findings by implementing a block cipher PRESENT, protected by encoding scheme based on anticodes, and provide a detailed evaluation of this implementation using different codes.

Quasigroups and their applications in cryptography

Abstract: Quasigroups have wide applications in coding theory and cryptography. We present a brief survey on quasigroups and discuss their applications in designing various cryptographic primitives including...

Thinking Outside the Superbox

Abstract: Designing a block cipher or cryptographic permutation can be approached in many different ways. One such approach, popularized by AES, consists in grouping the bits along the S-box boundaries, e.g., in bytes, and in consistently processing them in these groups. This aligned approach leads to hierarchical structures like superboxes that make it possible to reason about the differential and linear propagation properties using combinatorial arguments. In contrast, an unaligned approach avoids any such grouping in the design of transformations. However, without hierarchical structure, sophisticated computer programs are required to investigate the differential and linear propagation properties of the primitive. In this paper, we formalize this notion of alignment and study four primitives that are exponents of different design strategies. We propose a way to analyze the interactions between the linear and the nonlinear layers w.r.t. the differential and linear propagation, and we use it to systematically compare the four primitives using non-trivial computer experiments. We show that alignment naturally leads to different forms of clustering, e.g., of active bits in boxes, of two-round trails in activity patterns, and of trails in differentials and linear approximations.

Grover on PIPO

Abstract: The emergence of quantum computers is threatening the security of cryptography through various quantum algorithms. Among them, the Grover search algorithm is known to be efficient in accelerating brute force attacks on block cipher algorithms. To utilize the Grover’s algorithm for brute force attacks, block ciphers must be implemented in quantum circuits. In this paper, we present optimized quantum circuits of the SPN (Substitution Permutation Network) structured lightweight block cipher, namely the PIPO block cipher. In particular, the compact design of quantum circuits for the 8-bit Sbox is investigated. These optimization techniques are used to implement other cryptographic operations as quantum circuits. Finally, we evaluate quantum resources of Grover search algorithm for the PIPO block cipher in ProejctQ, a quantum simulator provided by IBM.

Selective encryption of JPEG images with chaotic based novel S-box

Abstract: Increased demand of multimedia data over heterogeneous networks has led to the requirement for increased compression and suitable security. Both of these demands require heavy computation, and are contradictory to each other, as encryption may severely affect the compression efficiency. On the other hand, handheld devices have limited energy and computational resources, making compression friendly encryption a challenging issue. One of the solutions is to encrypt a subset of data based on perceptual importance. But, that too may not be compression efficient, format compliant and secure. To address the security issue in such applications the substitution box (S-box), which is one of the most important and the only non-linear operation of the block ciphers is redesigned using chaotic equations. These equations have the characteristics that easily meet the requirements of the block ciphers. In this research work, the S-box based on the chaotic equation was designed and tested for security strength and then used for selective encryption of the multimedia (image) data. To increase the security and generate a key dependant S-box, Mackey Glass equation is used due to its inherent properties like sensitivity, pseudo random characteristics, non-uniform behaviour, ergodicity, and high confusion and diffusion. The security of the proposed S-box was tested in terms of non-linearity, Bit Independence and Strict Avalanche Criteria etc. This S-box is then used to selectively encrypt a subset of image data during the process of compression, giving an encryption-compression strategy. The subset of image data was selected such that the statistical and structural dependencies were not violated due to encryption. This resulted in compression efficient and format friendly encryption. In this regard the quantization table is selected for encryption along with a subset of bits that have already encoded and their statistical dependencies are exploited for compression. This approach not only reduced the computational burden due to the selective nature of encryption but also kept the security at the required level due to introduction of key dependent S-Box. The results of encrypted images were compared with that of the AES in terms of compression ratio, correlation and Peak Signal to Noise Ratio (PSNR), giving better results for the proposed algorithm.

Shadow: A Lightweight Block Cipher for IoT Nodes

Abstract: The advancement of the Internet of Things (IoT) has promoted the rapid development of low-power and multifunctional sensors. However, it is seriously significant to ensure the security of data transmission of these nodes. Meanwhile, sensor nodes have the characteristics of converting analog signals into digital signals for operation processing in wireless sensor networks (WSNs). Given the particularity of Addition or AND, Rotation, and XOR (ARX) operations, its round function can only be based on the Feistel structure or generalized Feistel structure, otherwise, the process of decryption cannot be completed correctly. Furthermore, the existing ARX ciphers have the problems of only changing half of the plaintext block in one round and iterating for many rounds. In this article, a new logical combination method of generalized Feistel structure and ARX operations is proposed to improve the diffusion speed of ARX ciphers, called Shadow. Shadow overcomes the shortcomings of traditional ARX ciphers that only diffuse half of the block in one round. To ensure the efficiency of the encryption hardware circuit while ensuring the security of the physical-layer signal, we studied the round-based hardware architecture and the serial hardware architecture for Shadow cipher. Particularly, we conducted a series of performance tests on Shadow, including the avalanche effect, FPGA implementation, and ASIC implementation. Also, we conducted a security analysis of the Shadow. As shown by our experiments and comparisons, Shadow is compact in IoT nodes and is of high security against cryptanalysis.

Block Cipher Nonlinear Confusion Components Based on New 5-D Hyperchaotic System

Abstract: The security strengths of block ciphers greatly rely on the confusion components which have the tendency to transform the data nonlinearly into the perplexed form. This paper proposes to put forward a novel scheme of generating cryptographically strong nonlinear confusion components of block ciphers, usually termed as substitution-boxes (S-boxes). The anticipated S-box design scheme is based on a novel five-dimensional (5-D) chaotic system analyzed in this paper. The proposed 5-D dynamical system consists of hyperchaotic phenomenon, KY dimension, conservativity, unstable equilibrium point, and complex phase attractors which are suited for cryptographic applications. The S-box based on hyperchaotic system is made to evolve in order to generate an optimized S-box for high nonlinearity score to make it robust against many linear attacks. The performance analysis of proposed S-box demonstrates that it has bijectivity, high nonlinearity; satisfied strict avalanche criterion and bits independent criterion; low differential and linear probabilities. Moreover, performance appraisal of proposed S-box justifies its better strength and features over many recently investigated S-boxes.

Hybrid encryption algorithm (HEA) based on chaotic system

Abstract: In this paper, we present a very simple and efficient hybrid encryption algorithm based on block and stream ciphers using chaotic systems. Due to the specific characteristics of chaotic systems which are described by a set of nonlinear deterministic dynamic equations, chaos-based encryption achieves a very high level of security. The chaotic system used in this algorithm is Chirikov Standard Map, which is chosen in order to further minimize the encryption time. The proposed scheme adopts two main operations one to generate pseudorandom data block that will be used for stream cipher, and the second to create substitution and permutation tables in initial step and perform rounds for confusion and diffusion processes in block cipher. Some cryptographic tests and metrics are applied to measure the degree of security and analyze the performance of the encryption scheme. The evaluation and simulation analysis indicate that our proposal possesses excellent cryptographic properties; it is extremely sensitive to the small change in secret key, resists against common cryptanalytic attacks, has a high speed and easy to implement.

Differential-ML Distinguisher: Machine Learning Based Generic Extension for Differential Cryptanalysis

Abstract: The differential attack is a basic cryptanalytic technique for block ciphers. Application of machine learning shows promising results for the differential cryptanalysis. In this paper, we present a new technique to extend the classical differential distinguisher using machine learning (ML). We use r-round classical differential distinguisher to build an s-round ML based differential distinguisher. This s-round ML distinguisher is used to construct an \((r+s)\)-round differential-ML distinguisher with the reduced data complexity. We demonstrate this technique on the lightweight block ciphers SPECK32, SIMON32, and GIFT64 by constructing the differential-ML distinguishers. The data complexities of distinguishers for 9-round SPECK32, 12-round SIMON32, and 8-round GIFT64 are reduced from \(2^{30}\) to \(2^{20}\), \(2^{34}\) to \(2^{22}\), and \(2^{38}\) to \(2^{20}\) respectively. Moreover, the differential-ML distinguisher for SIMON32 is the first 12-round distinguisher with the data complexity less than \(2^{32}\).

General Differential Fault Attack on PRESENT and GIFT Cipher With Nibble

Abstract: Lightweight block cipher PRESENT is an algorithm with SPN structure. Due to its excellent hardware performance and simple round function design, it can be well applied to Internet of things terminals with limited computing resources. As an improved cipher of PRESENT, GIFT is similar in structure to PRESENT and has been widely concerned by academia and industry. This article studies the P permutation law of PRESENT and GIFT, and presents a general differential fault attack(DFA) method with their differential characteristics. For PRESENT, this article chooses to inject a nibble fault before the 30th and 31st rounds of S-box operation. A total of 32 nibble fault ciphertexts are needed to recover the original key. The computational complexity and data complexity are 210.94 and 28, respectively. For GIFT, this article chooses to inject a nibble fault before the 25th, 26th, 27th and 28th rounds of S-box operation. A total of 64 nibble fault ciphertexts are needed to recover the original key. The computational complexity and data complexity are 211.91 and 29, respectively. Compared with other public cryptoanalysis results of PRESENT and GIFT, this general attack method has great advantages. In this article, the DFA of GIFT is experimentally verified and the effectiveness is proved. These experiments have been done on a personal computer and run in a very reasonable time(around 500ms).

Automated Search Oriented to Key Recovery on Ciphers with Linear Key Schedule: Applications to Boomerangs in SKINNY and ForkSkinny

Abstract: Automatic modelling to search distinguishers with high probability covering as many rounds as possible, such as MILP, SAT/SMT, CP models, has become a very popular cryptanalysis topic today. In those models, the optimizing objective is usually the probability or the number of rounds of the distinguishers. If we want to recover the secret key for a round-reduced block cipher, there are usually two phases, i.e., finding an efficient distinguisher and performing key-recovery attack by extending several rounds before and after the distinguisher. The total number of attacked rounds is not only related to the chosen distinguisher, but also to the extended rounds before and after the distinguisher. In this paper, we try to combine the two phases in a uniform automatic model.Concretely, we apply this idea to automate the related-key rectangle attacks on SKINNY and ForkSkinny. We propose some new distinguishers with advantage to perform key-recovery attacks. Our key-recovery attacks on a few versions of round-reduced SKINNY and ForkSkinny cover 1 to 2 more rounds than the best previous attacks.

Differentially low uniform permutations from known 4-uniform functions

Abstract: Functions with low differential uniformity can be used in a block cipher as S-boxes since they have good resistance to differential attacks. In this paper we consider piecewise constructions for permutations with low differential uniformity. In particular, we give two constructions of differentially 6-uniform functions, modifying the Gold function and the Bracken–Leander function on a subfield.

Quantum Period Finding against Symmetric Primitives in Practice

Abstract: We present the first complete implementation of the offline Simon's algorithm, and estimate its cost to attack the MAC Chaskey, the block cipher PRINCE and the NIST lightweight candidate AEAD scheme Elephant. These attacks require a reasonable amount of qubits, comparable to the number of qubits required to break RSA-2048. They are faster than other collision algorithms, and the attacks against PRINCE and Chaskey are the most efficient known to date. As Elephant has a key smaller than its state size, the algorithm is less efficient and ends up more expensive than exhaustive search. We also propose an optimized quantum circuit for boolean linear algebra as well as complete reversible implementations of PRINCE, Chaskey, spongent and Keccak which are of independent interest for quantum cryptanalysis. We stress that our attacks could be applied in the future against today's communications, and recommend caution when choosing symmetric constructions for cases where long-term security is expected.

A Novel Group Theoretic and Graphical Approach for Designing Cryptographically Strong Nonlinear Components of Block Ciphers

Abstract: Substitution box is a significant and only nonlinear constituent of block cipher. S-box plays a central role in converting the intelligible message or plain text, into an enciphered format. Construction of strong S-boxes is an important area of interest for security experts. In this work, we develop a new method to evolve S-boxes with the help of coset graph for the action of $$PSL\left( {2,{\mathbb {Z}}} \right)$$ on projective line over the finite field GF (28), a special type of bijective map $$g$$ and the symmetric group S256 The capability of the proposed S-boxes to mitigate cryptanalysis is investigated through various performance analyzing parameters. The outcomes of the comparison with the familiar S-boxes indicate that the working abilities of newly designed S-boxes are better than that of many of the well-known S-boxes.

Power Analysis Attack on a Lightweight Block Cipher GIFT

Abstract: GIFT is a new lightweight block cipher with smaller area and higher efficiency, which is very suitable for the Internet of Things (IoT) devices with constrained resources. The power analysis attack is an efficient method to extract the key from the cryptographic equipment. However, it is not easy to reveal the key by means of power analysis attack, when the cipher is implemented by hardware. In this article, we present the method of power analysis attack against GIFT. Firstly, we implemented GIFT on FPGA using the SAKURA-G board. Then, we explored the impact of point of interest (POI) on power analysis attack. We proposed the method of power analysis attack against the diffusion layer of GIFT. The experimental results show that the result of power analysis attack is affected by POI, and the key can be recovered when POI is registered. We can reveal the key using correlation power analysis, when targeting the diffusion layer of GIFT.

Quantum Algorithm for Boolean Equation Solving and Quantum Algebraic Attack on Cryptosystems

Abstract: This paper presents a quantum algorithm to decide whether a Boolean equation system F has a solution and to compute one if F does have solutions with any given success probability. The runtime complexity of the algorithm is polynomial in the size of F and the condition number of certain Macaulay matrix associated with F. As a consequence, the authors give a polynomial-time quantum algorithm for solving Boolean equation systems if their condition numbers are polynomial in the size of F. The authors apply the proposed quantum algorithm to the cryptanalysis of several important cryptosystems: The stream cipher Trivum, the block cipher AES, the hash function SHA-3/Keccak, the multivariate public key cryptosystems, and show that they are secure under quantum algebraic attack only if the corresponding condition numbers are large. This leads to a new criterion for designing such cryptosystems which are safe against the attack of quantum computers: The corresponding condition number.

New automatic tool for finding impossible differentials and zero-correlation linear approximations

Abstract: Impossible differential cryptanalysis and zero-correlation linear cryptanalysis are two powerful methods in the block cipher field. Herein, we present an automatic tool to find impossible differentials (IDs) and zero-correlation linear approximations (ZCLAs) for both ARX and S-box-based ciphers. Similar to the idea of using mixed-integer linear programming (MILP) models for differential cryptanalysis in [1], we first use linear inequalities to describe all the target cipher’s components exactly. However, we are indifferent to the objective function and only interested in knowing whether a solution to the whole system of inequalities for given input and output differences (masks) is present. If not, these input and output differences can yield an ID (ZCLA), as expected. Herein, we describe the search process in detail for IDs, but the process for finding ZCLAs is similar. First, we describe all the target cipher’s components exactly using linear inequalities. Herein, we focus on describing the differential patterns for modular addition and omit the linear operation and S-box descriptions [1, 2]. Because we are not interested in the probabilities of each differential pattern for non-linear components, we rewrite the modular addition constraints in terms of eight linear inequalities, about 40% fewer than the number proposed by Fu et al. [2] to search differentials. Assume that there is a differential (α, β → γ) on the modular addition operation. To determine whether this differential is possible, we have two step according to the Theorem 1 in [2]. Firstly, to satisfy the condition on the least significant bit, α0 ⊕ β0 ⊕ γ0 = 0, we use the following equality:

Quantum implementation and resource estimates for Rectangle and Knot

Abstract: With the advancement of the quantum computing technologies, a large body of research work is dedicated to revisit the security claims for ciphers being used. An adversary with access to a quantum computer can employ certain new attacks which would not be possible in the current pre-quantum era. In particular, the Grover’s search algorithm is a generic attack against symmetric key cryptographic primitives, that can reduce the search complexity to square root. To apply the Grover’s search algorithm, one needs to implement the target cipher as a quantum circuit. Although relatively recent, this field of research has attracted serious attention from the research community, as several ciphers (like AES, GIFT, SPECK, SIMON, etc.) are being implemented as quantum circuits. In this work, we target the lightweight block cipher Rectangle and the Authenticated Encryption with Associated Data (AEAD) Knot which is based on Rectangle; and implement those in the ProjectQ library (an open-source quantum compatible library designed by researchers from ETH Zurich). AEADs are considerably more complex to implement than a typical block/stream cipher, and ours is among the first works to do this. The implementations reported here are simulated on classical computer (as long as it is feasible).